Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
11/10/2023, 07:02
General
-
Target
tmp.exe
-
Size
415KB
-
MD5
bf58b6afac98febc716a85be5b8e9d9e
-
SHA1
4a36385b3f8e8a84a995826d77fcd8e76eba7328
-
SHA256
16b88051fd1e27d08d1408bb51002dd25edb88292807a92ee25ba5f4c0895b8d
-
SHA512
a3f8deabbb35e4d4928ec6cf836cdef1a57aed879ce10646d3f8cd9cccf93c0c80c89d1e82dc6c9c558f61429eb6416f5ecd8235f8933f90db6bb46f7cf165ec
-
SSDEEP
12288:zKtCclgms3mGmGmGmuuDLc36h65QoZ5MEK2sq:GR2mGmGmGm06h6w2sq
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
360KB
-
Filesize
420KB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
6.9MB