Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

DiscordXploit.exe

windows7-x64

10

DiscordXploit.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18/01/2025, 15:42 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DiscordXploit.exe

  • Size

    222KB

  • MD5

    b56c44fd1623f7ece09ba38c233cffbb

  • SHA1

    b4127c6a1c0b792d24edde64cd996ea23a830920

  • SHA256

    6a3246d84a7dc156a06120f0d4373661743d748de6109575473adcf5071d6419

  • SHA512

    2453b46f87d2a703bf48dc2f381fc6be43ba4f43d01af5f46c6d769872bec19829ca80112723d5975dc9957082d4544600b09ad852737582259bf0839c101a56

  • SSDEEP

    3072:fUBcxVMWiPMV7uYH1bomQX5RJT/zNkF15g/xIoJzdIXANvoKxVY:fgWiPMVVVb7sR/z0/gfJzdIQNoKL

Score
10/10
asyncratvenomratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

193.161.193.99:49446

Mutex

8735d3c7-a86c-4a5a-b775-0b873f7eb49c

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
Fq54Fz2eYrHusOPewFJul28qBoMQfkII

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • VenomRAT 1 IoCs

    Detects VenomRAT.

    rat
  • Venomrat family
    venomrat
  • Suspicious behavior: EnumeratesProcesses 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DiscordXploit.exe
    "C:\Users\Admin\AppData\Local\Temp\DiscordXploit.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3064

Network

    No results found
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     80 B
     3
    2
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    152 B
     120 B
     3
    3
  • 193.161.193.99:49446
    DiscordXploit.exe
    104 B
     40 B
     2
    1
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3064-0-0x000007FEF4EE3000-0x000007FEF4EE4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3064-1-0x00000000008B0000-0x00000000008EC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3064-3-0x000007FEF4EE0000-0x000007FEF58CC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3064-4-0x000007FEF4EE0000-0x000007FEF58CC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3064-5-0x000007FEF4EE3000-0x000007FEF4EE4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3064-6-0x000007FEF4EE0000-0x000007FEF58CC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3064-7-0x000007FEF4EE0000-0x000007FEF58CC000-memory.dmp

    Filesize

    9.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.