Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Software_1.30.1.rar

windows7-x64

3

Software_1.30.1.rar

windows10-2004-x64

7

Debug/Addition.dll

windows7-x64

1

Debug/Addition.dll

windows10-2004-x64

1

Debug/Autoupdater.ini

windows7-x64

1

Debug/Autoupdater.ini

windows10-2004-x64

1

Debug/Cracker.dll

windows7-x64

1

Debug/Cracker.dll

windows10-2004-x64

1

Debug/DebugPPF.tmp

windows7-x64

3

Debug/DebugPPF.tmp

windows10-2004-x64

3

Debug/DebugPPT.tmp

windows7-x64

3

Debug/DebugPPT.tmp

windows10-2004-x64

3

Debug/Helper.dll

windows7-x64

1

Debug/Helper.dll

windows10-2004-x64

1

Debug/Management.log

windows7-x64

1

Debug/Management.log

windows10-2004-x64

1

Debug/Resource.dll

windows7-x64

1

Debug/Resource.dll

windows10-2004-x64

1

Debug/main.ini

windows7-x64

1

Debug/main.ini

windows10-2004-x64

1

Language.pimx

windows7-x64

3

Language.pimx

windows10-2004-x64

3

Main.ini

windows7-x64

1

Main.ini

windows10-2004-x64

1

Packaged/Main.xml

windows7-x64

1

Packaged/Main.xml

windows10-2004-x64

1

Packaged/Resource.dll

windows7-x64

1

Packaged/Resource.dll

windows10-2004-x64

1

Packaged/Utils.xml

windows7-x64

1

Packaged/Utils.xml

windows10-2004-x64

1

Software_1.30.1.exe

windows7-x64

10

Software_1.30.1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    0s
  • max time network
    5s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26/04/2024, 10:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Software_1.30.1.exe

  • Size

    459KB

  • MD5

    1502131d8e2862b1c4c8c32460d5a471

  • SHA1

    661c7dbfffa6c8a03df60e6f9daf1dcfaf9b1591

  • SHA256

    f5c5b3ecadf87600083fa78130c7c046405e542c878a86a144626286dd857349

  • SHA512

    87088e55f5a0fb586771ca0bded9649e790393646036579ebf29ed051af706f24516c261a9a4365d84c675aa8f75b277ccf58eda9a86bd67eb2f1c9edfdb5f4b

  • SSDEEP

    12288:P4J4ZH65jJnZ0iQaNJI0pqIRWqsfedoM/Sk2+JEXRa:w4ZGnhDVqXqsWaM/dbGB

Score
10/10
redlinezgratinfostealerrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Software_1.30.1.exe
    "C:\Users\Admin\AppData\Local\Temp\Software_1.30.1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 36
      2⤵
      • Program crash
      PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1968-0-0x00000000009E0000-0x0000000000A57000-memory.dmp

    Filesize

    476KB

    Download