Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Redline St...ld.exe

windows7-x64

10

Redline St...ld.exe

windows10-2004-x64

10

Redline St...52.dll

windows7-x64

1

Redline St...52.dll

windows10-2004-x64

1

Redline St...ib.dll

windows7-x64

1

Redline St...ib.dll

windows10-2004-x64

1

Redline St...UI.dll

windows7-x64

1

Redline St...UI.dll

windows10-2004-x64

1

Redline St...db.dll

windows7-x64

1

Redline St...db.dll

windows10-2004-x64

1

Redline St...db.dll

windows7-x64

1

Redline St...db.dll

windows10-2004-x64

1

Redline St...ks.dll

windows7-x64

1

Redline St...ks.dll

windows10-2004-x64

1

Redline St...il.dll

windows7-x64

1

Redline St...il.dll

windows10-2004-x64

1

Redline St...on.dll

windows7-x64

1

Redline St...on.dll

windows10-2004-x64

1

Redline St...ls.dll

windows7-x64

1

Redline St...ls.dll

windows10-2004-x64

1

Redline St...en.dll

windows7-x64

1

Redline St...en.dll

windows10-2004-x64

1

Redline St...ib.dll

windows7-x64

1

Redline St...ib.dll

windows10-2004-x64

1

Redline St...er.exe

windows7-x64

1

Redline St...er.exe

windows10-2004-x64

1

Redline St...et.dll

windows7-x64

1

Redline St...et.dll

windows10-2004-x64

1

Redline St...ub.exe

windows7-x64

10

Redline St...ub.exe

windows10-2004-x64

10

Redline St...rt.bat

windows7-x64

8

Redline St...rt.bat

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2025, 13:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Redline Stealer/OpenPort.bat

  • Size

    94B

  • MD5

    cf1cc90281e28cee22dce7ed013c2678

  • SHA1

    2f213a71b76db3e51ad2d659f84dc1f3f90725fb

  • SHA256

    84399f8bccefa404e156a5351b1de75a2d5290b4fddd1754efb16401ed7218ef

  • SHA512

    2b61c1da7cc66506537719cedab82f172d2ac1af4df69513ba64507a5ed67989974f81791faf08c5855580df53f564600381be34c340b825f1f01919948921e1

Score
8/10
evasionpersistenceprivilege_escalation

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Redline Stealer\OpenPort.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="RLS" dir=in action=allow protocol=TCP localport=6677
      2⤵
      • Modifies Windows Firewall
      • Event Triggered Execution: Netsh Helper DLL
      PID:2824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.