Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

088341e5a0...f1.exe

windows7-x64

10

088341e5a0...f1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 17:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    088341e5a0f8d27e0048b429faac30f1.exe

  • Size

    614KB

  • MD5

    088341e5a0f8d27e0048b429faac30f1

  • SHA1

    8b53e495b1b82f8e72dd2d70b0fd730439eac02f

  • SHA256

    469df9879320a3661e10006c71fa25ec2ddee91e398947c0ac551cd385296ca3

  • SHA512

    ffa931bb7b6cf7f08981baf8b7e85bbf62206805336a0ef49776de5d7992e6abcbd339c27274348e43748ef64e4290fcb1707de933c7d3f0e073d971a669455e

  • SSDEEP

    12288:3/eC0vZVQQxfnr+TK7r79/JenWAG36ATphjM5Bvd:3/XwVQQxfnr+TK7r79/Je3GqArjM5Bvd

Score
10/10
gh0stratpersistencerat

Malware Config

Signatures

  • Gh0st RAT payload 2 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\088341e5a0f8d27e0048b429faac30f1.exe
    "C:\Users\Admin\AppData\Local\Temp\088341e5a0f8d27e0048b429faac30f1.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2656
    • \??\c:\Windows\svchest000.exe
      c:\Windows\svchest000.exe
      2⤵
      • Executes dropped EXE
      PID:2344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\svchest000.exe
    Filesize

    148KB

    MD5

    5c747cf81c7c97ebea04fe764864c4bb

    SHA1

    360d56d6ff9aa012a272ea4a5ca8446b3d6a57bc

    SHA256

    ff12f683be256c6f57d1a55b58b2ca55d7ca709a512fb59afa037e6bb03584f5

    SHA512

    77482f18eecc13de33fa2389292fed7a59b4f2c8cc50261e1751309676616d990902a8aa5ba7736a8eb3568a328d3635679b6b5d85e13a6a6fbe86a8e16c5d6e

    Download Submit

  • C:\Windows\svchest000.exe
    Filesize

    145KB

    MD5

    3cb56cd5a654e3d82fc8e618311b8c4f

    SHA1

    978729a16280d294a157a605aa76b3ece902791a

    SHA256

    f46b6824e329f10abd39aba2c71705c3ddf8b001d42a9752d270f600cebf6545

    SHA512

    389edc6c2e73a2fb621bb50bfb9e2526b2822fd5770fcd146559a7c784a5076d1ed17d350caa1ff6698b602a495c28ca7bf6336b116f64992b7cb4d5a40d9373

    Download Submit