Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

memreduct/...ct.exe

windows11-21h2-x64

1

memreduct/...ct.exe

windows11-21h2-x64

6

memreduct/...ct.exe

windows11-21h2-x64

Analysis

  • max time kernel
    35s
  • max time network
    7s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04/07/2024, 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    memreduct/64/memreduct.exe

  • Size

    290KB

  • MD5

    bfbe78d329b87dd1d5ae51707fdf928b

  • SHA1

    015c758391b620dee72625ed59b522c06f6457d7

  • SHA256

    31689824dd984bd9c0f07c20f05bc253f6d107581aec4609044fddcdd50f655d

  • SHA512

    e950551d53e50a0296a60730c0cc2ee029ef9026159e159bee9bb29a0f19756f5167f77c4024854fd58bede7ff8051ac4a2f5acf55443ed29c381e909fd04e5a

  • SSDEEP

    3072:KV+VDeAxsOc8WdE7KEgD3fN/FZgTMJNa22IR9Lp3FhMd08Xevd0pG46tBHa/FgFj:WQitu7K3rfnh2IRNxfTv69

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 42 IoCs
  • Suspicious use of SendNotifyMessage 42 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\memreduct\64\memreduct.exe
    "C:\Users\Admin\AppData\Local\Temp\memreduct\64\memreduct.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads