Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    28s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    15/04/2023, 11:29

General

  • Target

    0x0009000000012735-2289.exe

  • Size

    168KB

  • MD5

    9769c25c4a15b0c8af084316d51ab586

  • SHA1

    d9df15e4232d136ece8bc89354036adfdc3ec069

  • SHA256

    06b517e81040b5c3fc27adb0c5cfbc05b6082a88d3e6087bb2f3f8e941e22913

  • SHA512

    cffddfb5283ccae2615dd131eee23a137d9a79270295caa865d6f1cf8fa6650ed74106d41566b2d29f7dad39450e3a1feb46b9c568c4a71ba3329606fdea65a8

  • SSDEEP

    1536:cx56Ng2WBqlVZRGW8AAr3D09Vbo/ofhRmdicyTGqV8bumsbOwFcEND83wYkr8e8C:cXTLL0C/qV0aXFcENDd8e8h0

Malware Config

Extracted

Family

redline

Botnet

losk

C2

185.161.248.150:4128

Attributes
  • auth_value

    c0a6c391e53d2d9cd27bb17d1d38ada3

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x0009000000012735-2289.exe
    "C:\Users\Admin\AppData\Local\Temp\0x0009000000012735-2289.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1148

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1148-54-0x0000000000320000-0x0000000000350000-memory.dmp

    Filesize

    192KB

  • memory/1148-55-0x00000000002F0000-0x00000000002F6000-memory.dmp

    Filesize

    24KB

  • memory/1148-56-0x0000000004AF0000-0x0000000004B30000-memory.dmp

    Filesize

    256KB