Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    267s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18/12/2022, 22:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    279d687eec84cee9e0c96d5b5a68327acce6b80593fa0396d5848339fce3a302.exe

  • Size

    333KB

  • MD5

    cca9077b425936e83114909afef08929

  • SHA1

    3b5136cc68871b1b1c875177771ec67471ef9a9e

  • SHA256

    279d687eec84cee9e0c96d5b5a68327acce6b80593fa0396d5848339fce3a302

  • SHA512

    969ce7046173b3ef147438e348a69aa7c4bb194cc0659cb7ea3808909f8d37ce7fbfd9a1cd1dd233a301378ec8b3c176d322161918479d9968bd9e6e0f813dd4

  • SSDEEP

    6144:Q86gTLIknoLHVvai7t6Et174H57Jcm1oQLenFKalsKeBg3CqqVoU0VB:Q86KEUobtFt6Et1m57JcUasKemSJ9O

Score
10/10
redlinenokiadiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

nokia

C2

31.41.244.198:4083

Attributes
  • auth_value

    3b38e056d594ae0cf1368e6e1daa3a4e

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\279d687eec84cee9e0c96d5b5a68327acce6b80593fa0396d5848339fce3a302.exe
    "C:\Users\Admin\AppData\Local\Temp\279d687eec84cee9e0c96d5b5a68327acce6b80593fa0396d5848339fce3a302.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3876

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3876-115-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-116-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-117-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-118-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-119-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-120-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-121-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-123-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-124-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-125-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-126-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-127-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-128-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-129-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-130-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-131-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-132-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-133-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-134-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-135-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-136-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-137-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-138-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-139-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-141-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-142-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-143-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-140-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-144-0x0000000000540000-0x000000000068A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3876-145-0x0000000000480000-0x000000000052E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/3876-146-0x0000000000400000-0x000000000047D000-memory.dmp

    Filesize

    500KB

    Download

  • memory/3876-147-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-148-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-149-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-150-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-151-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-152-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-153-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-154-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-155-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-156-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-157-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-158-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-159-0x0000000002480000-0x00000000024C6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/3876-160-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-161-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-162-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-163-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-164-0x0000000004A10000-0x0000000004F0E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/3876-165-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-166-0x0000000004F10000-0x0000000004F54000-memory.dmp

    Filesize

    272KB

    Download

  • memory/3876-167-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-168-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-169-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-170-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-171-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-172-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-173-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-174-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-175-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-176-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-177-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-178-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-179-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-180-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-181-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-182-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-183-0x00000000055A0000-0x0000000005BA6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/3876-184-0x0000000005010000-0x000000000511A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3876-185-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-186-0x0000000005150000-0x0000000005162000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3876-187-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-188-0x0000000005170000-0x00000000051AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3876-189-0x0000000076EC0000-0x000000007704E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3876-190-0x00000000052C0000-0x000000000530B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/3876-194-0x0000000000540000-0x000000000068A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3876-195-0x0000000000480000-0x000000000052E000-memory.dmp

    Filesize

    696KB

    Download

  • memory/3876-196-0x0000000000400000-0x000000000047D000-memory.dmp

    Filesize

    500KB

    Download

  • memory/3876-197-0x0000000005450000-0x00000000054E2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3876-199-0x00000000054F0000-0x0000000005556000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3876-207-0x00000000061D0000-0x0000000006246000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3876-208-0x0000000006260000-0x00000000062B0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/3876-209-0x00000000063E0000-0x00000000065A2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3876-210-0x00000000065C0000-0x0000000006AEC000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3876-217-0x0000000000400000-0x000000000047D000-memory.dmp

    Filesize

    500KB

    Download