Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

90ed1454b8...38.exe

windows7-x64

10

90ed1454b8...38.exe

windows10-2004-x64

10

91570920da...cf.exe

windows7-x64

10

91570920da...cf.exe

windows10-2004-x64

7

915c452bf2...b6.exe

windows7-x64

10

915c452bf2...b6.exe

windows10-2004-x64

10

916cd92d3a...38.exe

windows7-x64

10

916cd92d3a...38.exe

windows10-2004-x64

10

916fbe67a7...e3.exe

windows7-x64

10

916fbe67a7...e3.exe

windows10-2004-x64

10

91cce1a9f4...6a.exe

windows7-x64

10

91cce1a9f4...6a.exe

windows10-2004-x64

10

91d2e3f758...f6.exe

windows7-x64

10

91d2e3f758...f6.exe

windows10-2004-x64

10

91d7fa8d89...52.exe

windows7-x64

10

91d7fa8d89...52.exe

windows10-2004-x64

10

91e6d47bd8...cc.exe

windows7-x64

7

91e6d47bd8...cc.exe

windows10-2004-x64

7

92105c7a3b...24.exe

windows7-x64

7

92105c7a3b...24.exe

windows10-2004-x64

7

921421b7f5...09.exe

windows7-x64

10

921421b7f5...09.exe

windows10-2004-x64

10

9221b9eea3...3c.exe

windows7-x64

1

9221b9eea3...3c.exe

windows10-2004-x64

10

92324d5776...05.exe

windows7-x64

1

92324d5776...05.exe

windows10-2004-x64

1

927cd0bd1a...b8.exe

windows7-x64

3

927cd0bd1a...b8.exe

windows10-2004-x64

3

92efd55895...78.exe

windows7-x64

10

92efd55895...78.exe

windows10-2004-x64

10

932a9096cd...eb.exe

windows7-x64

10

932a9096cd...eb.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 06:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    91cce1a9f4562b0cd73d60203cebb76a.exe

  • Size

    74KB

  • MD5

    91cce1a9f4562b0cd73d60203cebb76a

  • SHA1

    7c292b693357b1e6d33754b2ffb2130d9dbc7941

  • SHA256

    b529dd5db79c9860acbf6e87056e8e8f9fbc298b66e2b4cb8d4e495d9c61178a

  • SHA512

    72bd1d4dd8f5512110afab35782915b9b99fcbd80c254fe5034fc724001a12e29e88313d9eb8cdc458931676123119f886d3afbcfc401027e6af21892639768b

  • SSDEEP

    1536:aUNccxRFxCSjPMVGDvUWMI/H1bX/tQsCYV1QzcaLVclN:aUOcxR39jPMVGDvzH1bXv1QLBY

Score
10/10
asyncratdefaultrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

127.0.0.1:4444

Mutex

wexjwwmjkm

Attributes
  • delay

    1

  • install

    true

  • install_file

    g.exe

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Suspicious use of AdjustPrivilegeToken 41 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\91cce1a9f4562b0cd73d60203cebb76a.exe
    "C:\Users\Admin\AppData\Local\Temp\91cce1a9f4562b0cd73d60203cebb76a.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1720-0-0x000007FEF52A3000-0x000007FEF52A4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1720-1-0x00000000008F0000-0x0000000000908000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1720-3-0x000007FEF52A0000-0x000007FEF5C8C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1720-4-0x000007FEF52A0000-0x000007FEF5C8C000-memory.dmp

    Filesize

    9.9MB

    Download