Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a503a1c53d93a1613e8c7988797b7d80N.exe
-
Size
137KB
-
Sample
240805-sl8lbszcpp
-
MD5
a503a1c53d93a1613e8c7988797b7d80
-
SHA1
1743824d1c620498f5e418bf35d6f1a56a9782f0
-
SHA256
b891a894f40ef7bff3fd9b33d5128d3edca1ded70daecf39a88027889c21b2d0
-
SHA512
b2de6c20d2960b09aa44d4e8831c30fe804f2d0aa62d3eddc85c526b58095508697dfe06440340dbb9b694aca8c2be43232c461f22e752a7128477df8d303194
-
SSDEEP
3072:CR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUuL:H25GgFny61mraF
Static task
static1
Behavioral task
behavioral1
Sample
a503a1c53d93a1613e8c7988797b7d80N.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a503a1c53d93a1613e8c7988797b7d80N.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
a503a1c53d93a1613e8c7988797b7d80N.exe
-
Size
137KB
-
MD5
a503a1c53d93a1613e8c7988797b7d80
-
SHA1
1743824d1c620498f5e418bf35d6f1a56a9782f0
-
SHA256
b891a894f40ef7bff3fd9b33d5128d3edca1ded70daecf39a88027889c21b2d0
-
SHA512
b2de6c20d2960b09aa44d4e8831c30fe804f2d0aa62d3eddc85c526b58095508697dfe06440340dbb9b694aca8c2be43232c461f22e752a7128477df8d303194
-
SSDEEP
3072:CR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUuL:H25GgFny61mraF
Score10/10-
Gh0st RAT payload
-
Blocklisted process makes network request
-
Boot or Logon Autostart Execution: Port Monitors
Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Port Monitors
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Port Monitors
1Registry Run Keys / Startup Folder
1