Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e79c13a289...8c.exe

windows7-x64

10

e79c13a289...8c.exe

windows10-2004-x64

7

Resubmissions

14/07/2023, 23:09

230714-25e8kagd25 7

14/07/2023, 23:06

230714-23dlysgc93 10

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2023, 23:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e79c13a28916ebea69f02e12964f9a8c.exe

  • Size

    243KB

  • MD5

    e79c13a28916ebea69f02e12964f9a8c

  • SHA1

    b0a0b11f5c02aacf78cf85efcfc1b2848eec22ea

  • SHA256

    5811521cf05b04befec57554827f8426ea8743bcca3c7838872d1f58e4149cbb

  • SHA512

    791e585ff93f5f4b67897dca917c810a8ff793644be9e6a821e70f69c85ad2aeacc8f4b08e63b04cdf81eaf500ce7dd40795e540208a69ed2e7e96324f92f90c

  • SSDEEP

    3072:XbGjTL3+5Pe2qFaguU9VoB90V7hEqzKwRxztCFtzr8OLbwANmz8Py5wiQ:sL3ce2qdDVy27wwR/CDrbb1mz8P3Z

Score
10/10
redlinelogsdiller cloud (telegram: @logsdillabot)discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

147.135.165.22:17748

Attributes
  • auth_value

    c2955ed3813a798683a185a82e949f88

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\e79c13a28916ebea69f02e12964f9a8c.exe
    "C:\Users\Admin\AppData\Local\Temp\e79c13a28916ebea69f02e12964f9a8c.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2256

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2256-55-0x0000000000230000-0x0000000000330000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2256-56-0x00000000003A0000-0x00000000003DF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2256-57-0x0000000000400000-0x00000000004F7000-memory.dmp

    Filesize

    988KB

    Download

  • memory/2256-59-0x0000000074690000-0x0000000074D7E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2256-58-0x00000000020A0000-0x00000000020D8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/2256-60-0x0000000004B20000-0x0000000004B60000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2256-61-0x0000000004B20000-0x0000000004B60000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2256-62-0x00000000020E0000-0x0000000002114000-memory.dmp

    Filesize

    208KB

    Download

  • memory/2256-63-0x0000000001E70000-0x0000000001E76000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2256-64-0x0000000000400000-0x00000000004F7000-memory.dmp

    Filesize

    988KB

    Download

  • memory/2256-65-0x0000000004B20000-0x0000000004B60000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2256-66-0x0000000000230000-0x0000000000330000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2256-67-0x00000000003A0000-0x00000000003DF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2256-68-0x0000000074690000-0x0000000074D7E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2256-69-0x0000000004B20000-0x0000000004B60000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2256-70-0x0000000004B20000-0x0000000004B60000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2256-71-0x0000000000400000-0x00000000004F7000-memory.dmp

    Filesize

    988KB

    Download

  • memory/2256-72-0x0000000000230000-0x0000000000330000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2256-73-0x0000000074690000-0x0000000074D7E000-memory.dmp

    Filesize

    6.9MB

    Download