Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0x00080000...78.exe

windows7-x64

10

0x00080000...78.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    29s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2023, 07:11 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x00080000000134bf-78.exe

  • Size

    145KB

  • MD5

    800fec350842bc021b8658af2a98e656

  • SHA1

    9d7dd7f16ab1f5f91c9929f0749eb1cbc392de72

  • SHA256

    f04efb492c842d368e41beeacf10eae598fab7bf53b065892db29a9c101f197d

  • SHA512

    4af2ae7328b5ce5a95b10d0f6a7a36b7debca8b8e56a3169becc413583a765a1b2fc442c370f3cff3ccbcfde962620dcab1ea4f55f977d19246f206b8a68e2e4

  • SSDEEP

    3072:cV+m5c/QmRSNwIO1mn30DwaFehPZl8e8hu:cj20kDTehPP

Score
10/10
redlinedizadiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.122:19062

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x00080000000134bf-78.exe
    "C:\Users\Admin\AppData\Local\Temp\0x00080000000134bf-78.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1216

Network

    No results found
  • 83.97.73.122:19062
    0x00080000000134bf-78.exe
    8.5kB
     8.3kB
     29
    27
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1216-54-0x0000000000CF0000-0x0000000000D1A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1216-55-0x00000000041A0000-0x00000000041E0000-memory.dmp

    Filesize

    256KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.