Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
4294182s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
10/04/2022, 19:51
Static task
static1
Behavioral task
behavioral1
Sample
37671bcb6aa291bcbfb1a83a8e166386.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
37671bcb6aa291bcbfb1a83a8e166386.exe
Resource
win10v2004-en-20220113
General
-
Target
37671bcb6aa291bcbfb1a83a8e166386.exe
-
Size
344KB
-
MD5
37671bcb6aa291bcbfb1a83a8e166386
-
SHA1
896f5615e912c0414d8d39a94244bb21136fb53f
-
SHA256
1e6a275bd60e41c1d426ccdff5e061128feb52742ebbd69356fa04208ea1be39
-
SHA512
4b34b2f41e446b10e1e9a08ebc6755a1a0bef67ca26cc6a7f6a8c1944f7729c48da83e66654e391d19f3d5f6ccc0decf059847d93e4d9fb1fc103686f4e963ff
Malware Config
Extracted
redline
50
193.106.191.132:23196
-
auth_value
8735fcb130c82dd9d353478678d60bde
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 620 37671bcb6aa291bcbfb1a83a8e166386.exe 620 37671bcb6aa291bcbfb1a83a8e166386.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 620 37671bcb6aa291bcbfb1a83a8e166386.exe