Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ec7a686159...55.exe

windows7-x64

10

ec7a686159...55.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    189s
  • max time network
    213s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/05/2023, 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec7a686159e289f0f98ee03e0b7f49848db08c10b2d4e73cf49f167edd05bb55.exe

  • Size

    611KB

  • MD5

    39665c91d56245f43c44b64788d3c57f

  • SHA1

    40ee81a54cb9e8ae01d74b53057709034c74ffb4

  • SHA256

    ec7a686159e289f0f98ee03e0b7f49848db08c10b2d4e73cf49f167edd05bb55

  • SHA512

    02f518caac544593b28d92e06148e034c6ffe8a4f4e51fe8777959b230b5286197837264c3de7a1f32c30d2ae36ff58a55de40c489184b948f2aa19249348c61

  • SSDEEP

    12288:5y90iSJLlM0i7GusQwOmDFwq2s059ZCRzlG:5yZStlDiKypmDCC059oZ0

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Signatures

  • Detects Redline Stealer samples 1 IoCs

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec7a686159e289f0f98ee03e0b7f49848db08c10b2d4e73cf49f167edd05bb55.exe
    "C:\Users\Admin\AppData\Local\Temp\ec7a686159e289f0f98ee03e0b7f49848db08c10b2d4e73cf49f167edd05bb55.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3296
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st365479.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st365479.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:3688
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\91141793.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\91141793.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4868
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp522292.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp522292.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4996

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st365479.exe
    Filesize

    458KB

    MD5

    bc717f08fbc555bf42c877d7d81c7122

    SHA1

    9fa765f7dc13f2e5921ff6b9b97ab98244f4f2b4

    SHA256

    3031d10bc3ef17b0c591b40861bc79752ed9c58727fe6a7a5602694cf9081fed

    SHA512

    176cbd582a2943070a4832a7918097bdede24633594812c2d409c8e221583d57658d052698f7072aa85e477240c6451c6517eb36974628dca2af3179bd166e6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st365479.exe
    Filesize

    458KB

    MD5

    bc717f08fbc555bf42c877d7d81c7122

    SHA1

    9fa765f7dc13f2e5921ff6b9b97ab98244f4f2b4

    SHA256

    3031d10bc3ef17b0c591b40861bc79752ed9c58727fe6a7a5602694cf9081fed

    SHA512

    176cbd582a2943070a4832a7918097bdede24633594812c2d409c8e221583d57658d052698f7072aa85e477240c6451c6517eb36974628dca2af3179bd166e6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\91141793.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\91141793.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp522292.exe
    Filesize

    459KB

    MD5

    ea76b7034912043effaab1a8c78dbaaf

    SHA1

    eea3818fdf6d5d21899e8f5f652a2195017888c0

    SHA256

    9ed2b2c022c41376ace4c0b975695028271ab772b34bda1cfca7f972a1df8673

    SHA512

    7869c9f54105ecc19ab4783e9cee56b66357cd0a78ecb16627bb0e9db684ffa7b6096711ee89a30a47601148de726e03a8331e083845d7f174fab134793bd555

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp522292.exe
    Filesize

    459KB

    MD5

    ea76b7034912043effaab1a8c78dbaaf

    SHA1

    eea3818fdf6d5d21899e8f5f652a2195017888c0

    SHA256

    9ed2b2c022c41376ace4c0b975695028271ab772b34bda1cfca7f972a1df8673

    SHA512

    7869c9f54105ecc19ab4783e9cee56b66357cd0a78ecb16627bb0e9db684ffa7b6096711ee89a30a47601148de726e03a8331e083845d7f174fab134793bd555

    Download Submit

  • memory/4868-147-0x0000000000070000-0x000000000007A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4996-155-0x0000000004F70000-0x0000000005514000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4996-154-0x0000000004F60000-0x0000000004F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4996-156-0x0000000004F60000-0x0000000004F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4996-153-0x00000000008F0000-0x0000000000936000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4996-157-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-158-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-160-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-162-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-164-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-166-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-168-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-170-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-172-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-174-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-176-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-178-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-180-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-182-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-184-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-186-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-188-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-196-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-194-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-192-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-198-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-190-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-200-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-202-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-204-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-206-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-208-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-210-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-212-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-214-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-216-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-218-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-220-0x0000000002900000-0x0000000002935000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4996-950-0x00000000079A0000-0x0000000007FB8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/4996-951-0x0000000004F10000-0x0000000004F22000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4996-952-0x0000000007FC0000-0x00000000080CA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4996-953-0x0000000004F60000-0x0000000004F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4996-954-0x0000000004F60000-0x0000000004F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4996-955-0x00000000080D0000-0x000000000810C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4996-956-0x0000000004F60000-0x0000000004F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4996-958-0x0000000004F60000-0x0000000004F70000-memory.dmp

    Filesize

    64KB

    Download