Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0731d232d0af12a5320238914de6bf4a.exe
-
Size
412KB
-
Sample
241229-wlvw1svpap
-
MD5
0731d232d0af12a5320238914de6bf4a
-
SHA1
41b1d57292fa942352373e587a638011893649ab
-
SHA256
adc6b85fbb55624cdd9a25d9634f08d3991ac60dce86c8f3ed520a88e36371fe
-
SHA512
a1af80997ce12df93cd17be40f78cfaced5fda36e1a601819e7e0790fa1efba13c2f818d45f83290707e3ac8e1fc54fea7f2d6a17640e83da5ba816ee629a436
-
SSDEEP
6144:y+YH9d/Ucs7XgCbXTFm2HTMFyowl07iLC0Ga2wdyRwIfjc6YRjd66Al:y5HUcaX5Lxm2atlf0Ga2NRwI7YJbAl
Static task
static1
Behavioral task
behavioral1
Sample
0731d232d0af12a5320238914de6bf4a.exe
Resource
win7-20241010-en
Malware Config
Extracted
asyncrat
AWS | RxR
EXE JDIDD
5sdf23d2sdf.ddnss.eu:6606
5sdf23d2sdf.ddnss.eu:7707
5sdf23d2sdf.ddnss.eu:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
0731d232d0af12a5320238914de6bf4a.exe
-
Size
412KB
-
MD5
0731d232d0af12a5320238914de6bf4a
-
SHA1
41b1d57292fa942352373e587a638011893649ab
-
SHA256
adc6b85fbb55624cdd9a25d9634f08d3991ac60dce86c8f3ed520a88e36371fe
-
SHA512
a1af80997ce12df93cd17be40f78cfaced5fda36e1a601819e7e0790fa1efba13c2f818d45f83290707e3ac8e1fc54fea7f2d6a17640e83da5ba816ee629a436
-
SSDEEP
6144:y+YH9d/Ucs7XgCbXTFm2HTMFyowl07iLC0Ga2wdyRwIfjc6YRjd66Al:y5HUcaX5Lxm2atlf0Ga2NRwI7YJbAl
-
Asyncrat family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
4Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1