Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

bd0fe75fa6...6f.exe

windows7-x64

10

bd0fe75fa6...6f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    244s
  • max time network
    271s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2023, 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd0fe75fa6507e4ead0a8a91ab8e437b0e35584cde2f1ef35cf9af50739bbd6f.exe

  • Size

    563KB

  • MD5

    870aa86a43dbb23e56f31ff9f91bbba1

  • SHA1

    5b2e84d06466d77bc2447600996dbb4a8440d4cb

  • SHA256

    bd0fe75fa6507e4ead0a8a91ab8e437b0e35584cde2f1ef35cf9af50739bbd6f

  • SHA512

    cc6d2f062f4ee89e45ccab3058e80da34a3eca5aa9a5a47e369ed4caab570c8d1b61296a6fa971147ec64815f8cf92167d4bcd43b450841ccd656ff106ab713d

  • SSDEEP

    12288:3y90jDej8qyV36VdOIIM7Vgmb6w0xcTolCIt7QV+CImv66q:3yhIqyVKa/wumgxcslvVHX

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Signatures

  • Detects Redline Stealer samples 1 IoCs

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd0fe75fa6507e4ead0a8a91ab8e437b0e35584cde2f1ef35cf9af50739bbd6f.exe
    "C:\Users\Admin\AppData\Local\Temp\bd0fe75fa6507e4ead0a8a91ab8e437b0e35584cde2f1ef35cf9af50739bbd6f.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st932756.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st932756.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:4844
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11515346.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11515346.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2588
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp744385.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp744385.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1492

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st932756.exe
    Filesize

    408KB

    MD5

    7152e78bfa0906109303630d8a5ada60

    SHA1

    c8bebfce660473bb5668105d138b442c066f91b9

    SHA256

    5f8e27b265bea96f1f364bae8d9217a57694e5394fdb704e91b4ffcf1a017471

    SHA512

    73eba88880ac839e10ddb3baa213b9a135ecd2e06af1d94d2c54db08109cb2a32ccdea00763ccac3b97cdcba5084983fa7a694ac2c3d1e591945cf3322d1e711

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st932756.exe
    Filesize

    408KB

    MD5

    7152e78bfa0906109303630d8a5ada60

    SHA1

    c8bebfce660473bb5668105d138b442c066f91b9

    SHA256

    5f8e27b265bea96f1f364bae8d9217a57694e5394fdb704e91b4ffcf1a017471

    SHA512

    73eba88880ac839e10ddb3baa213b9a135ecd2e06af1d94d2c54db08109cb2a32ccdea00763ccac3b97cdcba5084983fa7a694ac2c3d1e591945cf3322d1e711

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11515346.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11515346.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp744385.exe
    Filesize

    360KB

    MD5

    67a0a981e72175a44d5435a6c2eaac73

    SHA1

    dcd9adfcd6cbca66f53988577dcbd141ac456043

    SHA256

    020a53857bb0f3cf77539f5ecfc8dd820ba3642e92271c1900e724c9056a5040

    SHA512

    e42bd9e68330ca0d32d91bd13bf24b37317ddedc97b0d6a291fb1a4da3079049b3afc70b4107423f494cb0801c5084604cf782e941ffb1f0338e275ed42a2cfc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp744385.exe
    Filesize

    360KB

    MD5

    67a0a981e72175a44d5435a6c2eaac73

    SHA1

    dcd9adfcd6cbca66f53988577dcbd141ac456043

    SHA256

    020a53857bb0f3cf77539f5ecfc8dd820ba3642e92271c1900e724c9056a5040

    SHA512

    e42bd9e68330ca0d32d91bd13bf24b37317ddedc97b0d6a291fb1a4da3079049b3afc70b4107423f494cb0801c5084604cf782e941ffb1f0338e275ed42a2cfc

    Download Submit

  • memory/1492-153-0x0000000002BD0000-0x0000000002C16000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1492-154-0x00000000074E0000-0x0000000007A84000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1492-155-0x0000000000400000-0x0000000002BC3000-memory.dmp

    Filesize

    39.8MB

    Download

  • memory/1492-156-0x00000000074D0000-0x00000000074E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1492-157-0x00000000074D0000-0x00000000074E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1492-158-0x00000000074D0000-0x00000000074E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1492-159-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-160-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-162-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-164-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-166-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-168-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-170-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-172-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-174-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-176-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-178-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-180-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-182-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-184-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-186-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-188-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-190-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-192-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-194-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-196-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-198-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-200-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-202-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-204-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-206-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-208-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-210-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-212-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-214-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-216-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-218-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-220-0x0000000004DC0000-0x0000000004DF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1492-952-0x0000000002BD0000-0x0000000002C16000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1492-953-0x00000000074D0000-0x00000000074E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1492-954-0x00000000074D0000-0x00000000074E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1492-955-0x0000000009E10000-0x000000000A428000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/1492-957-0x000000000A470000-0x000000000A482000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1492-958-0x000000000A490000-0x000000000A59A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1492-960-0x00000000074D0000-0x00000000074E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1492-962-0x0000000004790000-0x00000000047CC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1492-963-0x00000000074D0000-0x00000000074E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2588-147-0x0000000000830000-0x000000000083A000-memory.dmp

    Filesize

    40KB

    Download