Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

561c94494c...f8.exe

windows7-x64

10

561c94494c...f8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17/12/2024, 02:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe

  • Size

    312KB

  • MD5

    2e87d4e593da9635c26553f5d5af389a

  • SHA1

    64fad232e197d1bf0091db37e137ef722024b497

  • SHA256

    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8

  • SHA512

    0667ddaea41c4c4f21e7bc249384230763c4be7d9c01d6b1cf694da647fbcd66de859afad5f7c88399656da48b349e892f22301380da0bd100199e9c5b23c2e3

  • SSDEEP

    1536:vuPfZTgKa2fl7vACbbZvsZyMmXdz1P03Jr+4buiCsRxjToex:vuPBTgKa2NbA+bZE2XP2CsR9oex

Score
10/10
asyncratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

0.tcp.eu.ngrok.io:15174

Mutex

aNoM7pvDUvoo

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
XeSaBDVweaVCzikSzrqdWiRFXAruYM7t

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    "C:\Users\Admin\AppData\Local\Temp\561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:3044

Network

  • flag-us
    DNS
    0.tcp.eu.ngrok.io
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    Remote address:
    8.8.8.8:53
    Request
    0.tcp.eu.ngrok.io
    IN A
    Response
    0.tcp.eu.ngrok.io
    IN A
    3.78.28.71
  • flag-us
    DNS
    0.tcp.eu.ngrok.io
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    Remote address:
    8.8.8.8:53
    Request
    0.tcp.eu.ngrok.io
    IN A
    Response
    0.tcp.eu.ngrok.io
    IN A
    3.74.27.83
  • flag-us
    DNS
    0.tcp.eu.ngrok.io
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    Remote address:
    8.8.8.8:53
    Request
    0.tcp.eu.ngrok.io
    IN A
    Response
    0.tcp.eu.ngrok.io
    IN A
    3.74.27.83
  • 3.78.28.71:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.78.28.71:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.78.28.71:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.78.28.71:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.78.28.71:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.78.28.71:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.78.28.71:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.78.28.71:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.78.28.71:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.78.28.71:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.78.28.71:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.78.28.71:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    325 B
     268 B
     5
    4
  • 3.74.27.83:15174
    0.tcp.eu.ngrok.io
    tls
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    279 B
     268 B
     4
    4
  • 8.8.8.8:53
    0.tcp.eu.ngrok.io
    dns
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    63 B
     79 B
     1
    1

    DNS Request

    0.tcp.eu.ngrok.io

    DNS Response

    3.78.28.71

  • 8.8.8.8:53
    0.tcp.eu.ngrok.io
    dns
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    63 B
     79 B
     1
    1

    DNS Request

    0.tcp.eu.ngrok.io

    DNS Response

    3.74.27.83

  • 8.8.8.8:53
    0.tcp.eu.ngrok.io
    dns
    561c94494c3cd0b918bdf5eb323682fad6596a0a54c4cdd85a99880b4028b3f8.exe
    63 B
     79 B
     1
    1

    DNS Request

    0.tcp.eu.ngrok.io

    DNS Response

    3.74.27.83

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3044-0-0x000000007472E000-0x000000007472F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3044-1-0x0000000000960000-0x00000000009B4000-memory.dmp

    Filesize

    336KB

    Download

  • memory/3044-2-0x0000000074720000-0x0000000074E0E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/3044-3-0x0000000074720000-0x0000000074E0E000-memory.dmp

    Filesize

    6.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.