Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
28/01/2024, 05:39
General
-
Target
0b4eb7fdae7e90c0bd0dbfc7552865ba6d7dcd03e77efd91b5e246c71f9f2f7c.exe
-
Size
372KB
-
MD5
3b9e3e850933caa9003654132483c904
-
SHA1
c0dd579af79831b5b6ae5e0926f990d992143525
-
SHA256
c175bbf9c53bb397bf54555e30f34b9ee069682d71301e01dd8bda74615e58eb
-
SHA512
1329cf083a89ea16983d54b09e720c9d22e9718f2f0ff5c3266aabd4fd6841bc467dd620fa429d9d244bdea7d19e3533ff98c7203c8310e9a1f4f4b8187e80b2
-
SSDEEP
3072:fIXcNc8ES3qngZt/ET+rL+aIy8dGv5FqEPPVG5ZGsnWznKr/00:fIMNc8ESDZVLACbP05Uaxc0
Malware Config
Extracted
gh0strat
182.42.105.12
Signatures
-
Gh0st RAT payload 1 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Executes dropped EXE 2 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b4eb7fdae7e90c0bd0dbfc7552865ba6d7dcd03e77efd91b5e246c71f9f2f7c.exe"C:\Users\Admin\AppData\Local\Temp\0b4eb7fdae7e90c0bd0dbfc7552865ba6d7dcd03e77efd91b5e246c71f9f2f7c.exe"1⤵
- Drops file in Program Files directory
- Suspicious behavior: RenamesItself
-
C:\Program Files (x86)\Terms.exe"C:\Program Files (x86)\Terms.exe"1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Terms.exe"C:\Program Files (x86)\Terms.exe" Win72⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD53b9e3e850933caa9003654132483c904
SHA1c0dd579af79831b5b6ae5e0926f990d992143525
SHA256c175bbf9c53bb397bf54555e30f34b9ee069682d71301e01dd8bda74615e58eb
SHA5121329cf083a89ea16983d54b09e720c9d22e9718f2f0ff5c3266aabd4fd6841bc467dd620fa429d9d244bdea7d19e3533ff98c7203c8310e9a1f4f4b8187e80b2
-
Filesize
92KB