Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    100s
  • max time network
    102s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/09/2022, 16:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd2c8055bd48f3b3b00550250f4851e7f5995a034005d5af589a33ac1dc36954.exe

  • Size

    367KB

  • MD5

    a1c88160806213516c95141ac3923a20

  • SHA1

    00d4953bcd3a3e6bac804624a51979be566c1764

  • SHA256

    bd2c8055bd48f3b3b00550250f4851e7f5995a034005d5af589a33ac1dc36954

  • SHA512

    e666f51829c1d6dff19528d3f493c09ecc146551be8f9598792961a0ebb04b60cf4cb9bd52bc2d24fc51557d606a2e0ceebee61be25d6910e13c2bd9ebae3f04

  • SSDEEP

    6144:vOUFTUZR/yTVz3qJrrEt3Inb4rbbztHFjUvRaspByPfe9T6OyLXi9lvgBdSHk:GO4n/Ed3q1rW3Inb4rDthWTpQ29T6UxF

Score
10/10
redlinetwickdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

twick

C2

trustedwicky.com:80

Attributes
  • auth_value

    2284521981f16053dae08194ef371cb3

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd2c8055bd48f3b3b00550250f4851e7f5995a034005d5af589a33ac1dc36954.exe
    "C:\Users\Admin\AppData\Local\Temp\bd2c8055bd48f3b3b00550250f4851e7f5995a034005d5af589a33ac1dc36954.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1788

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1788-120-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-121-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-122-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-123-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-124-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-125-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-126-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-127-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-128-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-129-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-130-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-131-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-132-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-133-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-134-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-136-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-137-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-139-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-138-0x0000000000900000-0x0000000000A4A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1788-141-0x00000000001C0000-0x00000000001F7000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1788-140-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-142-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-143-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-144-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-145-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-146-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-147-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-148-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-149-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-150-0x0000000000400000-0x0000000000802000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1788-151-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-152-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-153-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-154-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-155-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-156-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-157-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-158-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-159-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-160-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-161-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-162-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-163-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-164-0x00000000027F0000-0x0000000002820000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1788-165-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-166-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-167-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-168-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-169-0x0000000004E30000-0x000000000532E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/1788-170-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-171-0x0000000002980000-0x00000000029AE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1788-172-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-173-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-174-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-175-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-176-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-177-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-178-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-179-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-180-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-181-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-182-0x0000000005330000-0x0000000005936000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1788-183-0x00000000029C0000-0x00000000029D2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1788-184-0x0000000005990000-0x0000000005A9A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1788-185-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-186-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-187-0x0000000005AC0000-0x0000000005AFE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1788-188-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-189-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-190-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-191-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-192-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-193-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-194-0x0000000077CB0000-0x0000000077E3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1788-195-0x0000000005B30000-0x0000000005B7B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1788-204-0x0000000000900000-0x0000000000A4A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1788-205-0x00000000001C0000-0x00000000001F7000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1788-222-0x0000000000400000-0x0000000000802000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1788-221-0x0000000006890000-0x0000000006922000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1788-223-0x0000000006940000-0x00000000069A6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1788-231-0x0000000006C70000-0x0000000006CE6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1788-232-0x0000000006D30000-0x0000000006D4E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1788-233-0x0000000006F20000-0x00000000070E2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1788-234-0x00000000070F0000-0x000000000761C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/1788-237-0x0000000007880000-0x00000000078D0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1788-242-0x0000000000400000-0x0000000000802000-memory.dmp

    Filesize

    4.0MB

    Download