Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

21046a04c1...a4.exe

windows7-x64

10

21046a04c1...a4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2025, 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21046a04c1fc6f4464a284eee9696e00fcff830a24f4be7bfde3d231e6fc73a4.exe

  • Size

    3.4MB

  • MD5

    e7a221c15828b918fe1c0adf0a8e5d1e

  • SHA1

    9242c5ec4904a549f510a5167960542c6ffe3ca9

  • SHA256

    21046a04c1fc6f4464a284eee9696e00fcff830a24f4be7bfde3d231e6fc73a4

  • SHA512

    9cae545ae4690994a5c15d9aadc2c39ffb91598f8e1790c4974f65b5a08c9383f1a1fe56374c00fb2ab6dda174325cc327fadbe52e7447a1bc68f8a069d02d3c

  • SSDEEP

    49152:CWTtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIqTv5333Wtd6WEx:rtLutqgwh4NYxtJpkxhGd333WT6WEx

Score
10/10
parallaxdiscoveryrat

Malware Config

Signatures

  • Parallax family
    parallax
  • ParallaxRat

    ParallaxRat is a multipurpose RAT written in MASM.

    ratparallax
  • ParallaxRat payload 3 IoCs

    Detects payload of Parallax Rat, a small portable Rat usually digitally signed with a Sectigo certificate.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21046a04c1fc6f4464a284eee9696e00fcff830a24f4be7bfde3d231e6fc73a4.exe
    "C:\Users\Admin\AppData\Local\Temp\21046a04c1fc6f4464a284eee9696e00fcff830a24f4be7bfde3d231e6fc73a4.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/308-0-0x00000000007E0000-0x0000000000860000-memory.dmp

    Filesize

    512KB

    Download

  • memory/308-1-0x0000000077C4F000-0x0000000077C50000-memory.dmp

    Filesize

    4KB

    Download

  • memory/308-2-0x0000000002120000-0x0000000002170000-memory.dmp

    Filesize

    320KB

    Download

  • memory/308-3-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/308-4-0x00000000007E0000-0x0000000000860000-memory.dmp

    Filesize

    512KB

    Download

  • memory/308-6-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/308-5-0x0000000000400000-0x000000000076F000-memory.dmp

    Filesize

    3.4MB

    Download