Overview

overview

10

Static

static

8

1cee7f3e56...f2.exe

windows7_x64

10

1cee7f3e56...f2.exe

windows10_x64

10

Analysis

  • max time kernel
    48s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    21-01-2021 07:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1cee7f3e56ca6f40161af3f84c4972f2.exe

  • Size

    329KB

  • MD5

    1cee7f3e56ca6f40161af3f84c4972f2

  • SHA1

    9385a652b3f7f60c7c0028d8c4d176267b8a8edb

  • SHA256

    57b01e75fdb6b0da38dd794744850e787ac069febb340eef4b3a5cf4760e6726

  • SHA512

    a6761fb7fc3e9e48e8516307c9421536f0a51fb9bdcca59a0cc49daafbc8cdf550769c4dd559f8fedfb29a757545997937a384b72f2f735ecc38adcedc9b5127

Score
10/10
redlinediscoveryinfostealerspyware

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1cee7f3e56ca6f40161af3f84c4972f2.exe
    "C:\Users\Admin\AppData\Local\Temp\1cee7f3e56ca6f40161af3f84c4972f2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:804

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/804-2-0x0000000004F40000-0x0000000004F51000-memory.dmp

    Filesize

    68KB

    Download

  • memory/804-3-0x00000000068D0000-0x00000000068E1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/804-4-0x00000000746D0000-0x0000000074DBE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/804-5-0x0000000000230000-0x0000000000257000-memory.dmp

    Filesize

    156KB

    Download

  • memory/804-6-0x0000000000260000-0x0000000000295000-memory.dmp

    Filesize

    212KB

    Download

  • memory/804-7-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/804-8-0x00000000069D0000-0x00000000069F9000-memory.dmp

    Filesize

    164KB

    Download

  • memory/804-14-0x0000000006A00000-0x0000000006A28000-memory.dmp

    Filesize

    160KB

    Download

  • memory/804-16-0x00000000090F2000-0x00000000090F3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/804-15-0x00000000090F1000-0x00000000090F2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/804-17-0x00000000090F3000-0x00000000090F4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/804-18-0x00000000090F4000-0x00000000090F6000-memory.dmp

    Filesize

    8KB

    Download