Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
27/01/2025, 16:54
Static task
static1
Behavioral task
behavioral1
Sample
360rsp.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
360rsp.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
456Login.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
456Login.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
MachineGUID.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
MachineGUID.dll
Resource
win10v2004-20241007-en
General
-
Target
360rsp.exe
-
Size
562KB
-
MD5
fe7279ede3a7dcb7184105e6ebad8462
-
SHA1
7bb5420426828b1fb5c39655dd2970a5eefbd47e
-
SHA256
6c36e20b91ea36d03c7ac4cbddce7d045470757f21da2e340abb6510c4ba6b87
-
SHA512
1853792e5f40e92e36094b02d1a05e767c20923b19f0b85ced2f70e23c695b8d3273fa150004e659f9c721919110b82d3e19331d8f309e482ea3f927277d4109
-
SSDEEP
12288:3opCiRmtWBygSpspt7t0Ms9tmc5xW0UG24ip0hfHvpeWVRQWocoooooYoooooooh:l7q22h0MstmWxZUG24ip+vpeWVRnocoV
Malware Config
Signatures
-
Gh0st RAT payload 1 IoCs
resource yara_rule behavioral1/memory/1580-1-0x0000000010000000-0x0000000010020000-memory.dmp family_gh0strat -
Gh0strat family
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 360rsp.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe 1580 360rsp.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1580 360rsp.exe