Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
11/10/2023, 15:49
Behavioral task
behavioral1
Sample
Unlock All Billy.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Unlock All Billy.exe
Resource
win10v2004-20230915-en
General
-
Target
Unlock All Billy.exe
-
Size
78KB
-
MD5
b4a57479c7754d98d3c24184136244e0
-
SHA1
5b7a8ffeef085170e1b1476d34ae711a2755d03f
-
SHA256
b02aab2d452a0d14905e4604585e468df404df4a1e3ff976242c9a1649cb79e1
-
SHA512
1202d809558cbf9335237b68d8bcf5b8664541cfc73cf775592ff295c0a614813b9fa860cb5616cea91a477cbae0611bc67bcb2c40d4882507462c4a64354a46
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+dPIC:5Zv5PDwbjNrmAE+NIC
Malware Config
Extracted
discordrat
-
discord_token
MTE1NTYxNDI0OTExMzEwMDUxMg.GlI09c.PPYEfwNkQ35akO73sP2AoFyaLNHOiyxqGQ7HJQ
-
server_id
1155588687292285040
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2232 wrote to memory of 2440 2232 Unlock All Billy.exe 28 PID 2232 wrote to memory of 2440 2232 Unlock All Billy.exe 28 PID 2232 wrote to memory of 2440 2232 Unlock All Billy.exe 28