Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0x00020000...94.exe

windows7-x64

10

0x00020000...94.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/05/2023, 10:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x000200000001aefc-194.exe

  • Size

    168KB

  • MD5

    64926c6104571db35d1b68c3a19b8a15

  • SHA1

    2857daee544a9df86c5890d68819cf9482def045

  • SHA256

    eae12bbc9ced2272c20e9ebd8cd2401f13c8ee38e5854dbeff3efffcf538a19b

  • SHA512

    0ad290429a01325f61fb793a94d6cc8b3c00da181b8bba1daaa7e89243286ddb006fd19ac3a6cf6fa841ef6b37bc2b91bfcbc5e2cd2d7a9b358e750cfbeb35f4

  • SSDEEP

    3072:ny05zK3/zb9txdeqVOyAWdTKVee8e8hv:ny05zM/f9YUdTKVee

Score
10/10
redlinemaskdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

mask

C2

217.196.96.56:4138

Attributes
  • auth_value

    31aef25be0febb8e491794ef7f502c50

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x000200000001aefc-194.exe
    "C:\Users\Admin\AppData\Local\Temp\0x000200000001aefc-194.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4368

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4368-133-0x0000000000D80000-0x0000000000DB0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4368-134-0x000000000B170000-0x000000000B788000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/4368-135-0x000000000ACD0000-0x000000000ADDA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4368-136-0x000000000AC00000-0x000000000AC12000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4368-137-0x000000000AC60000-0x000000000AC9C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4368-138-0x00000000056C0000-0x00000000056D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4368-139-0x000000000AF70000-0x000000000AFE6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/4368-140-0x000000000B830000-0x000000000B8C2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4368-141-0x000000000BE80000-0x000000000C424000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4368-142-0x000000000B790000-0x000000000B7F6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4368-143-0x000000000C600000-0x000000000C7C2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4368-144-0x000000000CD00000-0x000000000D22C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/4368-145-0x00000000056C0000-0x00000000056D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4368-146-0x000000000C480000-0x000000000C4D0000-memory.dmp

    Filesize

    320KB

    Download