Overview

overview

10

Static

static

8

a7e9e9cf22...7d.exe

windows7_x64

10

a7e9e9cf22...7d.exe

windows10_x64

10

Analysis

  • max time kernel
    25s
  • max time network
    111s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    25-12-2020 08:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7e9e9cf220846cf4886665f5dca877d.exe

  • Size

    371KB

  • MD5

    a7e9e9cf220846cf4886665f5dca877d

  • SHA1

    25316dff51b674a33b4db6aa4187477f1bcfb72f

  • SHA256

    f8c01a2d1b187aee1a6b8fc7cb87369cbc920e6c288f53af356287cb3def107e

  • SHA512

    b2922db7d114e27eda9d436bcd7bb7c29791fbee25a5807223dd9fc0f6b913b0caacbd0518ce97494f42a8bc2f44b0f33ec1cfb0144b41249589f64b23f266db

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7e9e9cf220846cf4886665f5dca877d.exe
    "C:\Users\Admin\AppData\Local\Temp\a7e9e9cf220846cf4886665f5dca877d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:944
    • C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /C ping 127.0.0.1 -n 3 > nul & del ""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1324
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.0.0.1 -n 3
        3⤵
        • Runs ping.exe
        PID:1216

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/944-12-0x000000000A4A0000-0x000000000A4A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-6-0x0000000007350000-0x0000000007374000-memory.dmp

    Filesize

    144KB

    Download

  • memory/944-2-0x0000000005441000-0x0000000005442000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-14-0x000000000B310000-0x000000000B311000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-13-0x000000000A620000-0x000000000A621000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-7-0x0000000009990000-0x0000000009991000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-8-0x00000000074D0000-0x00000000074F2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/944-9-0x0000000009E90000-0x0000000009E91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-10-0x00000000098F0000-0x00000000098F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-11-0x0000000009930000-0x0000000009931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-4-0x0000000007150000-0x0000000007151000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-3-0x0000000005660000-0x0000000005661000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-5-0x0000000073330000-0x0000000073A1E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/944-15-0x000000000B4E0000-0x000000000B4E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-16-0x000000000BB20000-0x000000000BB21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-17-0x000000000BBC0000-0x000000000BBC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-18-0x000000000BC50000-0x000000000BC51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-19-0x000000000BEF0000-0x000000000BEF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/944-20-0x000000000D220000-0x000000000D221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1216-22-0x0000000000000000-mapping.dmp

    Download

  • memory/1324-21-0x0000000000000000-mapping.dmp

    Download