Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

InstallerV5.exe

windows7-x64

10

InstallerV5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 15:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    InstallerV5.exe

  • Size

    78KB

  • MD5

    b61d469cf77f2dd30e1ef31acba14fc3

  • SHA1

    e1931cb1d20128df56ddfff69f84c5c1ed2975a7

  • SHA256

    574c5d147be871088a39dcf2dc54bf123f74da56ed2a44613e8e643e2d247ac0

  • SHA512

    bfee99acb08c57615d6bae9eee7bc331eecc82fee81fa09469fe7e891779cfda34860aacba77baa8c15482141169d366713ed4d6108990d4f553ac0734e256b1

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+K8PIC:5Zv5PDwbjNrmAE+KwIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1Nzc5NzM0ODg0Mzg0Nzc1MQ.Gt4uVY.fwQ0zxAA0tWa6W71KN3mXkRSbFGrwOcaXRwFhU

  • server_id

    1257772717743276134

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\InstallerV5.exe
    "C:\Users\Admin\AppData\Local\Temp\InstallerV5.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3912-1-0x000002655CE20000-0x000002655CE38000-memory.dmp

    Filesize

    96KB

    Download

  • memory/3912-0-0x00007FFF22B93000-0x00007FFF22B95000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3912-2-0x0000026577500000-0x00000265776C2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3912-3-0x00007FFF22B90000-0x00007FFF23651000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3912-4-0x0000026577E40000-0x0000026578368000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3912-5-0x00007FFF22B90000-0x00007FFF23651000-memory.dmp

    Filesize

    10.8MB

    Download