Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bf715a162d58532ff68e58bde821ffb9f2f080d980f0db4c5b6f1fa12906ad1fN
-
Size
137KB
-
Sample
240928-f776gazajq
-
MD5
7e74a8bda81ef61a2fc3055c2d6e1c70
-
SHA1
2c52f9c919db775de2ecded610699d6d2a27cbde
-
SHA256
bf715a162d58532ff68e58bde821ffb9f2f080d980f0db4c5b6f1fa12906ad1f
-
SHA512
835c4a4b1f0ef58da561720910a1ad8b1369cddc90d0acb6cb17728d7c717ce82199414c52f4dd0c69b7ad9f313c2eb2bab76a6a220ed4e8ef9a66e769169f60
-
SSDEEP
3072:uR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUun:725GgFny61mraR
Static task
static1
Behavioral task
behavioral1
Sample
bf715a162d58532ff68e58bde821ffb9f2f080d980f0db4c5b6f1fa12906ad1fN.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
bf715a162d58532ff68e58bde821ffb9f2f080d980f0db4c5b6f1fa12906ad1fN.dll
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
bf715a162d58532ff68e58bde821ffb9f2f080d980f0db4c5b6f1fa12906ad1fN
-
Size
137KB
-
MD5
7e74a8bda81ef61a2fc3055c2d6e1c70
-
SHA1
2c52f9c919db775de2ecded610699d6d2a27cbde
-
SHA256
bf715a162d58532ff68e58bde821ffb9f2f080d980f0db4c5b6f1fa12906ad1f
-
SHA512
835c4a4b1f0ef58da561720910a1ad8b1369cddc90d0acb6cb17728d7c717ce82199414c52f4dd0c69b7ad9f313c2eb2bab76a6a220ed4e8ef9a66e769169f60
-
SSDEEP
3072:uR02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUun:725GgFny61mraR
Score10/10-
Gh0st RAT payload
-
Boot or Logon Autostart Execution: Port Monitors
Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Port Monitors
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Port Monitors
1Registry Run Keys / Startup Folder
1