Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
29s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
07/06/2023, 22:00
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
General
-
Target
file.exe
-
Size
332KB
-
MD5
aa727e598ba7c5a947124cd5fd93ed6d
-
SHA1
0de18ccace13691011506ddaad4ab72a2731bce3
-
SHA256
62a2221333631de6cf65db3fa3e2650947b23f24ea172a3ea998d77baa0cb270
-
SHA512
80221cec662cc89d12993edf8b289b89a4acfa481712d3f036a2d4f9b2c4f1ebb16c0a0a02f6b12d9a7ea0a9e6e5720ff3d797835f4fd3426eac9c97238975ad
-
SSDEEP
6144:JvYd3tEPMde9vknpuXdSovd4OUHtDtUP:Jv8ckUXdpdCNDW
Malware Config
Extracted
redline
@Germany
185.81.68.115:2920
-
auth_value
9d15d78194367a949e54a07d6ce02c62
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
resource yara_rule behavioral1/memory/884-56-0x0000000003E00000-0x0000000003E2C000-memory.dmp family_redline behavioral1/memory/884-57-0x0000000004050000-0x0000000004078000-memory.dmp family_redline -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 884 file.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 884 file.exe