Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0x00080000...68.exe

windows7-x64

10

0x00080000...68.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    44s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2023, 18:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x00080000000136c268.exe

  • Size

    168KB

  • MD5

    42c63ecc92fee8bea033b0e7ed785c77

  • SHA1

    1de59f1a4882252b6d8f53b02c48424d0e734d94

  • SHA256

    0569b8afb2cac7b990683bf6976e77aa66a3a32552b67739626c79ab65ea2f4a

  • SHA512

    b42c2bd266e7f3202fe8d465ef46f55339be8548bb9396863745671be1b68ad4a7cba850bb0504b112f71ed0420f146b2138a977995424ce7ddf57b1a5093073

  • SSDEEP

    1536:Eq24CeDYZ5QqlVZRGWoysHrt3la3cOo+TGqV0buhoxW7/C6gX83wYk/8e8hK:EObYH2HaXEqVMVxI/C6gXh8e8hK

Score
10/10
redlinedarisdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x00080000000136c268.exe
    "C:\Users\Admin\AppData\Local\Temp\0x00080000000136c268.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2044

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2044-54-0x00000000009B0000-0x00000000009DE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2044-55-0x00000000003B0000-0x00000000003B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2044-56-0x00000000005F0000-0x0000000000630000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2044-57-0x00000000005F0000-0x0000000000630000-memory.dmp

    Filesize

    256KB

    Download