Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

37671bcb6a...86.exe

windows7_x64

10

37671bcb6a...86.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294182s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    10/04/2022, 19:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37671bcb6aa291bcbfb1a83a8e166386.exe

  • Size

    344KB

  • MD5

    37671bcb6aa291bcbfb1a83a8e166386

  • SHA1

    896f5615e912c0414d8d39a94244bb21136fb53f

  • SHA256

    1e6a275bd60e41c1d426ccdff5e061128feb52742ebbd69356fa04208ea1be39

  • SHA512

    4b34b2f41e446b10e1e9a08ebc6755a1a0bef67ca26cc6a7f6a8c1944f7729c48da83e66654e391d19f3d5f6ccc0decf059847d93e4d9fb1fc103686f4e963ff

Score
10/10
redline50discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

50

C2

193.106.191.132:23196

Attributes
  • auth_value

    8735fcb130c82dd9d353478678d60bde

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\37671bcb6aa291bcbfb1a83a8e166386.exe
    "C:\Users\Admin\AppData\Local\Temp\37671bcb6aa291bcbfb1a83a8e166386.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:620

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/620-54-0x000000000064A000-0x0000000000673000-memory.dmp

    Filesize

    164KB

    Download

  • memory/620-56-0x0000000000220000-0x0000000000257000-memory.dmp

    Filesize

    220KB

    Download

  • memory/620-55-0x000000000064A000-0x0000000000673000-memory.dmp

    Filesize

    164KB

    Download

  • memory/620-57-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/620-58-0x0000000000590000-0x00000000005C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/620-59-0x0000000001E50000-0x0000000001E7E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/620-61-0x0000000001E61000-0x0000000001E62000-memory.dmp

    Filesize

    4KB

    Download

  • memory/620-60-0x0000000001E61000-0x0000000001E62000-memory.dmp

    Filesize

    4KB

    Download

  • memory/620-63-0x0000000001E61000-0x0000000001E62000-memory.dmp

    Filesize

    4KB

    Download

  • memory/620-65-0x0000000001E61000-0x0000000001E62000-memory.dmp

    Filesize

    4KB

    Download

  • memory/620-67-0x0000000001E61000-0x0000000001E62000-memory.dmp

    Filesize

    4KB

    Download

  • memory/620-69-0x0000000001E61000-0x0000000001E62000-memory.dmp

    Filesize

    4KB

    Download

  • memory/620-70-0x0000000004944000-0x0000000004946000-memory.dmp

    Filesize

    8KB

    Download