Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
113s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
11/10/2023, 09:14
Errors
General
-
Target
RedEye-Ransomware-master/NewRedEye/obj/Debug/NewRedEye.exe
-
Size
34.6MB
-
MD5
a16493f64983e95b47f4c23a43b54015
-
SHA1
fa596483355bb89e1c767cf33ea2911633daa574
-
SHA256
8b69a3aa3d2dc1eff7cce69cbd0d7bb8d3c178e218a80f3eae36ea7868ce8892
-
SHA512
7396c831bbe70eba699af2ba749bc428a6fc143d4a27cc547213925514653a152947c70dc161e3f19422094a186ff74a6c04a20f11a164418d42d1ee47fa3938
-
SSDEEP
786432:Zg1mbZFph3NKjsqydxM0Xb96BxTRZSvmrIXAphIh0vxwTjFxOfZdac:ZumbJesqyd+0Xb6xTRUvmkXAfIh3nFkN
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops autorun.inf file 1 TTPs 2 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies data under HKEY_USERS 15 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\RedEye-Ransomware-master\NewRedEye\obj\Debug\NewRedEye.exe"C:\Users\Admin\AppData\Local\Temp\RedEye-Ransomware-master\NewRedEye\obj\Debug\NewRedEye.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Drops autorun.inf file
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\shutdown.exe"C:\Windows\System32\shutdown.exe" -r -t 00 -f2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x500 0x3001⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3942855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.7MB
-
Filesize
34.7MB
-
Filesize
624KB
-
Filesize
7.7MB
-
Filesize
5.6MB
-
Filesize
584KB
-
Filesize
64KB
-
Filesize
40KB
-
Filesize
344KB
-
Filesize
64KB
-
Filesize
7.7MB