Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
28s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
05/07/2023, 04:17
Static task
static1
Behavioral task
behavioral1
Sample
f7385064.exe
Resource
win7-20230703-en
General
-
Target
f7385064.exe
-
Size
274KB
-
MD5
89ce7dbfb4a78976328fcb7ae269a00f
-
SHA1
1d725b1fce5fa3a4b486f06f7b63e8248113e413
-
SHA256
bcab0822bb41d4f67439653f355a0b03d1ae1540d7ed327890b6168b1e7b6d86
-
SHA512
2879cbc34375629f78fba204e4dc0a5d7011e43604f65c6ec82a8111fc2c08c39889868d55dd644d6f37d768655352830adbc5a9fe693959ea7b9cf76dca0730
-
SSDEEP
6144:BUA8O66u6gTygJosVQw2G5HpFRHnbSnOx6LrN/R4QF:+A8O06g2sVQXG5H9nbSnOx6LrNJ4E
Malware Config
Extracted
redline
nowa
77.91.124.49:19073
-
auth_value
6bc6b0617aa32bcd971aef4a2cf49647
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2352 f7385064.exe 2352 f7385064.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2352 f7385064.exe