Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

296a42fef3...56.exe

windows7-x64

10

296a42fef3...56.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 05:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    296a42fef32dcaaf2098ee66b8b00356.exe

  • Size

    666KB

  • MD5

    296a42fef32dcaaf2098ee66b8b00356

  • SHA1

    50e4b6b021bb241ee6e0ac7781a4ca8886c3cf89

  • SHA256

    eae1eb28d8b4ee8c7b658e22aa688a56716ee30c6d2957ce0f6fc2eb18836204

  • SHA512

    38c255c288218ccf14d00a1d4ecf3122e03849fbdf096d3da7633337a6304eaa36b1358878f0a03ce75a90e1b6b535f7bc820a81a07412e3cc0f08447620738b

  • SSDEEP

    12288:iM5jZKbBL3aKHx5r+TuxX+fWbwFBfdGmZNr:iM5j8Z3aKHx5r+TuxX+IwffFZNr

Score
10/10
gh0stratpersistencerat

Malware Config

Signatures

  • Gh0st RAT payload 2 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\296a42fef32dcaaf2098ee66b8b00356.exe
    "C:\Users\Admin\AppData\Local\Temp\296a42fef32dcaaf2098ee66b8b00356.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2132
    • \??\c:\Windows\svchest001465662051.exe
      c:\Windows\svchest001465662051.exe
      2⤵
      • Executes dropped EXE
      PID:2404

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\svchest001465662051.exe
    Filesize

    127KB

    MD5

    9f0fe7c7e78919befdc031aeb3da94b5

    SHA1

    3ddca684be2ed0e9cc0ca14b2a1d97b9446f529e

    SHA256

    2cfc611aa1c25b9887d9025efcde47559f62cda4204203f845ea6fd0dfbc9bfc

    SHA512

    b2ce46997ecbdf6316dd24eba9211c152566b967607029606ba69cdcd55ae3f7c006effbd88c78d9601c352dce097d083a8d07f553133e18e079ba31f1e11a0a

    Download Submit

  • C:\Windows\svchest001465662051.exe
    Filesize

    217KB

    MD5

    bf7d757749861a5641078b19ce51dd85

    SHA1

    9cff978093c41d0324a8a0f625c01507f20befbb

    SHA256

    f9f11f4dc7ac7df5beadeb97ac9ee062370f2b7d5a817e644460f72b5a9e0d90

    SHA512

    0de16af405b914e78e26a54e13fa56b70e4c98eec05466e39d9a100a3cfe92ed30448f205c5366f05c672279f81570b993284a55fbc2f97e79ca8751b9b11838

    Download Submit