Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ABO.exe

windows7-x64

8

ABO.exe

windows10-2004-x64

8

ABO.exe

windows7-x64

8

ABO.exe

windows10-2004-x64

10

Adobe.exe

windows7-x64

8

Adobe.exe

windows10-2004-x64

10

CGserver.exe

windows7-x64

10

CGserver.exe

windows10-2004-x64

10

COON.exe

windows7-x64

10

COON.exe

windows10-2004-x64

8

FFA.exe

windows7-x64

10

FFA.exe

windows10-2004-x64

8

FIle Rustyz bot.exe

windows7-x64

8

FIle Rustyz bot.exe

windows10-2004-x64

8

FrostBot v1.exe

windows7-x64

10

FrostBot v1.exe

windows10-2004-x64

10

Google.exe

windows7-x64

10

Google.exe

windows10-2004-x64

10

MORPH_9359...79.exe

windows7-x64

3

MORPH_9359...79.exe

windows10-2004-x64

3

Mycrypt.exe

windows7-x64

8

Mycrypt.exe

windows10-2004-x64

10

PortChecker.exe

windows7-x64

8

PortChecker.exe

windows10-2004-x64

10

R.exe

windows7-x64

10

R.exe

windows10-2004-x64

10

RSBOT.exe

windows7-x64

RSBOT.exe

windows10-2004-x64

Rustyz.exe

windows7-x64

8

Rustyz.exe

windows10-2004-x64

10

Rustyzzbot.exe

windows7-x64

8

Rustyzzbot.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    4s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 07:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Rustyz.exe

  • Size

    120KB

  • MD5

    72bcd7f24413629f6b194c718af7b39e

  • SHA1

    8495ab957722ea594b4a45a8a7522b9a24d23988

  • SHA256

    43a8ced5b270b43b025b166f5069446de5c15479dcb049034f7db073153ebce4

  • SHA512

    d5c9f01857e20fef93a8dc2e854bd3d18cf4c8d712eb6bf416f740c2e17eb14d9afa7eb9afb9241261bbfb07ab066447f6b22c9f78b815416d392329265a5213

  • SSDEEP

    1536:94WHOJOV+P1tMZw1pSqvarF8TfHlo6nu/dhIo7RkSQAVE4Zks:94nzHn1nHllnu/co7aGV3Zks

Score
8/10
evasion

Malware Config

Signatures

  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Rustyz.exe
    "C:\Users\Admin\AppData\Local\Temp\Rustyz.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2284
    • C:\Users\Admin\AppData\Roaming\services.exe
      /d C:\Users\Admin\AppData\Local\Temp\Rustyz.exe
      2⤵
        PID:2912
      • C:\Windows\SysWOW64\netsh.exe
        netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\services.exe" CityScape Enable
        2⤵
        • Modifies Windows Firewall
        PID:2916

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\services.exe
      Filesize

      120KB

      MD5

      a60035dddb47cd584658f14ec24273be

      SHA1

      1ad94a46c78e9f95bc001a9d69c8575e682ab6a3

      SHA256

      4139aa80337c46838ddf6239907b65a7bb6d29d6d4e9e000a4f17374db9b34d9

      SHA512

      3e53077dea12dc70e608e57d789afe72eb2262b0db243e496bf3cc7be2262ad2808a0c05d2fc4796bccd2f40b3533397a9d272702e1c8c76f29d3643f069f005

      Download Submit