Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

5e3e6bbd87...51.exe

windows7-x64

10

5e3e6bbd87...51.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/11/2024, 02:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e3e6bbd87dc839fd7d8a25cad1bbcdcf2df482afd1c39deeca93c3777672a51.exe

  • Size

    302KB

  • MD5

    eda2c7cfd22aa323f90fc26a11e92e3f

  • SHA1

    6d78729b1a3da249d317db99c58a810bf7b46fc1

  • SHA256

    5e3e6bbd87dc839fd7d8a25cad1bbcdcf2df482afd1c39deeca93c3777672a51

  • SHA512

    d176f006592893d939004eb7fdc9bc85fedc77ea4bd1085126f7612089d432ad0007e5c32f2b1ad43ae72caeafbc0147755504a5bd4a0e8384b5e5f01fd1896f

  • SSDEEP

    3072:l8XLArFsh796WIYCt9ouTDXV1lIYNbMFjwBc5wbfRny9F4znqpN1tT+3QcxH2ocC:lpCTw9ouTDljIYpcwcgCm2Z7AiC6SQ

Score
10/10
redline11discoveryinfostealer

Malware Config

Extracted

Family

redline

Botnet

11

C2

45.9.20.157:46257

Attributes
  • auth_value

    344c26d7f808f9c29e47633026f19aa5

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Redline family
    redline
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e3e6bbd87dc839fd7d8a25cad1bbcdcf2df482afd1c39deeca93c3777672a51.exe
    "C:\Users\Admin\AppData\Local\Temp\5e3e6bbd87dc839fd7d8a25cad1bbcdcf2df482afd1c39deeca93c3777672a51.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:1668

Network

    No results found
  • 45.9.20.157:46257
    5e3e6bbd87dc839fd7d8a25cad1bbcdcf2df482afd1c39deeca93c3777672a51.exe
    152 B
     3
  • 45.9.20.157:46257
    5e3e6bbd87dc839fd7d8a25cad1bbcdcf2df482afd1c39deeca93c3777672a51.exe
    152 B
     3
  • 45.9.20.157:46257
    5e3e6bbd87dc839fd7d8a25cad1bbcdcf2df482afd1c39deeca93c3777672a51.exe
    152 B
     3
  • 45.9.20.157:46257
    5e3e6bbd87dc839fd7d8a25cad1bbcdcf2df482afd1c39deeca93c3777672a51.exe
    152 B
     3
  • 45.9.20.157:46257
    5e3e6bbd87dc839fd7d8a25cad1bbcdcf2df482afd1c39deeca93c3777672a51.exe
    152 B
     3
  • 45.9.20.157:46257
    5e3e6bbd87dc839fd7d8a25cad1bbcdcf2df482afd1c39deeca93c3777672a51.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1668-0-0x0000000000220000-0x000000000024C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1668-1-0x0000000000250000-0x0000000000289000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1668-2-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1668-3-0x0000000000400000-0x000000000083E000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/1668-4-0x00000000024F0000-0x0000000002524000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1668-5-0x0000000002570000-0x00000000025A2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/1668-6-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-7-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-9-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-11-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-13-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-15-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-17-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-19-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-21-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-39-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-53-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-69-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-67-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-65-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-63-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-61-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-59-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-57-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-55-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-51-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-49-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-47-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-45-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-43-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-41-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-37-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-35-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-33-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-31-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-29-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-27-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-25-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-23-0x0000000002570000-0x000000000259D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1668-953-0x0000000000220000-0x000000000024C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1668-954-0x0000000000250000-0x0000000000289000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1668-955-0x0000000000400000-0x000000000043C000-memory.dmp

    Filesize

    240KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.