Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2686496458...27.exe

windows7-x64

7

2686496458...27.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/05/2023, 21:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26864964585c14526e69c59305b466d5b7ebd9470d5a8e33470ef8b37d1b7727.exe

  • Size

    479KB

  • MD5

    0f4968d2050bbc9331fa951525a60178

  • SHA1

    8f4cc098762d7a1695474b794990642bdb097152

  • SHA256

    26864964585c14526e69c59305b466d5b7ebd9470d5a8e33470ef8b37d1b7727

  • SHA512

    1fed6cfe88f8275d21e7703a5f59f5081a718b5b2055f4235b6dad2f101a4f78dc626307d12b087d185451a9fdde3f3ccdb43e03bb773e459f70fe2b265075fc

  • SSDEEP

    12288:GMrCy90MWLI7BWf2Hbgq3t1VpjTlmS++8OatQ6g:4yYctWObXVpjpT8/Q6g

Score
10/10
redlineinfostealerpersistencestealer

Malware Config

Signatures

  • Detects Redline Stealer samples 1 IoCs

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26864964585c14526e69c59305b466d5b7ebd9470d5a8e33470ef8b37d1b7727.exe
    "C:\Users\Admin\AppData\Local\Temp\26864964585c14526e69c59305b466d5b7ebd9470d5a8e33470ef8b37d1b7727.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1444
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x3296379.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x3296379.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:928
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\g4306620.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\g4306620.exe
        3⤵
        • Executes dropped EXE
        PID:1500

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x3296379.exe
    Filesize

    307KB

    MD5

    c290747cfc29254b6b3492fe93dcf475

    SHA1

    d051d328e6dbd8b62e7b4c787dcc1938625384ab

    SHA256

    9756f72a435ba9761a1e30e751437e48010cd78a59ae236130225da80dbf459b

    SHA512

    51a0bfe04032c4546b1e7fe7e30347b781d61bb8f3091eef2cb3ac093fcb3d3462aa9f717de126471f900b003ca82f63f8480e31ab61a5310ee751dfffc85381

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x3296379.exe
    Filesize

    307KB

    MD5

    c290747cfc29254b6b3492fe93dcf475

    SHA1

    d051d328e6dbd8b62e7b4c787dcc1938625384ab

    SHA256

    9756f72a435ba9761a1e30e751437e48010cd78a59ae236130225da80dbf459b

    SHA512

    51a0bfe04032c4546b1e7fe7e30347b781d61bb8f3091eef2cb3ac093fcb3d3462aa9f717de126471f900b003ca82f63f8480e31ab61a5310ee751dfffc85381

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\g4306620.exe
    Filesize

    136KB

    MD5

    69a10e80a9a548be02ffdb15be0719aa

    SHA1

    8787c7582038886f9cb2f8b488fffe976e94f4b1

    SHA256

    48c5322b8e73d8f692ce2a8f47e19b51572eda7530f52b58c1fc6fdb9b99f1e4

    SHA512

    a8e902c1ec64bed23b004e46709b1d141ea47fbce9ef61cc592747ca7aee87a1a5d1c1e0ce9d1a2b0125861f5085a7d8fcedd147aaefb1efbb2d72b724eaa959

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\g4306620.exe
    Filesize

    136KB

    MD5

    69a10e80a9a548be02ffdb15be0719aa

    SHA1

    8787c7582038886f9cb2f8b488fffe976e94f4b1

    SHA256

    48c5322b8e73d8f692ce2a8f47e19b51572eda7530f52b58c1fc6fdb9b99f1e4

    SHA512

    a8e902c1ec64bed23b004e46709b1d141ea47fbce9ef61cc592747ca7aee87a1a5d1c1e0ce9d1a2b0125861f5085a7d8fcedd147aaefb1efbb2d72b724eaa959

    Download Submit

  • memory/1500-147-0x0000000000F30000-0x0000000000F58000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1500-148-0x00000000081D0000-0x00000000087E8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/1500-149-0x0000000007C40000-0x0000000007C52000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1500-150-0x0000000007D70000-0x0000000007E7A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1500-151-0x0000000007CA0000-0x0000000007CDC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1500-152-0x0000000007FC0000-0x0000000007FD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1500-153-0x0000000007FC0000-0x0000000007FD0000-memory.dmp

    Filesize

    64KB

    Download