Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0229b0ed26...57.exe

windows7-x64

10

0229b0ed26...57.exe

windows10-2004-x64

10

048b7d1176...04.exe

windows7-x64

10

048b7d1176...04.exe

windows10-2004-x64

10

0f9f03bf48...ae.exe

windows7-x64

10

0f9f03bf48...ae.exe

windows10-2004-x64

10

13047f8cb7...6b.exe

windows7-x64

1

13047f8cb7...6b.exe

windows10-2004-x64

1

13c6577c68...d4.exe

windows7-x64

7

13c6577c68...d4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    07/10/2023, 05:39 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe

  • Size

    1.0MB

  • MD5

    17fc1332bb8885026657c75511954e07

  • SHA1

    9ebbd2f605e5d470db176376928b47940afc1565

  • SHA256

    0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557

  • SHA512

    0c38b4af0630d9d25aadb653aa9923b751852084db41002c3c78f6aa52a9fe77483237161f7f335ed49679e38007807cf6733a015da4c30824c069910e0061c1

  • SSDEEP

    24576:fsCTOsw3FBos9fcWKV7lI93TaSUk5wHocSRTIJCHXjqCrD:ftoK4vuy3Tz2IcuTmC3/

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

162.33.179.100:443

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
    "C:\Users\Admin\AppData\Local\Temp\0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe"
    1⤵
    • Drops file in Windows directory
    PID:2928
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {23DDA98D-456C-4778-A483-FD8C7D408C3F} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Users\Admin\AppData\Local\Temp\0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      C:\Users\Admin\AppData\Local\Temp\0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe start
      2⤵
        PID:1960

    Network

      No results found
    • 162.33.179.100:443
      0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      152 B
       3
    • 162.33.179.100:443
      0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      152 B
       3
    • 162.33.179.100:443
      0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      152 B
       3
    • 162.33.179.100:443
      0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      152 B
       3
    • 162.33.179.100:443
      0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      152 B
       3
    • 162.33.179.100:443
      0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      152 B
       3
    • 162.33.179.100:443
      0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      152 B
       3
    • 162.33.179.100:443
      0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      152 B
       3
    • 162.33.179.100:443
      0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      152 B
       3
    • 162.33.179.100:443
      0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      152 B
       3
    • 162.33.179.100:443
      0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      152 B
       3
    • 162.33.179.100:443
      0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      152 B
       3
    • 162.33.179.100:443
      0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      152 B
       3
    • 162.33.179.100:443
      0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.exe
      104 B
       2
    No results found

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1960-9-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1960-14-0x0000000000400000-0x0000000000512000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1960-12-0x0000000000400000-0x0000000000512000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1960-11-0x0000000000400000-0x0000000000512000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1960-10-0x0000000000250000-0x0000000000251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2928-3-0x0000000000400000-0x0000000000512000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2928-6-0x0000000000400000-0x0000000000512000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2928-5-0x00000000003A0000-0x00000000003A5000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2928-4-0x0000000000400000-0x0000000000512000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/2928-0-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2928-2-0x00000000002E0000-0x00000000002E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2928-13-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2928-1-0x0000000001EE0000-0x0000000001F6A000-memory.dmp

      Filesize

      552KB

      Download

    • memory/2928-15-0x00000000002E0000-0x00000000002E1000-memory.dmp

      Filesize

      4KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.