Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

6c46ce521f...b0.exe

windows7-x64

10

6c46ce521f...b0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    204s
  • max time network
    211s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/05/2023, 22:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c46ce521f6b706e5151892084527206796d99d58fb0a2fdcad280ab56e83bb0.exe

  • Size

    376KB

  • MD5

    83c3dbfb9b006ee2f9b335fe59fcf58d

  • SHA1

    0b9c845004bb0af011834a74df48b65a8b4e2079

  • SHA256

    6c46ce521f6b706e5151892084527206796d99d58fb0a2fdcad280ab56e83bb0

  • SHA512

    ebf8744df433102655afe32d462070663c8fe969d30a1302613f53765dfa434bb2c02316550236572b3ee09b439a20c6705410cd392dd8e49d29ed10086bcd36

  • SSDEEP

    6144:Kty+bnr+6p0yN90QE6+ZQU8V11OxBnN4vs05MlML9JE38HymKymA8T:nMruy90Q+B8Vryyvs057pJeqMbT

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Signatures

  • Detects Redline Stealer samples 1 IoCs

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c46ce521f6b706e5151892084527206796d99d58fb0a2fdcad280ab56e83bb0.exe
    "C:\Users\Admin\AppData\Local\Temp\6c46ce521f6b706e5151892084527206796d99d58fb0a2fdcad280ab56e83bb0.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3756
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v2201627.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v2201627.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:836
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\a2806362.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\a2806362.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4292
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\b4247588.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\b4247588.exe
        3⤵
        • Executes dropped EXE
        PID:4544

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v2201627.exe
    Filesize

    204KB

    MD5

    71dc9b2bc5e2a50aa9ab10380bcbc6eb

    SHA1

    7ea362e07b0d096f3d476138ce14c754b800b276

    SHA256

    c991fdd2a547ada8c1204502d0eec882126f8aeb00f16025af78b6b5c342bdf5

    SHA512

    31d8e9f0197e967852b603aa2cef15319c7f1ccdfea68a33e6eb280f6f69a789851081e6c3f8610dd94e69b7d8ebc2a40ed8a06053d073b4a29de6291e46a675

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v2201627.exe
    Filesize

    204KB

    MD5

    71dc9b2bc5e2a50aa9ab10380bcbc6eb

    SHA1

    7ea362e07b0d096f3d476138ce14c754b800b276

    SHA256

    c991fdd2a547ada8c1204502d0eec882126f8aeb00f16025af78b6b5c342bdf5

    SHA512

    31d8e9f0197e967852b603aa2cef15319c7f1ccdfea68a33e6eb280f6f69a789851081e6c3f8610dd94e69b7d8ebc2a40ed8a06053d073b4a29de6291e46a675

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\a2806362.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\a2806362.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\b4247588.exe
    Filesize

    136KB

    MD5

    91bd315dcbfb2428630e83b8f6c1d6bd

    SHA1

    7a731fa70465cf9e5e7ff57114620bccc49fb51b

    SHA256

    40066584d6f969d24e9cad684529957ad73f7bdf32f4f3b1cd0486fa070eb99c

    SHA512

    3bfa8404b6427c0d3fefb357a15420bc98fea59d47b7ff59b47a97105b825bd9c7cd0849f10a5fbf1f9c3532752020bcf6563f85d726a5f44a84de27ffa2765f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\b4247588.exe
    Filesize

    136KB

    MD5

    91bd315dcbfb2428630e83b8f6c1d6bd

    SHA1

    7a731fa70465cf9e5e7ff57114620bccc49fb51b

    SHA256

    40066584d6f969d24e9cad684529957ad73f7bdf32f4f3b1cd0486fa070eb99c

    SHA512

    3bfa8404b6427c0d3fefb357a15420bc98fea59d47b7ff59b47a97105b825bd9c7cd0849f10a5fbf1f9c3532752020bcf6563f85d726a5f44a84de27ffa2765f

    Download Submit

  • memory/4292-147-0x00000000005A0000-0x00000000005AA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4544-152-0x0000000000BD0000-0x0000000000BF8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4544-153-0x0000000007FE0000-0x00000000085F8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/4544-154-0x0000000007A40000-0x0000000007A52000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4544-155-0x0000000007B70000-0x0000000007C7A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4544-156-0x0000000007AA0000-0x0000000007ADC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4544-157-0x0000000007E30000-0x0000000007E40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4544-158-0x0000000007E30000-0x0000000007E40000-memory.dmp

    Filesize

    64KB

    Download