Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    95s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/11/2024, 01:15

General

  • Target

    3e619dd5b0550be6b260faa8af5b0daf171161ec.exe

  • Size

    208KB

  • MD5

    fcb61fcf5bf2539c8bcefa97fc4e2d2f

  • SHA1

    3e619dd5b0550be6b260faa8af5b0daf171161ec

  • SHA256

    d72e23bf3671a455ddf5ff954d7fe7bf107e573597731120c3a41d14410915a9

  • SHA512

    735f98d5dd8ddc093dc2fca4d8a6223990529a8c779c2729a9113fe4ea2ce0f75ced3dbd827f6fd36a17815e5f67499b7a7b3a2aba34ac06cac19ba5b1063ad7

  • SSDEEP

    3072:NG5Vw/aRSZQQTeYEk+Qavs3z/N6bdiRSGR2UtEnpDhTq6p:NGA/YsCYI16boZioJDh

Malware Config

Extracted

Family

redline

Botnet

Merzel

C2

20.119.228.194:46014

Attributes
  • auth_value

    e66e45492bb6c2c321e9631c8caee974

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Redline family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3e619dd5b0550be6b260faa8af5b0daf171161ec.exe
    "C:\Users\Admin\AppData\Local\Temp\3e619dd5b0550be6b260faa8af5b0daf171161ec.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:1456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1456-0-0x0000000074CDE000-0x0000000074CDF000-memory.dmp

    Filesize

    4KB

  • memory/1456-1-0x0000000000680000-0x00000000006B4000-memory.dmp

    Filesize

    208KB