Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    133s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    15/08/2023, 12:57

General

  • Target

    0x000500000001956e-110.exe

  • Size

    174KB

  • MD5

    ebb069a8c4ab893f77ff5556df2fc73d

  • SHA1

    a03f5a61af3a3b3669339f6e2b15fa1328b97464

  • SHA256

    40e9bcb1a4f9de51c2634e84f227076cf5e0ffa9c46759329a9e13e5e23fcf06

  • SHA512

    a5c75238b5618a96c15b0c3369d7a23a104b8ee4705bb6b23c7380bc31ae758222c4aa5ae6e4c764237e1a65ed8c4114b3c07b02c52b2a6d0c7805267859f635

  • SSDEEP

    3072:8QiX1vTI0EVXvWOti2i6t8CE0CI0XkNvlnMDJz8e8hZ:8QgTI0EVXvV8CE0KkNvlnMDF

Malware Config

Extracted

Family

redline

Botnet

regta

C2

77.91.124.54:19071

Attributes
  • auth_value

    c6f537c6f0415ea7760a9bc81f48c756

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x000500000001956e-110.exe
    "C:\Users\Admin\AppData\Local\Temp\0x000500000001956e-110.exe"
    1⤵
      PID:2592

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2592-54-0x00000000008D0000-0x0000000000900000-memory.dmp

      Filesize

      192KB

    • memory/2592-55-0x00000000749A0000-0x000000007508E000-memory.dmp

      Filesize

      6.9MB

    • memory/2592-56-0x0000000000300000-0x0000000000306000-memory.dmp

      Filesize

      24KB

    • memory/2592-57-0x00000000048B0000-0x00000000048F0000-memory.dmp

      Filesize

      256KB

    • memory/2592-58-0x00000000749A0000-0x000000007508E000-memory.dmp

      Filesize

      6.9MB

    • memory/2592-59-0x00000000048B0000-0x00000000048F0000-memory.dmp

      Filesize

      256KB