Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
09/03/2025, 13:54
Behavioral task
behavioral1
Sample
Client.exe
Resource
win7-20240903-en
7 signatures
150 seconds
General
-
Target
Client.exe
-
Size
74KB
-
MD5
56168cd14981dd51da0e5293bbd20800
-
SHA1
e115e5c6aaa013a5691fc1943b00621c81b795c5
-
SHA256
308aef8008352b8c6271a70cb32d721e5844df4783d4dbac608108728d4b8b80
-
SHA512
c81f7f7bb6cba9191723b650ea358c878e51a4e84bc2038692f5e3f26d1b01010e45c4eff110749735370c0c99e6722918c416dcbdeea11fa1f5e43f8dbe2f33
-
SSDEEP
1536:4UNccxRFxCSjPMV6e9VdQuDI6H1bf/5EIIQzcnjVclN:4UOcxR39jPMV6e9VdQsH1bf+IIQSJY
Malware Config
Extracted
Family
asyncrat
Version
Venom RAT + HVNC + Stealer + Grabber v6.0.3
Botnet
Default
C2
127.0.0.1:4449
Mutex
iyziqtacatvjvjj
Attributes
-
delay
1
-
install
false
-
install_file
hello
-
install_folder
%AppData%
aes.plain
Signatures
-
Asyncrat family
-
resource yara_rule behavioral2/memory/3840-1-0x0000000000EE0000-0x0000000000EF8000-memory.dmp VenomRAT -
Venomrat family
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe 3840 Client.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 3840 Client.exe Token: SeDebugPrivilege 3840 Client.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3840 Client.exe