Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

0351c004bb...fa.exe

windows7-x64

10

0351c004bb...fa.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    25s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 20:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0351c004bbee5fcb8bff98b215e5e0fa.exe

  • Size

    717KB

  • MD5

    0351c004bbee5fcb8bff98b215e5e0fa

  • SHA1

    8f34d0fd5f30f964774bd393eda03192f69ad753

  • SHA256

    1a72b6239f19781ae5efa519c0dbbf153ab4f175252ce5b8dc024eb2be35f041

  • SHA512

    5b599cd6ef81fd1901a293f2292f0fa91b06aa02c3d8ef6c2852da774f43826a64cd97d6ed4a0758ed117cd457fe166ca9c242a562751c1f597360ebdad2d8b0

  • SSDEEP

    12288:rLDrQ47uELrXJy2Mda/Rb/kOhCQBMNqjASyoJFEesBPppv4G0w0CI:/DE1yr5y2Mda/BkOhCQBMNq064Thpv4F

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 35 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0351c004bbee5fcb8bff98b215e5e0fa.exe
    "C:\Users\Admin\AppData\Local\Temp\0351c004bbee5fcb8bff98b215e5e0fa.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:844
    • C:\Users\Admin\AppData\Local\Temp\0351c004bbee5fcb8bff98b215e5e0fa.exe
      C:\Users\Admin\AppData\Local\Temp\0351c004bbee5fcb8bff98b215e5e0fa.exe
      2⤵
        PID:1572
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\_Hpoxxjmijvizdoxatdiigey.vbs"
        2⤵
          PID:936
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionPath C:\,'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\winsrc.exe'
        1⤵
          PID:3676

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/844-18-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-16-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-3-0x0000000004AF0000-0x0000000004B82000-memory.dmp

          Filesize

          584KB

          Download

        • memory/844-4-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/844-5-0x0000000004CC0000-0x0000000004CCA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/844-2-0x0000000005170000-0x0000000005714000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/844-6-0x0000000074EF0000-0x00000000756A0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/844-8-0x0000000005EF0000-0x0000000005F66000-memory.dmp

          Filesize

          472KB

          Download

        • memory/844-7-0x0000000005E20000-0x0000000005E74000-memory.dmp

          Filesize

          336KB

          Download

        • memory/844-9-0x0000000005F70000-0x0000000005F8E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/844-10-0x0000000006330000-0x000000000639A000-memory.dmp

          Filesize

          424KB

          Download

        • memory/844-38-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-64-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-74-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-72-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-70-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-22-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-66-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-62-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-60-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-58-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-56-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-54-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-52-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-1-0x00000000001A0000-0x0000000000258000-memory.dmp

          Filesize

          736KB

          Download

        • memory/844-48-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-46-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-44-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-42-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-40-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-36-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-34-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-32-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-631-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/844-30-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-28-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-26-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-24-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-68-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-0-0x0000000074EF0000-0x00000000756A0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/844-50-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-20-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-14-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-12-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-11-0x0000000006330000-0x0000000006394000-memory.dmp

          Filesize

          400KB

          Download

        • memory/844-1909-0x0000000074EF0000-0x00000000756A0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1572-1911-0x0000000005430000-0x00000000054CC000-memory.dmp

          Filesize

          624KB

          Download

        • memory/1572-1912-0x0000000005420000-0x0000000005430000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1572-1910-0x0000000074EF0000-0x00000000756A0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1572-1908-0x0000000000400000-0x000000000042C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/1572-1961-0x0000000074EF0000-0x00000000756A0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1572-1962-0x0000000005420000-0x0000000005430000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3676-1934-0x0000000006BC0000-0x0000000006BF2000-memory.dmp

          Filesize

          200KB

          Download

        • memory/3676-1946-0x0000000002D40000-0x0000000002D50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3676-1925-0x0000000005FE0000-0x0000000006046000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3676-1930-0x0000000006150000-0x00000000064A4000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/3676-1918-0x0000000005E60000-0x0000000005E82000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3676-1932-0x0000000006620000-0x000000000666C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/3676-1931-0x00000000065E0000-0x00000000065FE000-memory.dmp

          Filesize

          120KB

          Download

        • memory/3676-1915-0x0000000002D40000-0x0000000002D50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3676-1914-0x0000000074EF0000-0x00000000756A0000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3676-1917-0x0000000005800000-0x0000000005E28000-memory.dmp

          Filesize

          6.2MB

          Download

        • memory/3676-1913-0x0000000002CE0000-0x0000000002D16000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3676-1948-0x00000000077E0000-0x0000000007883000-memory.dmp

          Filesize

          652KB

          Download

        • memory/3676-1947-0x0000000002D40000-0x0000000002D50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3676-1919-0x0000000005F00000-0x0000000005F66000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3676-1950-0x0000000007910000-0x000000000792A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/3676-1949-0x0000000007F50000-0x00000000085CA000-memory.dmp

          Filesize

          6.5MB

          Download

        • memory/3676-1951-0x0000000007970000-0x000000000797A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3676-1945-0x00000000077B0000-0x00000000077CE000-memory.dmp

          Filesize

          120KB

          Download

        • memory/3676-1952-0x0000000007BA0000-0x0000000007C36000-memory.dmp

          Filesize

          600KB

          Download

        • memory/3676-1953-0x0000000007B10000-0x0000000007B21000-memory.dmp

          Filesize

          68KB

          Download

        • memory/3676-1935-0x0000000070D50000-0x0000000070D9C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/3676-1933-0x000000007EF40000-0x000000007EF50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3676-1954-0x0000000007B40000-0x0000000007B4E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/3676-1956-0x0000000007C60000-0x0000000007C7A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/3676-1957-0x0000000007B90000-0x0000000007B98000-memory.dmp

          Filesize

          32KB

          Download

        • memory/3676-1955-0x0000000007B50000-0x0000000007B64000-memory.dmp

          Filesize

          80KB

          Download

        • memory/3676-1916-0x0000000002D40000-0x0000000002D50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3676-1960-0x0000000074EF0000-0x00000000756A0000-memory.dmp

          Filesize

          7.7MB

          Download