Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    19/05/2023, 09:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    402KB

  • MD5

    2a29d4ed0f19046589dbb61b9b93709e

  • SHA1

    3af8e4ff73f9517d3a9353d2bdefab7ec3b4a742

  • SHA256

    fe531dc9fc72351d60ee3f1641595ffc76789f282e7078a4b7553cb8d031260e

  • SHA512

    d9b303db0a954e89b7364d730949866fbf0c6b15f8401b6343e3bf18e2b45d9e5a5e85904ff1a16515fb39d930a9ca53a4e4850f074457d5ae0b5c7ee6106358

  • SSDEEP

    6144:vxPAeSf0Mnngr4pwhUihv+7RCu5kAo2Yi6TuRuzReksW/8093Tue:PSTgrKgUeUD5hoLiuAuftzDue

Score
10/10
redlinelogsdiller cloud (telegram: @logsdillabot)infostealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

178.33.182.70:18918

Attributes
  • auth_value

    c2955ed3813a798683a185a82e949f88

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
      PID:1900

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1900-55-0x0000000002540000-0x0000000002576000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1900-56-0x0000000002570000-0x00000000025A4000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1900-57-0x00000000025B0000-0x00000000025B6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1900-59-0x0000000002500000-0x0000000002540000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1900-58-0x0000000002050000-0x000000000208F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1900-60-0x0000000000400000-0x0000000000929000-memory.dmp

      Filesize

      5.2MB

      Download