Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Analysis o...df.scr

windows7-x64

10

Analysis o...df.scr

windows10-2004-x64

7

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    26/03/2023, 06:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Analysis of cochang private key leak event on March 21, 2023.pdf.scr

  • Size

    29.3MB

  • MD5

    0995c7e65e37b776d64b283ca1f21489

  • SHA1

    c5f056d287d852a4c88029f3dd863b27e2a7ec77

  • SHA256

    adfc6d2b25d8aba59c5b358a1ec69a0d9e79d7636999f6232454397435f035a3

  • SHA512

    e05ff36f2d5db1a3bbf6583554ddcad5980ac74782e4b2082a5442f9a8b54b54022848d218d0fa96083176aef6cc2671a0c99a34a717d37073d0ed2c3d79f627

  • SSDEEP

    786432:SjMR4qHLpizyVp/1q1rINsjsq3gazg7ag:0BqHBV1q1rImjsQxPg

Score
10/10
redline1-2potokdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

1-2potok

C2

212.113.116.143:29996

Attributes
  • auth_value

    b5701ee96cdcd1581bc7b0c10049e64b

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Analysis of cochang private key leak event on March 21, 2023.pdf.scr
    "C:\Users\Admin\AppData\Local\Temp\Analysis of cochang private key leak event on March 21, 2023.pdf.scr" /S
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1740

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1740-54-0x0000000000220000-0x0000000000269000-memory.dmp

    Filesize

    292KB

    Download

  • memory/1740-55-0x0000000012560000-0x00000000125A6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1740-56-0x0000000000220000-0x0000000000269000-memory.dmp

    Filesize

    292KB

    Download

  • memory/1740-57-0x00000000125D0000-0x0000000012610000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1740-58-0x00000000125D0000-0x0000000012610000-memory.dmp

    Filesize

    256KB

    Download