Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    133s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    05/08/2023, 04:43

General

  • Target

    0x000600000001afd2-169.exe

  • Size

    173KB

  • MD5

    32b8281eb4b402ab5e164d932f8c8a2c

  • SHA1

    417aae61797a4f73d3513823d1c94aca7eb4f69c

  • SHA256

    d6c3c73bab780c6f91cf34ea6fd895826e11128da0a1f4eb6a5a4e734f3cbd9c

  • SHA512

    5ec4b41353d9991229b825e664aac21764063b1139172a1eb6d5efa1ba304494b9a0b61646f5a3bc87b2263036f57a240af8c6c3d4959c92315814565d41e3ec

  • SSDEEP

    3072:b5fB8CH2R16klxNtmud8q6msW+/8e8hrXO:bF5kbjV6msW+/

Malware Config

Extracted

Family

redline

Botnet

maxik

C2

77.91.124.156:19071

Attributes
  • auth_value

    a7714e1bc167c67e3fc8f9e368352269

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x000600000001afd2-169.exe
    "C:\Users\Admin\AppData\Local\Temp\0x000600000001afd2-169.exe"
    1⤵
      PID:2180

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2180-54-0x00000000008D0000-0x0000000000900000-memory.dmp

      Filesize

      192KB

    • memory/2180-55-0x0000000074190000-0x000000007487E000-memory.dmp

      Filesize

      6.9MB

    • memory/2180-56-0x00000000003A0000-0x00000000003A6000-memory.dmp

      Filesize

      24KB

    • memory/2180-57-0x0000000004B20000-0x0000000004B60000-memory.dmp

      Filesize

      256KB

    • memory/2180-58-0x0000000074190000-0x000000007487E000-memory.dmp

      Filesize

      6.9MB

    • memory/2180-59-0x0000000004B20000-0x0000000004B60000-memory.dmp

      Filesize

      256KB