Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    7s
  • max time network
    0s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21/05/2024, 09:51

General

  • Target

    XcHvYYrNa.exe

  • Size

    300KB

  • MD5

    b9a421c6f519b309d05149b5388debc6

  • SHA1

    f713cef1b438bc65d33ff7c1532b9ac4f9cd9fa2

  • SHA256

    9eff518a31a5ca6d372d8c2e60820b3b014e884da27c4ce7482fefc9b80d4b7f

  • SHA512

    25fb917f01e6b2543c47a25561e6ff2f15fe304558281e52694ed26ff046b8fcf74f9a2e023dca41b2f7ceae1349d48ed4cfabe93b9c69582be9c290218acbd6

  • SSDEEP

    3072:ycZqf7D34Tp/0+mAWkyYHcQQg3/B1fA0PuTVAtkxz93REeqiOL2bBOA:ycZqf7DItnzXvB1fA0GTV8kHsL

Malware Config

Extracted

Family

redline

Botnet

SolaraHacked

C2

127.0.0.1:4444

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XcHvYYrNa.exe
    "C:\Users\Admin\AppData\Local\Temp\XcHvYYrNa.exe"
    1⤵
      PID:1728

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1728-0-0x0000000074CDE000-0x0000000074CDF000-memory.dmp

      Filesize

      4KB

    • memory/1728-1-0x0000000000DD0000-0x0000000000E22000-memory.dmp

      Filesize

      328KB

    • memory/1728-2-0x0000000074CD0000-0x00000000753BE000-memory.dmp

      Filesize

      6.9MB