Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    54s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02/03/2023, 12:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55f9e5284f17d47a56fa4725909e157cc0c679a1db9d4cd2f5cb5ddfad615da4.exe

  • Size

    550KB

  • MD5

    1226ad47573b8620e3f7cb8fac95aa47

  • SHA1

    eab7d0d269cd1e322eefc4f95ad7550b767fff9c

  • SHA256

    55f9e5284f17d47a56fa4725909e157cc0c679a1db9d4cd2f5cb5ddfad615da4

  • SHA512

    c5884b2f30a239db9dd36af133cacece12ac402c4cca65384a09301c412cd3632c52a090213eb5259999d465e0474410666b382bd6fc6f073cb960526e81db73

  • SSDEEP

    6144:KNy+bnr+Cp0yN90QE0G8DSDA3UYgf+LOIavir4Fo7EZkzC7pGvsrs6ipt8pm2to:XMrqy90KbMAkpZzo7GlwkYB2m25plE4

Score
10/10
redlinefomichstekdiscoveryevasioninfostealerpersistencespywarestealertrojan

Malware Config

Extracted

Family

redline

Botnet

stek

C2

melevv.eu:4162

Attributes
  • auth_value

    4205381daf6946b2df5fe3bc7eacc918

Extracted

Family

redline

Botnet

fomich

C2

melevv.eu:4162

Attributes
  • auth_value

    b018e52ac946001794d8b8c23e901859

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Executes dropped EXE 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55f9e5284f17d47a56fa4725909e157cc0c679a1db9d4cd2f5cb5ddfad615da4.exe
    "C:\Users\Admin\AppData\Local\Temp\55f9e5284f17d47a56fa4725909e157cc0c679a1db9d4cd2f5cb5ddfad615da4.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vJS7841hL.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vJS7841hL.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:3728
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sw42QO29GP88.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sw42QO29GP88.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4128
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tPW45Te40.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tPW45Te40.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4504
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\uJh25Ee72.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\uJh25Ee72.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1316

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\uJh25Ee72.exe
    Filesize

    175KB

    MD5

    41ae719b8538bb930033ef1af1c87fef

    SHA1

    fb2ee0a4f9760fb4d2ba6eceba1422abc798eaa9

    SHA256

    d4511a9ded0c3cbb0b7b4b53fedd312f745ea1534151032dc8584b5fe57ea5dd

    SHA512

    bbea60184beb9550fb2db9d1a52c33a13b56dd477894ea3c0ec0b51098fef74ec944afa54af3ccd86ae97ca6b6d753f266508761f5ede7bd8391c3c8a9a56a97

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\uJh25Ee72.exe
    Filesize

    175KB

    MD5

    41ae719b8538bb930033ef1af1c87fef

    SHA1

    fb2ee0a4f9760fb4d2ba6eceba1422abc798eaa9

    SHA256

    d4511a9ded0c3cbb0b7b4b53fedd312f745ea1534151032dc8584b5fe57ea5dd

    SHA512

    bbea60184beb9550fb2db9d1a52c33a13b56dd477894ea3c0ec0b51098fef74ec944afa54af3ccd86ae97ca6b6d753f266508761f5ede7bd8391c3c8a9a56a97

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vJS7841hL.exe
    Filesize

    405KB

    MD5

    0751fd0f4e1fdd0433883d15a0fdd34c

    SHA1

    7e16272bd11d6e7a3e8361789cf7dd78db61e67e

    SHA256

    981f0feb0178b27416337e502dd215c76956c810b10b0e008f28ed5a0c31de0f

    SHA512

    12f6f9bd53fbe3e069d31e06be5c8ff94d002e7527beefbf51910e87af0aca32997255ff3e73bdff6e5dec36a292d5014f3dd945acda620284369a83b223500b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vJS7841hL.exe
    Filesize

    405KB

    MD5

    0751fd0f4e1fdd0433883d15a0fdd34c

    SHA1

    7e16272bd11d6e7a3e8361789cf7dd78db61e67e

    SHA256

    981f0feb0178b27416337e502dd215c76956c810b10b0e008f28ed5a0c31de0f

    SHA512

    12f6f9bd53fbe3e069d31e06be5c8ff94d002e7527beefbf51910e87af0aca32997255ff3e73bdff6e5dec36a292d5014f3dd945acda620284369a83b223500b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sw42QO29GP88.exe
    Filesize

    12KB

    MD5

    77a440a658afb140cc65c572d2624492

    SHA1

    0cab6ebd962a3811a116dc1316987eb7e10cab83

    SHA256

    434885a36ab2ce05e343c5472afeb512b16ca245b8ce760ba3a4a555bbdf9703

    SHA512

    464729d4c91d83ab02d4f5518cbd0b4a13db1b681e271ee447d52dcaab61b007c35ff3aa8db9381c73b877fb6c3049b6635f6d74ea379042f0644f8c24bc6105

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sw42QO29GP88.exe
    Filesize

    12KB

    MD5

    77a440a658afb140cc65c572d2624492

    SHA1

    0cab6ebd962a3811a116dc1316987eb7e10cab83

    SHA256

    434885a36ab2ce05e343c5472afeb512b16ca245b8ce760ba3a4a555bbdf9703

    SHA512

    464729d4c91d83ab02d4f5518cbd0b4a13db1b681e271ee447d52dcaab61b007c35ff3aa8db9381c73b877fb6c3049b6635f6d74ea379042f0644f8c24bc6105

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tPW45Te40.exe
    Filesize

    381KB

    MD5

    4662b9b6434d05f758ed7c02d2523e12

    SHA1

    e829ac10779358a8ca4d1baaca5bbb306b93355f

    SHA256

    183e845988632d8990fd81690172e5ac410b3f9ca03f1f8df71d8e79b8278b3b

    SHA512

    67b75afdcb37f56552a51242ea6121ed075c027e6e28c35dbcbf20ad22377154b90089a56055515cff02cf5329e9db67729343ae40bad3758b6f15dcd9341c93

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\tPW45Te40.exe
    Filesize

    381KB

    MD5

    4662b9b6434d05f758ed7c02d2523e12

    SHA1

    e829ac10779358a8ca4d1baaca5bbb306b93355f

    SHA256

    183e845988632d8990fd81690172e5ac410b3f9ca03f1f8df71d8e79b8278b3b

    SHA512

    67b75afdcb37f56552a51242ea6121ed075c027e6e28c35dbcbf20ad22377154b90089a56055515cff02cf5329e9db67729343ae40bad3758b6f15dcd9341c93

    Download Submit

  • memory/1316-1074-0x00000000006B0000-0x00000000006E2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1316-1075-0x00000000050F0000-0x000000000513B000-memory.dmp

    Filesize

    300KB

    Download

  • memory/1316-1076-0x0000000004F70000-0x0000000004F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4128-134-0x0000000000820000-0x000000000082A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4504-174-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-188-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-143-0x0000000007340000-0x0000000007350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4504-144-0x0000000007170000-0x00000000071B4000-memory.dmp

    Filesize

    272KB

    Download

  • memory/4504-146-0x0000000007340000-0x0000000007350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4504-145-0x0000000007340000-0x0000000007350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4504-147-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-148-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-150-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-152-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-154-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-156-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-158-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-160-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-162-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-164-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-166-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-168-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-170-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-172-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-142-0x0000000007350000-0x000000000784E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/4504-176-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-178-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-180-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-182-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-184-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-186-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-141-0x0000000002CA0000-0x0000000002CEB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/4504-190-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-194-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-196-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-192-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-198-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-200-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-202-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-204-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-206-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-208-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-210-0x0000000007170000-0x00000000071AE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-1053-0x0000000007850000-0x0000000007E56000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4504-1054-0x0000000007EB0000-0x0000000007FBA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4504-1055-0x0000000007FF0000-0x0000000008002000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4504-1056-0x0000000007340000-0x0000000007350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4504-1057-0x0000000008010000-0x000000000804E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4504-1058-0x0000000008160000-0x00000000081AB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/4504-1060-0x0000000008300000-0x0000000008392000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4504-1061-0x00000000083A0000-0x0000000008406000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4504-1062-0x0000000007340000-0x0000000007350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4504-1063-0x0000000007340000-0x0000000007350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4504-1064-0x0000000007340000-0x0000000007350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4504-140-0x0000000004B90000-0x0000000004BD6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4504-1065-0x0000000008CE0000-0x0000000008EA2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4504-1066-0x0000000008EC0000-0x00000000093EC000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/4504-1067-0x0000000009520000-0x0000000009596000-memory.dmp

    Filesize

    472KB

    Download

  • memory/4504-1068-0x00000000095B0000-0x0000000009600000-memory.dmp

    Filesize

    320KB

    Download