Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
10/01/2025, 16:32
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20240903-en
General
-
Target
Client.exe
-
Size
74KB
-
MD5
1656e622f27bbe9c1624a099cb81ba71
-
SHA1
490bce7fcc833b73a031b16ec9ca1df1b0c918b8
-
SHA256
9c0bb41bd8239ef8e2e1de9c503874c6fe1ea126b7b928650ddc996bffbf382d
-
SHA512
2c160051b03c34c4613a5fe3b95032d5040259553a955c311f3b1b224c977d01e7170928ffd4d863063cd573701a56fff4c97d0c62608723f21d53e37b9eff7c
-
SSDEEP
1536:VUnUcx73myCviPMVze9VdQuDI6H1bf/iQzcOLVclN:VUUcx73TgiPMVze9VdQsH1bf6QHBY
Malware Config
Extracted
asyncrat
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Default
127.0.0.1:4449
127.0.0.1:8000
127.0.0.1:64240
127.0.0.1:4448
193.161.193.99:4449
193.161.193.99:8000
193.161.193.99:64240
193.161.193.99:4448
103.83.164.33:4449
103.83.164.33:8000
103.83.164.33:64240
103.83.164.33:4448
dlcretzcenzktnsd
-
delay
1
-
install
false
-
install_folder
%AppData%
Signatures
-
Asyncrat family
-
resource yara_rule behavioral1/memory/3004-1-0x0000000000E60000-0x0000000000E78000-memory.dmp VenomRAT -
Venomrat family
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
pid Process 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe 3004 Client.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3004 Client.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3004 Client.exe