Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

141dbd540a...b3.exe

windows7-x64

10

141dbd540a...b3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 10:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe

  • Size

    64KB

  • MD5

    b5869ca2bc01b3f51ee0ec4d2cdf8925

  • SHA1

    af1382af0c1f1f64e07d744487f3205d17fddf96

  • SHA256

    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3

  • SHA512

    6ab6b25427b82e0275baea545bc4ea800d5dcab0a0f21eea809b418c4c2e71708885ad1c91cd2659ea67bfffeb3420b5cc47e2bc1a2c9f005f2754c362e5073d

  • SSDEEP

    1536:zQ9KoccuIkQKHHUN26blwl8UtinZVclN:zGKocrIk5nE26blY8RzY

Score
10/10
asyncratcryptrat

Malware Config

Extracted

Family

asyncrat

Version

WinRat [beta]

Botnet

crypt

Mutex

123423543

Attributes
  • c2_url_file

    https://raw.githubusercontent.com/valp3r/TestNoSocket/main/589734gfmngr09e.bin

  • delay

    1

  • install

    false

  • install_file

    UnityLisency.exe

  • install_folder

    %AppData%

aes.plain
1
rjxinHfcXKZfHNLYstDmsX97ktHXnxba

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    "C:\Users\Admin\AppData\Local\Temp\141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2316

Network

  • flag-us
    DNS
    raw.githubusercontent.com
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    Remote address:
    8.8.8.8:53
    Request
    raw.githubusercontent.com
    IN A
    Response
    raw.githubusercontent.com
    IN A
    185.199.109.133
    raw.githubusercontent.com
    IN A
    185.199.111.133
    raw.githubusercontent.com
    IN A
    185.199.110.133
    raw.githubusercontent.com
    IN A
    185.199.108.133
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    405 B
     219 B
     6
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    697 B
     219 B
     7
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    405 B
     219 B
     6
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 185.199.109.133:443
    raw.githubusercontent.com
    tls
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    359 B
     219 B
     5
    5
  • 8.8.8.8:53
    raw.githubusercontent.com
    dns
    141dbd540ae2a9a07dba2c3e1508cdd5bfbdf44ec4fecac7ea69b4d48b7c0db3.exe
    71 B
     135 B
     1
    1

    DNS Request

    raw.githubusercontent.com

    DNS Response

    185.199.109.133
    185.199.111.133
    185.199.110.133
    185.199.108.133

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2316-0-0x000007FEF5EB3000-0x000007FEF5EB4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2316-1-0x0000000000F60000-0x0000000000F76000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2316-2-0x000007FEF5EB0000-0x000007FEF689C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2316-3-0x000007FEF5EB0000-0x000007FEF689C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2316-4-0x000007FEF5EB3000-0x000007FEF5EB4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2316-5-0x000007FEF5EB0000-0x000007FEF689C000-memory.dmp

    Filesize

    9.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.