Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/01/2023, 04:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a6013a8c88d99b77fdd5eb6196e72e72131fbcd37b9f642cf0cdc735f94788ab.exe

  • Size

    307KB

  • MD5

    b5d961656a8f3f197347f41db3f83bb2

  • SHA1

    8bdde2061f77de923b25287e1abb96783b4f0d5c

  • SHA256

    a6013a8c88d99b77fdd5eb6196e72e72131fbcd37b9f642cf0cdc735f94788ab

  • SHA512

    674dafc76d35c2e8886d22646fae8298b0b9559ea9cdd092039b135016f2f440bf287d0da1363a17e9ca228c3132d4bbde4af33d590e9daa3182ae7c73d337d0

  • SSDEEP

    3072:60o29L0wEHq5JbBvKQehsOOdXwIO/BMS7AJ9GS7U+rIH8d8ScEZ/Nu6nghWysim8:k+LaHybJKQMePEXH8SSVlKbHv

Score
10/10
redlinesportdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

sport

C2

31.41.244.98:4063

Attributes
  • auth_value

    82cce55eeb56b322651e98032c09d225

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a6013a8c88d99b77fdd5eb6196e72e72131fbcd37b9f642cf0cdc735f94788ab.exe
    "C:\Users\Admin\AppData\Local\Temp\a6013a8c88d99b77fdd5eb6196e72e72131fbcd37b9f642cf0cdc735f94788ab.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4940

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4940-116-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-117-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-118-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-119-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-120-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-121-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-122-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-123-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-124-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-125-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-126-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-127-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-128-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-129-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-130-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-131-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-132-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-133-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-134-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-135-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-136-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-137-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-138-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-139-0x0000000000676000-0x00000000006A4000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4940-140-0x00000000005C0000-0x000000000060B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/4940-141-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-142-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-143-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-144-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-145-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-146-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-147-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-148-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-149-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-150-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-151-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-152-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/4940-153-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-154-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-155-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-156-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-157-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-158-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-159-0x00000000023A0000-0x00000000023E6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4940-160-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-161-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-162-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-163-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-164-0x0000000004C30000-0x000000000512E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/4940-165-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-166-0x0000000002590000-0x00000000025D4000-memory.dmp

    Filesize

    272KB

    Download

  • memory/4940-167-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-168-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-169-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-170-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-171-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-172-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-173-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-174-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-175-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-176-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-177-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-178-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-179-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-180-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-181-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-182-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-183-0x0000000005130000-0x0000000005736000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4940-184-0x0000000004B10000-0x0000000004C1A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4940-185-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-186-0x0000000005750000-0x0000000005762000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4940-187-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-188-0x0000000005770000-0x00000000057AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4940-189-0x0000000077520000-0x00000000776AE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4940-190-0x00000000058C0000-0x000000000590B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/4940-194-0x0000000000676000-0x00000000006A4000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4940-195-0x00000000005C0000-0x000000000060B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/4940-197-0x0000000005A50000-0x0000000005AB6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4940-205-0x0000000006100000-0x0000000006192000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4940-206-0x00000000062F0000-0x00000000064B2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4940-207-0x00000000064C0000-0x00000000069EC000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/4940-210-0x0000000006C50000-0x0000000006CC6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/4940-211-0x0000000006CE0000-0x0000000006D30000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4940-216-0x0000000000676000-0x00000000006A4000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4940-217-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download