Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

softwinx86.exe

windows7-x64

10

softwinx86.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2023, 01:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    softwinx86.exe

  • Size

    392KB

  • MD5

    d21ae966a90377ef5799a7fbae0acb53

  • SHA1

    4b8a0abdb6e853987aa2101844050f8135b6629e

  • SHA256

    edc6c3c59c0742cbac1974078851dac95d195ccf18c53c64b52c05f11ade3b3e

  • SHA512

    8e3ac1628d76e8768743152cccc1e0241478cd195452e2e352dea21774f33b03c18f349213127df0988f1d7a81ed1a412537bf3299fd2a6c4e93c9b55fc46717

  • SSDEEP

    6144:KqLfmjeI2fds+SaR6owC6fzfIh8HzcVisn2ZF/E7dF61A355pZEZY:Kqrmjwdslp7w6lZJE76uTZ

Score
10/10
redline@new@2023discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@new@2023

C2

77.73.133.62:22344

Attributes
  • auth_value

    8284279aedaed026a9b7cb9c1c0be4e4

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\softwinx86.exe
    "C:\Users\Admin\AppData\Local\Temp\softwinx86.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2004

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2004-54-0x0000000004760000-0x00000000047AC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2004-55-0x00000000047B0000-0x00000000047FA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2004-56-0x0000000075D11000-0x0000000075D13000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2004-57-0x000000000058B000-0x00000000005C2000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2004-58-0x0000000000320000-0x0000000000379000-memory.dmp

    Filesize

    356KB

    Download

  • memory/2004-59-0x0000000000400000-0x000000000047F000-memory.dmp

    Filesize

    508KB

    Download

  • memory/2004-60-0x000000000058B000-0x00000000005C2000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2004-61-0x0000000000400000-0x000000000047F000-memory.dmp

    Filesize

    508KB

    Download