Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2024, 22:52

General

  • Target

    CHETO_PC.exe

  • Size

    6.2MB

  • MD5

    3d9b9f001c35769d0c3ff2f112d90a83

  • SHA1

    6a250a74f5f191cd9d801ed3c06331f5373bbaf0

  • SHA256

    84aceac4509de7324667af032799ad33c7afeadaa02fc9ca1cd7ee8e0c1d4531

  • SHA512

    1cdf92019a3563dfef9f864fe85d5a4868e4208e3fba21eb4c654cfecc61b424554505bc004e5cef1a2d3ed4946b179f990411a4ece6602c99f4937b7b4ee795

  • SSDEEP

    98304:KozLwLwrQfcfNeioG5Uy1MY4NS5On3dRdtS85kFXyoMxX1msHGH:KozLuqQfc7oGPKY4NS5ORE8kVy7lbHGH

Score
10/10

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CHETO_PC.exe
    "C:\Users\Admin\AppData\Local\Temp\CHETO_PC.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 564
      2⤵
      • Program crash
      PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1488-1-0x00000000741D0000-0x00000000748BE000-memory.dmp

    Filesize

    6.9MB

  • memory/1488-0-0x00000000009E0000-0x000000000100E000-memory.dmp

    Filesize

    6.2MB

  • memory/1488-2-0x0000000004EC0000-0x0000000004F00000-memory.dmp

    Filesize

    256KB

  • memory/1488-3-0x00000000741D0000-0x00000000748BE000-memory.dmp

    Filesize

    6.9MB

  • memory/1488-4-0x0000000004EC0000-0x0000000004F00000-memory.dmp

    Filesize

    256KB

  • memory/1488-5-0x00000000741D0000-0x00000000748BE000-memory.dmp

    Filesize

    6.9MB