Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

69b3cec83a...3f.exe

windows7-x64

10

69b3cec83a...3f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2023, 02:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69b3cec83a51a5142d2f03856347bfe454e79c785e0b6425c0bcd632edf94a3f.exe

  • Size

    490KB

  • MD5

    f45d9b844bd38845415b0d4b1e5255b3

  • SHA1

    67b60a43e6262c1d6547463022b2e90f51d98b2e

  • SHA256

    69b3cec83a51a5142d2f03856347bfe454e79c785e0b6425c0bcd632edf94a3f

  • SHA512

    bb217704c96cd54c1d100d47f066a678fe1cc5a747d0e283599e07e269cbc31e02a163cb7dc03c57894dc4b95f4b92da928cf2751e07b1717f888b266cb05921

  • SSDEEP

    6144:sSyQdzblQNrVxVA3wWMw+ktVD4TqsDz9GdGGg226lo7fhvIUE:lyQx6NrjVA3BJ+ktV8TqsdaZxvlo7Zv

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69b3cec83a51a5142d2f03856347bfe454e79c785e0b6425c0bcd632edf94a3f.exe
    "C:\Users\Admin\AppData\Local\Temp\69b3cec83a51a5142d2f03856347bfe454e79c785e0b6425c0bcd632edf94a3f.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1676

Network

    No results found
  • 171.22.28.239:42359
    69b3cec83a51a5142d2f03856347bfe454e79c785e0b6425c0bcd632edf94a3f.exe
    2.8MB
     46.4kB
     2050
    977
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1676-0-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/1676-1-0x00000000002E0000-0x000000000033A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/1676-5-0x00000000743E0000-0x0000000074ACE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1676-6-0x00000000071E0000-0x0000000007220000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1676-8-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/1676-9-0x00000000743E0000-0x0000000074ACE000-memory.dmp

    Filesize

    6.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.