Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
95s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
07/03/2023, 10:44
Static task
static1
Behavioral task
behavioral1
Sample
redit.exe
Resource
win7-20230220-en
5 signatures
150 seconds
General
-
Target
redit.exe
-
Size
408KB
-
MD5
9ff723d163e9396f0864cdb77508e8f3
-
SHA1
878bb73586db91ab9867d4bda793377eff1344a1
-
SHA256
77eb3eb81fb496c86ee1578e57ac0251e38540613a3a5a0d5f3d362fa81a693f
-
SHA512
5e7213200bdadd4288f338fc9cb3c66f8a40138690e159d8b708ea3ff47a141332bf62513219d65b058b06ff870662a6ff265ada47fc7af399e3bcfa5e88e20e
-
SSDEEP
3072:9Fs0W8pkw2l2GbTnK4I/qvk4j7/2oDnbA6I9Drxi6NxTY9qo+v5YF4WqH+:9rZpkT2GXnY/qvk4Wqn3win97++
Malware Config
Extracted
Family
systembc
C2
212.118.36.165:4193
46.151.26.42:4193
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1976 set thread context of 1928 1976 redit.exe 28 -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 1976 redit.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1976 redit.exe -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 1976 wrote to memory of 1928 1976 redit.exe 28 PID 1976 wrote to memory of 1928 1976 redit.exe 28 PID 1976 wrote to memory of 1928 1976 redit.exe 28 PID 1976 wrote to memory of 1928 1976 redit.exe 28 PID 1976 wrote to memory of 1928 1976 redit.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\redit.exe"C:\Users\Admin\AppData\Local\Temp\redit.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Users\Admin\AppData\Local\Temp\redit.exe"C:\Users\Admin\AppData\Local\Temp\redit.exe"2⤵PID:1928
-