Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    50s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/02/2023, 04:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb221620db470176bd94826eaccf8af3bc6d9c6f20d5706919c1c736dd5a8f21.exe

  • Size

    339KB

  • MD5

    3492b638c9d8a2872d0b8080316b2dcd

  • SHA1

    d49fee32dc9ee894c11c9be163da5dc5ee54622b

  • SHA256

    cb221620db470176bd94826eaccf8af3bc6d9c6f20d5706919c1c736dd5a8f21

  • SHA512

    a49866963103fc7396dec425dfefa33d54985ad9c362c8885ce02546c638049610909678c8b8c547b848990e47ec7b250d0be0af9373a94b59f2122d2b794893

  • SSDEEP

    6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H

Score
10/10
redline24.01discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

24.01

C2

37.220.86.164:29170

Attributes
  • auth_value

    1c7f0aa21138601b5201a3a4a0123991

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb221620db470176bd94826eaccf8af3bc6d9c6f20d5706919c1c736dd5a8f21.exe
    "C:\Users\Admin\AppData\Local\Temp\cb221620db470176bd94826eaccf8af3bc6d9c6f20d5706919c1c736dd5a8f21.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4556

Network

    No results found
  • 37.220.86.164:29170
    cb221620db470176bd94826eaccf8af3bc6d9c6f20d5706919c1c736dd5a8f21.exe
    3.2MB
     29.1kB
     2168
    572
  • 20.189.173.5:443
    322 B
     7
  • 178.79.208.1:80
    322 B
     7
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4556-117-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-118-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-119-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-120-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-121-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-122-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-123-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-124-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-125-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-126-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-127-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-128-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-129-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-130-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-131-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-132-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-133-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-134-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-135-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-136-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-137-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-138-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-139-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-140-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-141-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-142-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-143-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-144-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-146-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-145-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-147-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-148-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-149-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-151-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-152-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-150-0x00000000000C0000-0x000000000011A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/4556-153-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-154-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-155-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-156-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-157-0x0000000004990000-0x0000000004996000-memory.dmp

    Filesize

    24KB

    Download

  • memory/4556-158-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-159-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-160-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-161-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-162-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-163-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-164-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-165-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-166-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-167-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-169-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-168-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-170-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-171-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-172-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-173-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-174-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-175-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-176-0x0000000005010000-0x0000000005616000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4556-177-0x0000000004B40000-0x0000000004C4A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4556-178-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-179-0x0000000004A70000-0x0000000004A82000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4556-180-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-181-0x0000000004AD0000-0x0000000004B0E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4556-182-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-183-0x0000000004C50000-0x0000000004C9B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/4556-184-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-185-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-186-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-187-0x0000000004E20000-0x0000000004EB2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4556-188-0x0000000006030000-0x000000000652E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/4556-189-0x0000000077450000-0x00000000775DE000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4556-191-0x0000000004EC0000-0x0000000004F26000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4556-199-0x0000000005D30000-0x0000000005DA6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/4556-200-0x0000000005DB0000-0x0000000005E00000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4556-201-0x0000000006530000-0x00000000066F2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4556-202-0x00000000072B0000-0x00000000077DC000-memory.dmp

    Filesize

    5.2MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.