Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    28/12/2022, 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    403KB

  • MD5

    3229c8c943f3a2ba40334e2b1240d0d8

  • SHA1

    d214944064dd7d5ebed41f514013f297feff8109

  • SHA256

    de7c689d14ca60ffa4258d96b7b8911180aaaa5668bc9785ba27b3cdb44a28a2

  • SHA512

    779590ffcd0261fb9521257cbf76b04311d3a4481766636abdc0cf153981ef5cc769df4691b0575ce5b4ad9062feb97899d18ffc8a110946ba5a436f78306df4

  • SSDEEP

    12288:tOLqlkXPbWqJrmzVUOenhSHPe0wnVZH9P3:QqgWqRmQhSHm0wFP

Score
10/10
redlinepostdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

Post

C2

138.124.180.186:39614

Attributes
  • auth_value

    4bda2ce09764851c19dedd9d8ed8328e

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1360

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1360-54-0x0000000001D10000-0x0000000001D56000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1360-55-0x0000000001E80000-0x0000000001EC4000-memory.dmp

    Filesize

    272KB

    Download

  • memory/1360-56-0x0000000075831000-0x0000000075833000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1360-57-0x000000000030C000-0x000000000033A000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1360-58-0x00000000001B0000-0x00000000001FB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1360-59-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download

  • memory/1360-60-0x000000000030C000-0x000000000033A000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1360-61-0x000000000030C000-0x000000000033A000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1360-62-0x0000000000400000-0x0000000000469000-memory.dmp

    Filesize

    420KB

    Download