Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    139s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 05:15 UTC

General

  • Target

    x0543664.exe

  • Size

    291KB

  • MD5

    d72e8eb9bc5f8e9b119f39216631733b

  • SHA1

    d8e29c1d02381d7339910f4f0aed1e0fc4e9fea9

  • SHA256

    6508ea148ad32be86b59cadc266e2a72343e0dc3896742fd74bc324cb1a5ef57

  • SHA512

    9b3a3188b794d03302d6657c834fcfa45d008a402e426afa36f17e28b8d20bbfc3d7a597e9d03e633f23db638751b40de90c3914882779d5da7bd0b902c8aa74

  • SSDEEP

    6144:Kry+bnr+jp0yN90QEGAV5HR0zwDm88tH50brv3zFq:dMrjy907cHIbj3g

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes
  • auth_value

    29610cdad07e7187eec70685a04b89fe

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 5 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\x0543664.exe
    "C:\Users\Admin\AppData\Local\Temp\x0543664.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\h8131180.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\h8131180.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1708

Network

    No results found
  • 77.91.124.82:19071
    h8131180.exe
    152 B
    3
  • 77.91.124.82:19071
    h8131180.exe
    152 B
    3
  • 77.91.124.82:19071
    h8131180.exe
    152 B
    3
  • 77.91.124.82:19071
    h8131180.exe
    152 B
    3
  • 77.91.124.82:19071
    h8131180.exe
    152 B
    3
  • 77.91.124.82:19071
    h8131180.exe
    152 B
    3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\h8131180.exe

    Filesize

    174KB

    MD5

    ac0b8c45614a0b94074d9f7a4cc76f38

    SHA1

    240b5d17766503fd7dfa2a7f8f05be2f7857dc8a

    SHA256

    d7aa1acf2186822f215379df2f4731a9502aa6802dd8f4c87431e68ffb82fc74

    SHA512

    70abd5c774de1df94d4f89f6fc16734012135b1bab6c21f00da133c5f8194941f4bf118c449b8dd02ac087ff729bca63227140c56bebdaa7cefba560866ebff4

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\h8131180.exe

    Filesize

    174KB

    MD5

    ac0b8c45614a0b94074d9f7a4cc76f38

    SHA1

    240b5d17766503fd7dfa2a7f8f05be2f7857dc8a

    SHA256

    d7aa1acf2186822f215379df2f4731a9502aa6802dd8f4c87431e68ffb82fc74

    SHA512

    70abd5c774de1df94d4f89f6fc16734012135b1bab6c21f00da133c5f8194941f4bf118c449b8dd02ac087ff729bca63227140c56bebdaa7cefba560866ebff4

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\h8131180.exe

    Filesize

    174KB

    MD5

    ac0b8c45614a0b94074d9f7a4cc76f38

    SHA1

    240b5d17766503fd7dfa2a7f8f05be2f7857dc8a

    SHA256

    d7aa1acf2186822f215379df2f4731a9502aa6802dd8f4c87431e68ffb82fc74

    SHA512

    70abd5c774de1df94d4f89f6fc16734012135b1bab6c21f00da133c5f8194941f4bf118c449b8dd02ac087ff729bca63227140c56bebdaa7cefba560866ebff4

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\h8131180.exe

    Filesize

    174KB

    MD5

    ac0b8c45614a0b94074d9f7a4cc76f38

    SHA1

    240b5d17766503fd7dfa2a7f8f05be2f7857dc8a

    SHA256

    d7aa1acf2186822f215379df2f4731a9502aa6802dd8f4c87431e68ffb82fc74

    SHA512

    70abd5c774de1df94d4f89f6fc16734012135b1bab6c21f00da133c5f8194941f4bf118c449b8dd02ac087ff729bca63227140c56bebdaa7cefba560866ebff4

  • memory/1708-10-0x0000000000AC0000-0x0000000000AF0000-memory.dmp

    Filesize

    192KB

  • memory/1708-11-0x0000000000490000-0x0000000000496000-memory.dmp

    Filesize

    24KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.