Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

RedLine.exe

windows7_x64

6

RedLine.exe

windows10_x64

6

Analysis

  • max time kernel
    136s
  • max time network
    83s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    10/07/2020, 11:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RedLine.exe

  • Size

    357KB

  • MD5

    b67bd93ed7a4d16868b2b688f53e2ffc

  • SHA1

    0206889856f95172091eaee2e7f55de18d5ed2df

  • SHA256

    5e511e5ef8d11046dae403ecb2299c18320d9ccc1ede9fdaff63ef5d42672753

  • SHA512

    f948bb912823b0b4ecbfc954bf9fc09c73ba22bf74cafe581ae8ffe3d5a0e7418665c4d068670aa7c4618f188fbea4019255bb0820177961f70daeecd1e1087b

Score
6/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • C:\Users\Admin\AppData\Local\Temp\RedLine.exe
    "C:\Users\Admin\AppData\Local\Temp\RedLine.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads