Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    292s
  • max time network
    301s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18/09/2023, 01:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    j9790118.exe

  • Size

    393KB

  • MD5

    c0f6a8667723b11757a4791711e37e2f

  • SHA1

    fca32cb74a6190cd0c930324fc42866594953855

  • SHA256

    f1d2be083b63e9fa0fed9dbc812c3ef01f20eecb07455667cb1f55b4309ec1fe

  • SHA512

    26a98a254005f67b2b5d68ddaa68d79c962c7459afc66d359b634b5066765ff04ad1bdc3871fae3c1b6f7da6ef4afd93c0a1219b965fab303a64d8a9cf86a889

  • SSDEEP

    6144:JBQcaGEZt20ZSwbz8+Dxe8kVAO6loOY8x11sOZRtfCjuih8Ey:JaFzZtT78TUJY8xDdRtfCjuih8Ey

Score
10/10
redlinemonikinfostealer

Malware Config

Extracted

Family

redline

Botnet

monik

C2

77.91.124.82:19071

Attributes
  • auth_value

    da7d9ea0878f5901f1f8319d34bdccea

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\j9790118.exe
    "C:\Users\Admin\AppData\Local\Temp\j9790118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4716
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:3332

    Network

    • flag-us
      DNS
      13.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      13.227.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      1.208.79.178.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      1.208.79.178.in-addr.arpa
      IN PTR
      Response
      1.208.79.178.in-addr.arpa
      IN PTR
      https-178-79-208-1amsllnwnet
    • flag-us
      DNS
      7.173.189.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      7.173.189.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      1.202.248.87.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      1.202.248.87.in-addr.arpa
      IN PTR
      Response
      1.202.248.87.in-addr.arpa
      IN PTR
      https-87-248-202-1amsllnwnet
    • 77.91.124.82:19071
      AppLaunch.exe
      156 B
       3
    • 77.91.124.82:19071
      AppLaunch.exe
      156 B
       3
    • 77.91.124.82:19071
      AppLaunch.exe
      156 B
       3
    • 77.91.124.82:19071
      AppLaunch.exe
      156 B
       3
    • 77.91.124.82:19071
      AppLaunch.exe
      156 B
       3
    • 77.91.124.82:19071
      AppLaunch.exe
      156 B
       3
    • 77.91.124.82:19071
      AppLaunch.exe
      156 B
       3
    • 77.91.124.82:19071
      AppLaunch.exe
      156 B
       3
    • 77.91.124.82:19071
      AppLaunch.exe
      156 B
       3
    • 77.91.124.82:19071
      AppLaunch.exe
      156 B
       3
    • 77.91.124.82:19071
      AppLaunch.exe
      156 B
       3
    • 77.91.124.82:19071
      AppLaunch.exe
      104 B
       2
    • 8.8.8.8:53
      13.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      13.227.111.52.in-addr.arpa

    • 8.8.8.8:53
      1.208.79.178.in-addr.arpa
      dns
      71 B
       116 B
       1
      1

      DNS Request

      1.208.79.178.in-addr.arpa

    • 8.8.8.8:53
      7.173.189.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      7.173.189.20.in-addr.arpa

    • 8.8.8.8:53
      1.202.248.87.in-addr.arpa
      dns
      71 B
       116 B
       1
      1

      DNS Request

      1.202.248.87.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3332-0-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/3332-4-0x0000000073860000-0x0000000073F4E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/3332-5-0x0000000007140000-0x0000000007146000-memory.dmp

      Filesize

      24KB

      Download

    • memory/3332-6-0x000000000F1B0000-0x000000000F7B6000-memory.dmp

      Filesize

      6.0MB

      Download

    • memory/3332-7-0x000000000ECC0000-0x000000000EDCA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3332-9-0x0000000009710000-0x0000000009720000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3332-8-0x000000000EBF0000-0x000000000EC02000-memory.dmp

      Filesize

      72KB

      Download

    • memory/3332-10-0x000000000EC50000-0x000000000EC8E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/3332-11-0x000000000EDD0000-0x000000000EE1B000-memory.dmp

      Filesize

      300KB

      Download

    • memory/3332-16-0x0000000073860000-0x0000000073F4E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/3332-17-0x0000000009710000-0x0000000009720000-memory.dmp

      Filesize

      64KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.