Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    115s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23/11/2024, 13:25 UTC

General

  • Target

    37f601cfd90279392c27c0fec6359d28fae86878112469f8e95d0f3474c3367b.exe

  • Size

    366KB

  • MD5

    d308aff286fba626255b4036bdf01fe6

  • SHA1

    bbbbf5436773e032d476fd30fa041db1f3938885

  • SHA256

    37f601cfd90279392c27c0fec6359d28fae86878112469f8e95d0f3474c3367b

  • SHA512

    79aee3bcc7671f0f7d85534a2552b99a014bdb311adc909b090c930e1bb45fe3ef7730a2a3a8d2fb368124078dd95d472c5b28e0296477e363e754dce54b368c

  • SSDEEP

    6144:NFfusc5msJu5lZKWDnYQN6wDX/rYcRstfS5deEOnA:LfusamSuXZuQMwDX/rLstf+ItnA

Malware Config

Extracted

Family

redline

Botnet

sewPalp

C2

185.215.113.29:24645

Attributes
  • auth_value

    41d3df6d093b1e36993abf16af0d6f2d

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 2 IoCs
  • Redline family
  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

  • SectopRAT payload 2 IoCs
  • Sectoprat family
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\37f601cfd90279392c27c0fec6359d28fae86878112469f8e95d0f3474c3367b.exe
    "C:\Users\Admin\AppData\Local\Temp\37f601cfd90279392c27c0fec6359d28fae86878112469f8e95d0f3474c3367b.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1404

Network

    No results found
  • 185.215.113.29:24645
    37f601cfd90279392c27c0fec6359d28fae86878112469f8e95d0f3474c3367b.exe
    152 B
    3
  • 185.215.113.29:24645
    37f601cfd90279392c27c0fec6359d28fae86878112469f8e95d0f3474c3367b.exe
    152 B
    3
  • 185.215.113.29:24645
    37f601cfd90279392c27c0fec6359d28fae86878112469f8e95d0f3474c3367b.exe
    152 B
    3
  • 185.215.113.29:24645
    37f601cfd90279392c27c0fec6359d28fae86878112469f8e95d0f3474c3367b.exe
    152 B
    3
  • 185.215.113.29:24645
    37f601cfd90279392c27c0fec6359d28fae86878112469f8e95d0f3474c3367b.exe
    152 B
    3
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1404-1-0x0000000001850000-0x0000000001950000-memory.dmp

    Filesize

    1024KB

  • memory/1404-2-0x0000000000230000-0x0000000000260000-memory.dmp

    Filesize

    192KB

  • memory/1404-3-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

  • memory/1404-4-0x00000000017F0000-0x0000000001814000-memory.dmp

    Filesize

    144KB

  • memory/1404-5-0x0000000000400000-0x00000000016CF000-memory.dmp

    Filesize

    18.8MB

  • memory/1404-6-0x0000000001830000-0x0000000001852000-memory.dmp

    Filesize

    136KB

  • memory/1404-7-0x0000000001850000-0x0000000001950000-memory.dmp

    Filesize

    1024KB

  • memory/1404-8-0x0000000000230000-0x0000000000260000-memory.dmp

    Filesize

    192KB

  • memory/1404-9-0x0000000000400000-0x0000000000433000-memory.dmp

    Filesize

    204KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.