Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0551997096...6d.exe

windows7-x64

10

0551997096...6d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 04:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05519970966eabccb2b0901eb020d76d.exe

  • Size

    518KB

  • MD5

    05519970966eabccb2b0901eb020d76d

  • SHA1

    a8ff1ee3d3c695a4000897eb4397fba563fb50ca

  • SHA256

    78efa53d368b27d54c5b74b866e23af1cb041c72d78a52a16cb398a724aa992b

  • SHA512

    30c30fa464b7045e8084cc091c18aa6ca8acb443413dfce4ae63897450a202552253a4659c9155d813892839107772809175f7b8a175c9acf9cf4a64b8a4d55a

  • SSDEEP

    12288:EzQr+1kZVQQxfnr+TK7r79/JDXWE18qRzfG4M5NCqX:UQKQVQQxfnr+TK7r79/JD71PRi4M5NC2

Score
10/10
gh0stratpersistencerat

Malware Config

Signatures

  • Gh0st RAT payload 2 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05519970966eabccb2b0901eb020d76d.exe
    "C:\Users\Admin\AppData\Local\Temp\05519970966eabccb2b0901eb020d76d.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2348
    • \??\c:\Windows\svchest000.exe
      c:\Windows\svchest000.exe
      2⤵
      • Executes dropped EXE
      PID:2132

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\svchest000.exe
    Filesize

    512KB

    MD5

    276ad865e16921195138ff64ea86d7dd

    SHA1

    6dcce305a4f1611d4c1d92e8af58df9175d56b29

    SHA256

    3cc9d13873ade687ded196b7e2c0a4004dfef7eafee082448122d0556ee76168

    SHA512

    df34f93f1b2e8bf5f0dc74efb12037d18574e48966111090239d82b46c999212100f2e683bf0220c260256e7f6f809c21ef28e9ab57ab5f8696b764cd375609b

    Download Submit

  • C:\Windows\svchest000.exe
    Filesize

    436KB

    MD5

    23094b947b0d086d074b16940e44a41a

    SHA1

    8c2d442c57a2449a6e6bbffbdcf66d6408adf750

    SHA256

    53f5e99a7acf84914118e06c41c7277fb111821c42346ad698a07859f0e1053f

    SHA512

    adfd58c0b1da3c365402130b1a266e632ed00a8530f020086b849bec10115c5d4d1e1dc7806d17cfad0a0b28229d0e2f172c2eb1acc988006fc6e8fa88c18ee4

    Download Submit