Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

6b5428dd82...c1.exe

windows7-x64

10

6b5428dd82...c1.exe

windows10-2004-x64

10

6b6755ca1b...7b.exe

windows7-x64

10

6b6755ca1b...7b.exe

windows10-2004-x64

10

6b96951c0d...e8.exe

windows7-x64

10

6b96951c0d...e8.exe

windows10-2004-x64

10

6b990bdc11...15.exe

windows7-x64

3

6b990bdc11...15.exe

windows10-2004-x64

3

6bcf962809...67.exe

windows7-x64

10

6bcf962809...67.exe

windows10-2004-x64

10

6bf4d95191...d6.exe

windows7-x64

10

6bf4d95191...d6.exe

windows10-2004-x64

10

6c17f80a5a...33.exe

windows7-x64

10

6c17f80a5a...33.exe

windows10-2004-x64

7

6c25a9ad3a...ff.exe

windows7-x64

10

6c25a9ad3a...ff.exe

windows10-2004-x64

10

6c46d70788...18.exe

windows7-x64

10

6c46d70788...18.exe

windows10-2004-x64

10

6c5038f87e...dc.exe

windows7-x64

10

6c5038f87e...dc.exe

windows10-2004-x64

10

6c53fda3cb...65.exe

windows7-x64

10

6c53fda3cb...65.exe

windows10-2004-x64

10

6c79c2f450...b4.exe

windows7-x64

10

6c79c2f450...b4.exe

windows10-2004-x64

10

6ca3cb8c05...9a.exe

windows7-x64

10

6ca3cb8c05...9a.exe

windows10-2004-x64

10

6cb59f599a...bf.exe

windows7-x64

10

6cb59f599a...bf.exe

windows10-2004-x64

10

6ccb172e66...df.exe

windows7-x64

10

6ccb172e66...df.exe

windows10-2004-x64

10

6cdf89e8d2...1d.exe

windows7-x64

10

6cdf89e8d2...1d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    12s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 06:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ca3cb8c056b4e81c7a8a885e150b7efb068a36f38a023cb6e07f5640a62ad9a.exe

  • Size

    2.0MB

  • MD5

    0671fb2e25b5550c73a99fef148dcffc

  • SHA1

    f5d82c36648dd1f6581f9496651c3193cbba9831

  • SHA256

    6ca3cb8c056b4e81c7a8a885e150b7efb068a36f38a023cb6e07f5640a62ad9a

  • SHA512

    0785b23e6c79d72e9de9bb22770b82fa53f31c814683eaa64ed3469301a6878a7dead9dcecb79b32e73f6fdf6fcd853a3586e6dc8b346e13b068599189b92232

  • SSDEEP

    49152:7rYU+Yy4J8jao9UVlWAOjhRzsiYHjo++xTN:7dxVJC9UqRzsu+8N

Score
10/10
dcratinfostealerrat

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Dcrat family
    dcrat
  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ca3cb8c056b4e81c7a8a885e150b7efb068a36f38a023cb6e07f5640a62ad9a.exe
    "C:\Users\Admin\AppData\Local\Temp\6ca3cb8c056b4e81c7a8a885e150b7efb068a36f38a023cb6e07f5640a62ad9a.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2648-0-0x000007FEF6233000-0x000007FEF6234000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2648-1-0x0000000001310000-0x000000000151A000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2648-2-0x000007FEF6230000-0x000007FEF6C1C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2648-3-0x00000000002D0000-0x00000000002DE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2648-4-0x00000000002E0000-0x00000000002EE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2648-5-0x000007FEF6230000-0x000007FEF6C1C000-memory.dmp

    Filesize

    9.9MB

    Download