Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

075de5873b...83.exe

windows7-x64

10

075de5873b...83.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/05/2023, 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    075de5873b4fbb3bd51f63e030d66a349d1c6e582961ad17809b6a7d71e69283.exe

  • Size

    702KB

  • MD5

    95a5b96020e2cc45ea7b0f376c13b055

  • SHA1

    7717072b0bdfb1dd9b0e7bb8a46f8e6b68ab124a

  • SHA256

    075de5873b4fbb3bd51f63e030d66a349d1c6e582961ad17809b6a7d71e69283

  • SHA512

    1c9d148c3d818416985501f973dbf2bf1b4dd9d0ae46abe004f802aafd6a274474774c960fac6671c3f6a24f146d1d54e802c61894dc1500e5841203c4248c51

  • SSDEEP

    12288:Uy90iWbevzP2bGG03AK2tkxRNY8jV4DbQlt1DEG2Vo9wJrfb7X8KJoVpX:Uy/0e720/2uNYj/K14GRwBDAKeVpX

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Signatures

  • Detects Redline Stealer samples 1 IoCs

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\075de5873b4fbb3bd51f63e030d66a349d1c6e582961ad17809b6a7d71e69283.exe
    "C:\Users\Admin\AppData\Local\Temp\075de5873b4fbb3bd51f63e030d66a349d1c6e582961ad17809b6a7d71e69283.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4420
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un864540.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un864540.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:3612
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\44504412.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\44504412.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3840
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk420919.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk420919.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4792

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un864540.exe
    Filesize

    547KB

    MD5

    802f7dd1379d6ecf851a251d7529be65

    SHA1

    a7d5e9d621e067fd3bf2fda9a0f414bf0df7983e

    SHA256

    41e64a17267f03cbc6761288469254cc0ab77b6d8c4e44a3ada226ece72571fa

    SHA512

    b50e43425ea0a0ee79f0119881524303737e62ef2548c41c4d2df05edd87768344b9723d3a4485527722937bc2c04d36fa038c057161fa3cc2a4a3705aefcb42

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un864540.exe
    Filesize

    547KB

    MD5

    802f7dd1379d6ecf851a251d7529be65

    SHA1

    a7d5e9d621e067fd3bf2fda9a0f414bf0df7983e

    SHA256

    41e64a17267f03cbc6761288469254cc0ab77b6d8c4e44a3ada226ece72571fa

    SHA512

    b50e43425ea0a0ee79f0119881524303737e62ef2548c41c4d2df05edd87768344b9723d3a4485527722937bc2c04d36fa038c057161fa3cc2a4a3705aefcb42

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\44504412.exe
    Filesize

    269KB

    MD5

    bb77556f43286de5e0c37a58d9191d33

    SHA1

    f8aa00207ef058963b045824fc63337563a5d2a5

    SHA256

    54500347455be1c8f60833552678d15d1c15a77dfdd1e722a338adaecb6da5ff

    SHA512

    e3e1ea029c4e7774893e9f16cd5024ea104fae7abf5b12478f7d2d89b6140e0acef76805e8746669af020b7ce57535513265a8500c0f22262bed351664d3dab1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\44504412.exe
    Filesize

    269KB

    MD5

    bb77556f43286de5e0c37a58d9191d33

    SHA1

    f8aa00207ef058963b045824fc63337563a5d2a5

    SHA256

    54500347455be1c8f60833552678d15d1c15a77dfdd1e722a338adaecb6da5ff

    SHA512

    e3e1ea029c4e7774893e9f16cd5024ea104fae7abf5b12478f7d2d89b6140e0acef76805e8746669af020b7ce57535513265a8500c0f22262bed351664d3dab1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk420919.exe
    Filesize

    353KB

    MD5

    3ee43e57361c7f11eee5a8fa338eab4f

    SHA1

    10f0ffa88bfa2cd6709311bc5a042d4bbbbfbdb1

    SHA256

    64b928f01fda0e904f5ea2e025e3d8a8652d885ef99e9c8ecd12ee30691934d4

    SHA512

    1cf5ef6c4a8018024a8fe55400c31a55c89a050c4dba93b19aa5c79cfcd6f28d95bc601d4f1c1b0f82921d9f4296ca140219ad10a8eedb9e8cce5277517cdf1c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk420919.exe
    Filesize

    353KB

    MD5

    3ee43e57361c7f11eee5a8fa338eab4f

    SHA1

    10f0ffa88bfa2cd6709311bc5a042d4bbbbfbdb1

    SHA256

    64b928f01fda0e904f5ea2e025e3d8a8652d885ef99e9c8ecd12ee30691934d4

    SHA512

    1cf5ef6c4a8018024a8fe55400c31a55c89a050c4dba93b19aa5c79cfcd6f28d95bc601d4f1c1b0f82921d9f4296ca140219ad10a8eedb9e8cce5277517cdf1c

    Download Submit

  • memory/3840-148-0x0000000002BA0000-0x0000000002BCD000-memory.dmp

    Filesize

    180KB

    Download

  • memory/3840-149-0x0000000007110000-0x0000000007120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3840-150-0x0000000007120000-0x00000000076C4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3840-151-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-152-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-154-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-156-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-158-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-160-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-162-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-164-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-166-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-172-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-174-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-170-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-178-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-176-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-168-0x00000000076D0000-0x00000000076E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3840-179-0x0000000007110000-0x0000000007120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3840-180-0x0000000007110000-0x0000000007120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3840-181-0x0000000000400000-0x0000000002B9E000-memory.dmp

    Filesize

    39.6MB

    Download

  • memory/3840-182-0x0000000007110000-0x0000000007120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3840-183-0x0000000007110000-0x0000000007120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3840-185-0x0000000000400000-0x0000000002B9E000-memory.dmp

    Filesize

    39.6MB

    Download

  • memory/4792-190-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-191-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-193-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-195-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-197-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-199-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-201-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-203-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-205-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-207-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-209-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-211-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-213-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-215-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-217-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-219-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-221-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-223-0x0000000007750000-0x0000000007785000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4792-275-0x0000000002E00000-0x0000000002E46000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4792-276-0x0000000007150000-0x0000000007160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4792-278-0x0000000007150000-0x0000000007160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4792-279-0x0000000007150000-0x0000000007160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4792-986-0x0000000009C50000-0x000000000A268000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/4792-987-0x000000000A310000-0x000000000A322000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4792-988-0x000000000A330000-0x000000000A43A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4792-989-0x0000000007150000-0x0000000007160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4792-990-0x000000000A450000-0x000000000A48C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4792-992-0x0000000007150000-0x0000000007160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4792-993-0x0000000007150000-0x0000000007160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4792-994-0x0000000007150000-0x0000000007160000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4792-995-0x0000000007150000-0x0000000007160000-memory.dmp

    Filesize

    64KB

    Download