Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    94s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/11/2024, 10:28

General

  • Target

    8fe46d1b77b1081bd4d1a0449d8f526d14bc6fef6ce4778eb6124694c4614ff7.exe

  • Size

    272KB

  • MD5

    14d4b95bd7f471453765f5a9dbc9e82a

  • SHA1

    74d2e44861fbedcf10e3eb58a83c6ec9cdc1b53a

  • SHA256

    8fe46d1b77b1081bd4d1a0449d8f526d14bc6fef6ce4778eb6124694c4614ff7

  • SHA512

    b87655a584af065aa68611dccd39e2789fbf5d47ae30917e3b9e614cc7222af25496d3a44275713f357d4ce7aa31bc7dfdfa92c8a7d4f86bfb91a2c8c5a6eb25

  • SSDEEP

    3072:p6j4ELH6Vt7CENpmh6sLKR+utY/edHbpiWo40mTJghm0nlQoYKgQmExNn2pU9f2O:p6jgppZsLKwuAexbpZghdnlQH5Q

Malware Config

Extracted

Family

redline

Botnet

romik

C2

193.233.20.12:4132

Attributes
  • auth_value

    8fb78d2889ba0ca42678b59b884e88ff

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Redline family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8fe46d1b77b1081bd4d1a0449d8f526d14bc6fef6ce4778eb6124694c4614ff7.exe
    "C:\Users\Admin\AppData\Local\Temp\8fe46d1b77b1081bd4d1a0449d8f526d14bc6fef6ce4778eb6124694c4614ff7.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/224-0-0x0000000074E5E000-0x0000000074E5F000-memory.dmp

    Filesize

    4KB

  • memory/224-1-0x0000000000260000-0x00000000002A4000-memory.dmp

    Filesize

    272KB