Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

267035c3a2...4c.exe

windows7-x64

10

267035c3a2...4c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    292s
  • max time network
    389s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/05/2023, 21:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    267035c3a21b7aae7d7c5195c8a0e98545dc41c9afbef13ddfdcae4ea54d124c.exe

  • Size

    480KB

  • MD5

    cdd49f7c55deb6e3045d8b21f553355e

  • SHA1

    1e687544faec4c012890819ec79b40e35c77658d

  • SHA256

    267035c3a21b7aae7d7c5195c8a0e98545dc41c9afbef13ddfdcae4ea54d124c

  • SHA512

    a97d83197df9c941821f168ef1bfdfc4909d87f354e195244a716caa27e9a3942017697da43d40b97dd6f5d6f8359269e718fb23c6488c3d3693ba8fd9f587df

  • SSDEEP

    12288:IMrAy90j4U1KCAedvJJgOU1exiMWe1k7FyluF:IyHMdhxU18DS9

Score
10/10
redlineevasioninfostealerpersistencestealertrojan

Malware Config

Signatures

  • Detects Redline Stealer samples 1 IoCs

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\267035c3a21b7aae7d7c5195c8a0e98545dc41c9afbef13ddfdcae4ea54d124c.exe
    "C:\Users\Admin\AppData\Local\Temp\267035c3a21b7aae7d7c5195c8a0e98545dc41c9afbef13ddfdcae4ea54d124c.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v1177721.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v1177721.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\a0215661.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\a0215661.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:636
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\b4674213.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\b4674213.exe
        3⤵
        • Executes dropped EXE
        PID:1044

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v1177721.exe
    Filesize

    308KB

    MD5

    8408422c6e967fa329a0c0355dd6c281

    SHA1

    c0e61d3a834e7e0cbd675608f92a013685f20d83

    SHA256

    18037bae2eef59e86eda39625710646da62eef0f2e4a10d1ce57f2463711a64a

    SHA512

    de9dd0c28abf1a4b2d44a142d469cc7147959ae13a60d9eb8fb3fd3b2d7411e72eac38e9901acc89b8751c331f694727f6f8ea0c48839910662a48c52e569934

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v1177721.exe
    Filesize

    308KB

    MD5

    8408422c6e967fa329a0c0355dd6c281

    SHA1

    c0e61d3a834e7e0cbd675608f92a013685f20d83

    SHA256

    18037bae2eef59e86eda39625710646da62eef0f2e4a10d1ce57f2463711a64a

    SHA512

    de9dd0c28abf1a4b2d44a142d469cc7147959ae13a60d9eb8fb3fd3b2d7411e72eac38e9901acc89b8751c331f694727f6f8ea0c48839910662a48c52e569934

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\a0215661.exe
    Filesize

    175KB

    MD5

    31ce46ffa8a10aff466b97189df6d559

    SHA1

    5f01772794968058796dfa257d9f9c3f0390ef80

    SHA256

    dddcfdd4b4353bc854bd6488214bf7723d1305b4cd35194f8cefde49aa3bc95c

    SHA512

    c46b36751e4752e6e9a90bedf249bd575eb6c3baaa37a65609fe2a6574aecd8d7685979ae67fa25e0173ea4e7c33f8960f2575260379fc4e5beb48574bf17f0f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\a0215661.exe
    Filesize

    175KB

    MD5

    31ce46ffa8a10aff466b97189df6d559

    SHA1

    5f01772794968058796dfa257d9f9c3f0390ef80

    SHA256

    dddcfdd4b4353bc854bd6488214bf7723d1305b4cd35194f8cefde49aa3bc95c

    SHA512

    c46b36751e4752e6e9a90bedf249bd575eb6c3baaa37a65609fe2a6574aecd8d7685979ae67fa25e0173ea4e7c33f8960f2575260379fc4e5beb48574bf17f0f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\b4674213.exe
    Filesize

    136KB

    MD5

    dd2c2450ef1c54b0633b37e5be04a4e7

    SHA1

    a9c6a104a662bd9d157d9cdead22b523cfb1f860

    SHA256

    5f052fc3823d03342443580df2b894be5a3335b40038e22c077392ca059b4656

    SHA512

    ab6862b7f3fbef9af4e2dc2a71510a8ed6aa90949e345638503f78516f66643d0453b1217a045b8036971c4debd821c1243e4107e5fa0c98a7dcfc1d6deedeab

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\b4674213.exe
    Filesize

    136KB

    MD5

    dd2c2450ef1c54b0633b37e5be04a4e7

    SHA1

    a9c6a104a662bd9d157d9cdead22b523cfb1f860

    SHA256

    5f052fc3823d03342443580df2b894be5a3335b40038e22c077392ca059b4656

    SHA512

    ab6862b7f3fbef9af4e2dc2a71510a8ed6aa90949e345638503f78516f66643d0453b1217a045b8036971c4debd821c1243e4107e5fa0c98a7dcfc1d6deedeab

    Download Submit

  • memory/636-159-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-169-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-151-0x0000000004A30000-0x0000000004A40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/636-152-0x0000000004A30000-0x0000000004A40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/636-153-0x0000000004A30000-0x0000000004A40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/636-154-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-155-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-157-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-149-0x0000000004A30000-0x0000000004A40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/636-161-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-163-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-165-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-167-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-150-0x0000000004A30000-0x0000000004A40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/636-171-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-173-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-175-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-177-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-179-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-181-0x00000000020E0000-0x00000000020F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/636-148-0x0000000004A30000-0x0000000004A40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/636-147-0x0000000004A40000-0x0000000004FE4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1044-186-0x0000000000960000-0x0000000000988000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1044-187-0x0000000007BF0000-0x0000000008208000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/1044-188-0x0000000007690000-0x00000000076A2000-memory.dmp

    Filesize

    72KB

    Download