Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ae3b1ab62a...e7.exe

windows7-x64

10

ae3b1ab62a...e7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2024, 01:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe

  • Size

    426KB

  • MD5

    047192debce3c838003370e7108ac885

  • SHA1

    03487f4b72a51ac6eab8c40eb417bc9bcbdc49c6

  • SHA256

    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7

  • SHA512

    d21d1b8efa91f23404033462d7d2b3c10569f1de603a1e37c72f962a372f0895332f31b8fae73ab8f530dba30fc35b409933ff463518975f301459bd3e1c2e59

  • SSDEEP

    12288:NOGTHCu1H/BPd+47EYzUSUZ+seswutyI9mmBa:NOsCcfBPHIYQhesw/t

Score
10/10
redlinesectopratpaladindiscoveryinfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

paladin

C2

37.228.129.48:29795

Attributes
  • auth_value

    f27db372188045eefdf974196ead3dae

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Redline family
    redline
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat
  • SectopRAT payload 2 IoCs
  • Sectoprat family
    sectoprat
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    "C:\Users\Admin\AppData\Local\Temp\ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2008

Network

  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    71.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
    260 B
     200 B
     5
    5
  • 37.228.129.48:29795
    ae3b1ab62a7f522dbd428fe52590b7f4abca6e355f40c92a531066adfd9c4ee7.exe
  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    71.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    71.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2008-1-0x0000000000A30000-0x0000000000B30000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2008-2-0x00000000023D0000-0x0000000002413000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2008-3-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2008-4-0x0000000000400000-0x000000000079C000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/2008-5-0x00000000028E0000-0x0000000002916000-memory.dmp

    Filesize

    216KB

    Download

  • memory/2008-6-0x0000000004EC0000-0x0000000005464000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2008-7-0x00000000054B0000-0x00000000054E2000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2008-8-0x00000000054E0000-0x0000000005AF8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2008-9-0x0000000005B50000-0x0000000005B62000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2008-10-0x0000000005B70000-0x0000000005C7A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2008-11-0x0000000005CC0000-0x0000000005CFC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2008-12-0x0000000005D00000-0x0000000005D4C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2008-13-0x0000000000A30000-0x0000000000B30000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2008-14-0x00000000023D0000-0x0000000002413000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2008-15-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.