Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

RedEngine_...FX.dll

windows11-21h2-x64

1

RedEngine_...PI.dll

windows11-21h2-x64

1

RedEngine_...ck.exe

windows11-21h2-x64

9

RedEngine_...on.dll

windows11-21h2-x64

1

Resubmissions

09/08/2024, 08:07

240809-jz4pvsscld 9

09/08/2024, 08:05

240809-jza3jsybkl 7

Analysis

  • max time kernel
    2s
  • max time network
    3s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/08/2024, 08:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RedEngine_Cracked_V5_1/RedEngine Cracked/RedEngine Crack.exe

  • Size

    1.4MB

  • MD5

    d1d591c35fd846f1387db4898f230163

  • SHA1

    02ac17ca638a53e95e48ae02699453ae0e6d9040

  • SHA256

    ac05991c970b324fc2922fd9318f6d16a4b6793570ab04bc9caf886fb7711dc6

  • SHA512

    6eeddfa48e39d57164ee149421e5c235a9fdfaf5fbf1c37a05dcbb0bd703e66621acc76b6f00344c4b1378881c59c9d71fbc061d78ede3d788e3b8e1f1433d25

  • SSDEEP

    24576:JNUjfcXaCZoFAaPv2CR1W/lpAOfGpckI7kIKlm0pRNvtuCWGxHhLGgLPkPHc:HU4IAaH2Ce/75ucpTa7bpGgDkPH

Score
9/10
discoverypersistencespywarestealervmprotect

Malware Config

Signatures

  • Detected Nirsoft tools 1 IoCs

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • NirSoft WebBrowserPassView 1 IoCs

    Password recovery tool for various web browsers

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RedEngine_Cracked_V5_1\RedEngine Cracked\RedEngine Crack.exe
    "C:\Users\Admin\AppData\Local\Temp\RedEngine_Cracked_V5_1\RedEngine Cracked\RedEngine Crack.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:4600
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 1892
      2⤵
      • Program crash
      PID:2180
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4600 -ip 4600
    1⤵
      PID:3016

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4600-0-0x00000000751AE000-0x00000000751AF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4600-1-0x0000000000100000-0x00000000003D8000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/4600-2-0x00000000751A0000-0x0000000075951000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4600-3-0x00000000751A0000-0x0000000075951000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4600-4-0x0000000009600000-0x0000000009696000-memory.dmp

      Filesize

      600KB

      Download

    • memory/4600-5-0x0000000004E20000-0x0000000004E86000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4600-6-0x0000000004F30000-0x0000000004FC2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4600-7-0x00000000751A0000-0x0000000075951000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4600-11-0x0000000004DE0000-0x0000000004DF6000-memory.dmp

      Filesize

      88KB

      Download

    • memory/4600-10-0x0000000004DC0000-0x0000000004DDE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4600-9-0x00000000751A0000-0x0000000075951000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4600-12-0x00000000751A0000-0x0000000075951000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4600-13-0x00000000751A0000-0x0000000075951000-memory.dmp

      Filesize

      7.7MB

      Download