Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10_x64

10

Resubmissions

29/10/2024, 12:27

241029-pm36fswpej 10

02/12/2021, 12:29

211202-pn5qnsgbek 10

Analysis

  • max time kernel
    119s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    02/12/2021, 12:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2eda567739acd1ef47402909d754e492cee2ea8432ff1b1942e4554473fb8d4d.exe

  • Size

    370KB

  • MD5

    9fcff3b97db56ac8a0b96096fbe2c765

  • SHA1

    ef199b7789de9e9bb43f7e78f6b54aad710586ff

  • SHA256

    2eda567739acd1ef47402909d754e492cee2ea8432ff1b1942e4554473fb8d4d

  • SHA512

    7324479c933389b779ca5eefc086482485c3eb341e446a04a84e6cd721bace78cf6323167051c6598a9f1f3992b932fad877b0d91d0a0fe0469d083f972fd37b

Score
10/10
redline1discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

45.9.20.59:46287

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2eda567739acd1ef47402909d754e492cee2ea8432ff1b1942e4554473fb8d4d.exe
    "C:\Users\Admin\AppData\Local\Temp\2eda567739acd1ef47402909d754e492cee2ea8432ff1b1942e4554473fb8d4d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3520

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3520-119-0x00000000048E0000-0x0000000004919000-memory.dmp

    Filesize

    228KB

    Download

  • memory/3520-118-0x00000000048B0000-0x00000000048DB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/3520-120-0x0000000000400000-0x0000000002B95000-memory.dmp

    Filesize

    39.6MB

    Download

  • memory/3520-121-0x0000000007480000-0x0000000007481000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-122-0x0000000004C60000-0x0000000004C8E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3520-123-0x0000000007490000-0x0000000007491000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-124-0x0000000004CE0000-0x0000000004D0C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/3520-125-0x0000000007482000-0x0000000007483000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-126-0x0000000007483000-0x0000000007484000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-127-0x0000000007990000-0x0000000007991000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-128-0x0000000004FF0000-0x0000000004FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-129-0x0000000007FA0000-0x0000000007FA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-130-0x0000000007484000-0x0000000007486000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3520-131-0x00000000073B0000-0x00000000073B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-132-0x0000000007400000-0x0000000007401000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-133-0x00000000082D0000-0x00000000082D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-134-0x00000000083C0000-0x00000000083C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-135-0x0000000008390000-0x0000000008391000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-136-0x00000000085C0000-0x00000000085C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-137-0x0000000008DE0000-0x0000000008DE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3520-138-0x0000000008FB0000-0x0000000008FB1000-memory.dmp

    Filesize

    4KB

    Download