Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

6b714efecf...f0.exe

windows7-x64

10

6b714efecf...f0.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16/07/2023, 01:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b714efecfe9f33ea5f6d1e9b3ef6f7a6b360e68d0fc4ab27026aa0a9a81ccf0.exe

  • Size

    244KB

  • MD5

    09b180790531cc1de02f371a4fa34a9f

  • SHA1

    46f33ceeb15c8a4ce2a3adf2fb657684b3207d73

  • SHA256

    6b714efecfe9f33ea5f6d1e9b3ef6f7a6b360e68d0fc4ab27026aa0a9a81ccf0

  • SHA512

    2767134fbec312cb21186007097c1fd61b1743f0c449dccf2c2f63057a84ea0eba27455d1124bc5c3fa26005eb9fe826146db7f5f055a19c320927b3762cf97e

  • SSDEEP

    6144:gLoIarwGgdpDqDRrljm0xDkBZuW1hyh0AHVOe7YJ:gjG6waeH0A1OeU

Score
10/10
redlinelogsdiller cloud (bot: @logsdillabot)infostealer

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Bot: @logsdillabot)

C2

147.135.165.22:17748

Attributes
  • auth_value

    ed000008c0b59caf793b48c8ea9a7233

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b714efecfe9f33ea5f6d1e9b3ef6f7a6b360e68d0fc4ab27026aa0a9a81ccf0.exe
    "C:\Users\Admin\AppData\Local\Temp\6b714efecfe9f33ea5f6d1e9b3ef6f7a6b360e68d0fc4ab27026aa0a9a81ccf0.exe"
    1⤵
      PID:1196

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1196-55-0x00000000005F0000-0x00000000006F0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1196-57-0x0000000000220000-0x000000000025F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/1196-56-0x0000000000400000-0x00000000004F7000-memory.dmp

      Filesize

      988KB

      Download

    • memory/1196-58-0x0000000074860000-0x0000000074F4E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1196-60-0x0000000004A30000-0x0000000004A70000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1196-59-0x0000000002290000-0x00000000022C8000-memory.dmp

      Filesize

      224KB

      Download

    • memory/1196-61-0x0000000004A30000-0x0000000004A70000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1196-62-0x0000000001FB0000-0x0000000001FE4000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1196-63-0x0000000000830000-0x0000000000836000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1196-64-0x0000000004A30000-0x0000000004A70000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1196-66-0x00000000005F0000-0x00000000006F0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1196-67-0x0000000074860000-0x0000000074F4E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1196-68-0x0000000004A30000-0x0000000004A70000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1196-69-0x0000000004A30000-0x0000000004A70000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1196-70-0x0000000004A30000-0x0000000004A70000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1196-71-0x0000000004A30000-0x0000000004A70000-memory.dmp

      Filesize

      256KB

      Download