Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

4d81fe33c5...JC.exe

windows7-x64

10

4d81fe33c5...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2023, 18:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d81fe33c5ab8acd5b7af51e1f3b853d6f071cc1bd7571b822dc9f4a47e4b67a_JC.exe

  • Size

    323KB

  • MD5

    0bccbc86eb22db09557407f84a1b56d7

  • SHA1

    dd1a6c49e7efb9d21556678094e87bcf62f8418a

  • SHA256

    4d81fe33c5ab8acd5b7af51e1f3b853d6f071cc1bd7571b822dc9f4a47e4b67a

  • SHA512

    b677e91cc8bdd36476c98034b8dbd3729527fc9675493faf3ff584bd1cbae52a8778887f38c8b3a0a743a3e16c9760d136b01b36bf34157c03e91a41b919baec

  • SSDEEP

    6144:ZTAAW52q+r5u/At4F6WpWJYI5Y5kAblPYbehGN1au:ZRqxk4Fw5ukAblPYbehU

Score
10/10
redlineinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d81fe33c5ab8acd5b7af51e1f3b853d6f071cc1bd7571b822dc9f4a47e4b67a_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\4d81fe33c5ab8acd5b7af51e1f3b853d6f071cc1bd7571b822dc9f4a47e4b67a_JC.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2128

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2128-133-0x0000000000090000-0x00000000000E6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2128-134-0x0000000074AF0000-0x00000000752A0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2128-135-0x00000000074D0000-0x0000000007A74000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2128-136-0x0000000006FC0000-0x0000000007052000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2128-137-0x0000000007180000-0x0000000007190000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2128-138-0x0000000007060000-0x000000000706A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2128-139-0x00000000080A0000-0x00000000086B8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2128-140-0x0000000007130000-0x0000000007142000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2128-141-0x0000000007390000-0x000000000749A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2128-142-0x00000000072C0000-0x00000000072FC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2128-143-0x0000000007B60000-0x0000000007BC6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2128-144-0x00000000098F0000-0x0000000009940000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2128-145-0x00000000099C0000-0x0000000009A36000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2128-146-0x0000000009C10000-0x0000000009DD2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2128-147-0x000000000A310000-0x000000000A83C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2128-148-0x0000000009B10000-0x0000000009B2E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2128-150-0x0000000074AF0000-0x00000000752A0000-memory.dmp

    Filesize

    7.7MB

    Download