Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
07/03/2023, 10:44
Static task
static1
Behavioral task
behavioral1
Sample
redit.exe
Resource
win7-20230220-en
5 signatures
150 seconds
General
-
Target
redit.exe
-
Size
408KB
-
MD5
9ff723d163e9396f0864cdb77508e8f3
-
SHA1
878bb73586db91ab9867d4bda793377eff1344a1
-
SHA256
77eb3eb81fb496c86ee1578e57ac0251e38540613a3a5a0d5f3d362fa81a693f
-
SHA512
5e7213200bdadd4288f338fc9cb3c66f8a40138690e159d8b708ea3ff47a141332bf62513219d65b058b06ff870662a6ff265ada47fc7af399e3bcfa5e88e20e
-
SSDEEP
3072:9Fs0W8pkw2l2GbTnK4I/qvk4j7/2oDnbA6I9Drxi6NxTY9qo+v5YF4WqH+:9rZpkT2GXnY/qvk4Wqn3win97++
Malware Config
Extracted
Family
systembc
C2
212.118.36.165:4193
46.151.26.42:4193
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 224 set thread context of 3496 224 redit.exe 102 -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 224 redit.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 224 redit.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 224 wrote to memory of 3496 224 redit.exe 102 PID 224 wrote to memory of 3496 224 redit.exe 102 PID 224 wrote to memory of 3496 224 redit.exe 102 PID 224 wrote to memory of 3496 224 redit.exe 102
Processes
-
C:\Users\Admin\AppData\Local\Temp\redit.exe"C:\Users\Admin\AppData\Local\Temp\redit.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:224 -
C:\Users\Admin\AppData\Local\Temp\redit.exe"C:\Users\Admin\AppData\Local\Temp\redit.exe"2⤵PID:3496
-