Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    22/10/2023, 22:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca09c4f29fe69c9cc1dca4cf640967329141a2ee7105cdf078abccf14c8edb58.exe

  • Size

    376KB

  • MD5

    0d6c7b15bf3a3c0858ffc2b36a221926

  • SHA1

    3e1569f9bd2df7947a31450b61a505237819e357

  • SHA256

    ca09c4f29fe69c9cc1dca4cf640967329141a2ee7105cdf078abccf14c8edb58

  • SHA512

    ba10f638934e2e112b8e644bd580fdb50d80fcc754cf981b59e44e46c9518efa005d371112b0a28b54a588adf00b870499143846ffb5e84dcd38c77c312d0cec

  • SSDEEP

    6144:Ln8rmeRB7msDTIEhNvJTi3wjNYmpUKAAAAAArgAAAAAAAgAAAAAAAAAAAAAAAAAq:j8KGB7mwXZnxp1AAAAAArgAAAAAAAgAK

Score
10/10
redline@oleh_psdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

@oleh_ps

C2

185.216.70.238:37515

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca09c4f29fe69c9cc1dca4cf640967329141a2ee7105cdf078abccf14c8edb58.exe
    "C:\Users\Admin\AppData\Local\Temp\ca09c4f29fe69c9cc1dca4cf640967329141a2ee7105cdf078abccf14c8edb58.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2144

Network

    No results found
  • 185.216.70.238:37515
    ca09c4f29fe69c9cc1dca4cf640967329141a2ee7105cdf078abccf14c8edb58.exe
    2.1MB
     38.5kB
     1571
    794
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2144-0-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2144-1-0x00000000002D0000-0x000000000030E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2144-5-0x0000000073ED0000-0x00000000745BE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2144-6-0x0000000001FE0000-0x0000000002020000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2144-7-0x0000000000400000-0x0000000000460000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2144-8-0x0000000073ED0000-0x00000000745BE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2144-9-0x0000000001FE0000-0x0000000002020000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2144-11-0x0000000073ED0000-0x00000000745BE000-memory.dmp

    Filesize

    6.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.