Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

58a2d140a8...cd.exe

windows7-x64

10

58a2d140a8...cd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    199s
  • max time network
    206s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/05/2023, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe

  • Size

    690KB

  • MD5

    908240e5c1665b139a9ba380eeb205e8

  • SHA1

    4ec7851f7871c726f409a425d22f24eb6ccbdc20

  • SHA256

    58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd

  • SHA512

    272a54ffde13d4571367db760ce8fdcd52fe086a5b8ef7c1fe5c1bc2b0d6eed68693639f389defa63e2272766a94e7de98fe229e49e6ae745a7ab66466eaf7b1

  • SSDEEP

    12288:Cy90h1fU9R9ukIEmbP7qWfkfRkTD1izY3rJeUGZniNRmuqFQfaZBWBURqL:CyQJUzIX5bDqWfGRSDEoFN8HZMBURW

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Signatures

  • Detects Redline Stealer samples 1 IoCs

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe
    "C:\Users\Admin\AppData\Local\Temp\58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3480
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un913261.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un913261.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:964
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\31927504.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\31927504.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1336
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 1092
          4⤵
          • Program crash
          PID:2276
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk719507.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk719507.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1468
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1336 -ip 1336
    1⤵
      PID:2312

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un913261.exe
      Filesize

      536KB

      MD5

      3906b429d3c0933f8be8b2c56152a81e

      SHA1

      09d2617326ecd5b62015a632f922218b021ed6e5

      SHA256

      7f1c2ccda53779ced5358a1df7f238d380f316494309859e3c27217dc43d93dd

      SHA512

      51d862514885ac5c0c4ab2dd383a2c962713a9be35ddb2448fcb467321819823ed3faca8684a3d4e2d481f395b27bc4ac0e89be681c4500917cc1ec77e9d7dc8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un913261.exe
      Filesize

      536KB

      MD5

      3906b429d3c0933f8be8b2c56152a81e

      SHA1

      09d2617326ecd5b62015a632f922218b021ed6e5

      SHA256

      7f1c2ccda53779ced5358a1df7f238d380f316494309859e3c27217dc43d93dd

      SHA512

      51d862514885ac5c0c4ab2dd383a2c962713a9be35ddb2448fcb467321819823ed3faca8684a3d4e2d481f395b27bc4ac0e89be681c4500917cc1ec77e9d7dc8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\31927504.exe
      Filesize

      258KB

      MD5

      4f93893025a58e0ade79a4b5fc7f3be1

      SHA1

      9babd72b01dcf710db9f30588f9fe1b913245489

      SHA256

      30111bcde81aabb52af4da519bf95c2a0b85c1ee30d3cc8c47545d1f1144826c

      SHA512

      1668193d9e4aeb9c5bbeb8548c3af9483fa5be65c53a7183a9929582df3c2c917a52cbc8e7f81e02548a433558d0dd6415474d06ea07bc78f8072f6aa00a6fb0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\31927504.exe
      Filesize

      258KB

      MD5

      4f93893025a58e0ade79a4b5fc7f3be1

      SHA1

      9babd72b01dcf710db9f30588f9fe1b913245489

      SHA256

      30111bcde81aabb52af4da519bf95c2a0b85c1ee30d3cc8c47545d1f1144826c

      SHA512

      1668193d9e4aeb9c5bbeb8548c3af9483fa5be65c53a7183a9929582df3c2c917a52cbc8e7f81e02548a433558d0dd6415474d06ea07bc78f8072f6aa00a6fb0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk719507.exe
      Filesize

      341KB

      MD5

      229c1a35505e694da5bd343f98da5d2b

      SHA1

      6fa3e782c752063fc4dfe524a787a9e8cb5fd408

      SHA256

      64e540a43f308368cd1ab12ab91928bcf2afdd8928dec2d32263d3385df2a4ec

      SHA512

      dda7521d3d82ea5e634c822820b3a6ea58046bc6e7dba803243591c6e7c05b6daecee0addf5548041512affee5480dc0f13e02de1aee2e1e77bd54c7a5a9c612

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk719507.exe
      Filesize

      341KB

      MD5

      229c1a35505e694da5bd343f98da5d2b

      SHA1

      6fa3e782c752063fc4dfe524a787a9e8cb5fd408

      SHA256

      64e540a43f308368cd1ab12ab91928bcf2afdd8928dec2d32263d3385df2a4ec

      SHA512

      dda7521d3d82ea5e634c822820b3a6ea58046bc6e7dba803243591c6e7c05b6daecee0addf5548041512affee5480dc0f13e02de1aee2e1e77bd54c7a5a9c612

      Download Submit

    • memory/1336-184-0x0000000002450000-0x0000000002460000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1336-151-0x0000000002450000-0x0000000002460000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1336-153-0x0000000002450000-0x0000000002460000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1336-154-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-155-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-157-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-159-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-161-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-163-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-165-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-167-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-169-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-171-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-173-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-175-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-177-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-179-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-181-0x0000000002460000-0x0000000002473000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1336-182-0x0000000000400000-0x0000000000455000-memory.dmp

      Filesize

      340KB

      Download

    • memory/1336-183-0x0000000002450000-0x0000000002460000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1336-185-0x0000000002450000-0x0000000002460000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1336-152-0x0000000002450000-0x0000000002460000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1336-190-0x0000000000400000-0x0000000000455000-memory.dmp

      Filesize

      340KB

      Download

    • memory/1336-150-0x0000000004AE0000-0x0000000005084000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/1336-149-0x00000000007E0000-0x000000000080D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/1468-228-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-1000-0x0000000007F40000-0x0000000007F52000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1468-999-0x00000000078A0000-0x0000000007EB8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/1468-198-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-222-0x0000000002220000-0x0000000002230000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1468-206-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-208-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-210-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-212-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-214-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-216-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-218-0x0000000000600000-0x0000000000646000-memory.dmp

      Filesize

      280KB

      Download

    • memory/1468-202-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-219-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-204-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-220-0x0000000002220000-0x0000000002230000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1468-225-0x0000000002220000-0x0000000002230000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1468-226-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-223-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-995-0x0000000002220000-0x0000000002230000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1468-996-0x0000000002220000-0x0000000002230000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1468-997-0x0000000002220000-0x0000000002230000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1468-200-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-197-0x0000000002440000-0x0000000002475000-memory.dmp

      Filesize

      212KB

      Download

    • memory/1468-1001-0x0000000007F60000-0x000000000806A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1468-1002-0x0000000002220000-0x0000000002230000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1468-1003-0x0000000008080000-0x00000000080BC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1468-1005-0x0000000002220000-0x0000000002230000-memory.dmp

      Filesize

      64KB

      Download