Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    54s
  • max time network
    62s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08/03/2023, 16:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38cf4cac75d0d4eca226f13d22bf789b9b2e7a27fb29b6cfaa5165d8df3e5eb6.exe

  • Size

    292KB

  • MD5

    dccd9333bf7b7903080a394d9bdd3037

  • SHA1

    61fba33bc183af71aeda8133ab01319b0ee4fd55

  • SHA256

    38cf4cac75d0d4eca226f13d22bf789b9b2e7a27fb29b6cfaa5165d8df3e5eb6

  • SHA512

    0f6c7e1b5a5c5d9f854480f5c84c27f01f5657f86b9fbf1e3be201bf850f0cdef4a32cedbbec22fc00cce8286b2134681153f76b72694f6237118efe4ef89044

  • SSDEEP

    3072:ROpiMBoHDCLmA98lLLzLR5Db6psVCf69JPO+dRiZacJHMnnClL05Mh2G0ioZqqA:7WojCLxWLDV269oPZrJHt3jwqAy7C

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38cf4cac75d0d4eca226f13d22bf789b9b2e7a27fb29b6cfaa5165d8df3e5eb6.exe
    "C:\Users\Admin\AppData\Local\Temp\38cf4cac75d0d4eca226f13d22bf789b9b2e7a27fb29b6cfaa5165d8df3e5eb6.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4112

Network

  • flag-us
    DNS
    fronxtracking.com
    38cf4cac75d0d4eca226f13d22bf789b9b2e7a27fb29b6cfaa5165d8df3e5eb6.exe
    Remote address:
    8.8.8.8:53
    Request
    fronxtracking.com
    IN A
    Response
    fronxtracking.com
    IN A
    91.223.169.65
  • flag-us
    DNS
    65.169.223.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    65.169.223.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    api.ip.sb
    38cf4cac75d0d4eca226f13d22bf789b9b2e7a27fb29b6cfaa5165d8df3e5eb6.exe
    Remote address:
    8.8.8.8:53
    Request
    api.ip.sb
    IN A
    Response
    api.ip.sb
    IN CNAME
    api.ip.sb.cdn.cloudflare.net
    api.ip.sb.cdn.cloudflare.net
    IN A
    104.26.13.31
    api.ip.sb.cdn.cloudflare.net
    IN A
    172.67.75.172
    api.ip.sb.cdn.cloudflare.net
    IN A
    104.26.12.31
  • flag-us
    GET
    https://api.ip.sb/ip
    38cf4cac75d0d4eca226f13d22bf789b9b2e7a27fb29b6cfaa5165d8df3e5eb6.exe
    Remote address:
    104.26.13.31:443
    Request
    GET /ip HTTP/1.1
    Host: api.ip.sb
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Wed, 08 Mar 2023 16:40:35 GMT
    Content-Type: text/plain
    Transfer-Encoding: chunked
    Connection: keep-alive
    vary: Accept-Encoding
    Cache-Control: no-cache
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gCzYPeCEJMc2eqv59WFgW8PeoEWF4RlTZ9W%2Fx7wPUQ1Ls1gi%2BJm5CKrs8iBN1TzL7hOmSqDxM%2FzH76yMxOGXOyWhQEckrZ34gATpCjymseXkTIi%2FLp7XUZEU%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    Server: cloudflare
    CF-RAY: 7a4c8555bff71c88-AMS
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • flag-us
    DNS
    31.13.26.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.13.26.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    2.77.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.77.109.52.in-addr.arpa
    IN PTR
    Response
  • 91.223.169.65:80
    fronxtracking.com
    http
    38cf4cac75d0d4eca226f13d22bf789b9b2e7a27fb29b6cfaa5165d8df3e5eb6.exe
    1.2MB
     33.3kB
     895
    634
  • 104.26.13.31:443
    https://api.ip.sb/ip
    tls, http
    38cf4cac75d0d4eca226f13d22bf789b9b2e7a27fb29b6cfaa5165d8df3e5eb6.exe
    750 B
     3.9kB
     9
    7

    HTTP Request

    GET https://api.ip.sb/ip

    HTTP Response

    200
  • 104.208.16.89:443
    322 B
     7
  • 8.8.8.8:53
    fronxtracking.com
    dns
    38cf4cac75d0d4eca226f13d22bf789b9b2e7a27fb29b6cfaa5165d8df3e5eb6.exe
    63 B
     79 B
     1
    1

    DNS Request

    fronxtracking.com

    DNS Response

    91.223.169.65

  • 8.8.8.8:53
    65.169.223.91.in-addr.arpa
    dns
    72 B
     145 B
     1
    1

    DNS Request

    65.169.223.91.in-addr.arpa

  • 8.8.8.8:53
    api.ip.sb
    dns
    38cf4cac75d0d4eca226f13d22bf789b9b2e7a27fb29b6cfaa5165d8df3e5eb6.exe
    55 B
     145 B
     1
    1

    DNS Request

    api.ip.sb

    DNS Response

    104.26.13.31
    172.67.75.172
    104.26.12.31

  • 8.8.8.8:53
    31.13.26.104.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    31.13.26.104.in-addr.arpa

  • 8.8.8.8:53
    2.77.109.52.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    2.77.109.52.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4112-120-0x00000000025F0000-0x000000000264A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/4112-121-0x0000000000730000-0x0000000000792000-memory.dmp

    Filesize

    392KB

    Download

  • memory/4112-122-0x0000000002300000-0x0000000002310000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4112-123-0x0000000004E50000-0x000000000534E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/4112-124-0x0000000002700000-0x0000000002758000-memory.dmp

    Filesize

    352KB

    Download

  • memory/4112-125-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-126-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-128-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-131-0x0000000002300000-0x0000000002310000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4112-130-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-133-0x0000000002300000-0x0000000002310000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4112-134-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-136-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-138-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-140-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-142-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-144-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-146-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-148-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-150-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-152-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-154-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-156-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-158-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-160-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-162-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-164-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-166-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-168-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-170-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-172-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-174-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-176-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-178-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-180-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-182-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-184-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-186-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-188-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-190-0x0000000002700000-0x0000000002752000-memory.dmp

    Filesize

    328KB

    Download

  • memory/4112-917-0x0000000005350000-0x0000000005956000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4112-918-0x0000000002910000-0x0000000002922000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4112-919-0x0000000002950000-0x0000000002A5A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4112-920-0x0000000002300000-0x0000000002310000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4112-921-0x0000000002A60000-0x0000000002A9E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/4112-922-0x0000000005960000-0x00000000059AB000-memory.dmp

    Filesize

    300KB

    Download

  • memory/4112-923-0x0000000005BE0000-0x0000000005C46000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4112-924-0x00000000069F0000-0x0000000006A82000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4112-925-0x0000000006AA0000-0x0000000006AF0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4112-926-0x0000000006B00000-0x0000000006B76000-memory.dmp

    Filesize

    472KB

    Download

  • memory/4112-927-0x0000000006BC0000-0x0000000006BDE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4112-928-0x0000000006D50000-0x0000000006F12000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4112-929-0x0000000006F30000-0x000000000745C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/4112-931-0x0000000002300000-0x0000000002310000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4112-932-0x0000000002300000-0x0000000002310000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4112-933-0x0000000002300000-0x0000000002310000-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.