Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

320BBF2361...78.exe

windows7-x64

10

320BBF2361...78.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2022, 06:11 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    320BBF2361CE8101CEA71E7E02B3FA13F7E5F002FD778.exe

  • Size

    137KB

  • MD5

    d33a7cb1229b040746c1241e2fccfb29

  • SHA1

    c76a083cd3f2c021ce785bfef7344f22b0d3172b

  • SHA256

    320bbf2361ce8101cea71e7e02b3fa13f7e5f002fd778b21237fcc869d15edb7

  • SHA512

    0ad9c419e38d303868414ce4b9a3f893c14b828dc9f223ce050a775512ef6b184faaee7c1ca972a7f3dfb62dcbdf69b7c123debb175da9f1a0929f07941489d9

  • SSDEEP

    3072:LYO/ZMTFxtgoYzdxqUlaa3TVYODFjyRPkhnSSc6m:LYMZMBxtgomEUlaa33kpkh1

Score
10/10
redlinejonson2discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

Jonson2

C2

15.235.174.218:18640

Attributes
  • auth_value

    55841dcf69df8edd34cfe945ade5d66e

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\320BBF2361CE8101CEA71E7E02B3FA13F7E5F002FD778.exe
    "C:\Users\Admin\AppData\Local\Temp\320BBF2361CE8101CEA71E7E02B3FA13F7E5F002FD778.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1836

Network

    No results found
  • 15.235.174.218:18640
    320BBF2361CE8101CEA71E7E02B3FA13F7E5F002FD778.exe
    3.5MB
     50.5kB
     2558
    1036
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1836-54-0x0000000000970000-0x0000000000998000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1836-55-0x0000000075771000-0x0000000075773000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.