Overview

overview

10

Static

static

914f013185...dd.exe

windows7_x64

10

914f013185...dd.exe

windows10_x64

10

Analysis

  • max time kernel
    21s
  • max time network
    104s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    20-03-2021 08:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    914f0131854c868ce96f1dbeebcd8edd.exe

  • Size

    287KB

  • MD5

    914f0131854c868ce96f1dbeebcd8edd

  • SHA1

    3dae201dfbe0155bfaa2ebdb0324f8938537a61a

  • SHA256

    807e65fc407c3d9f024b10e8cfb20c2e10ad067aa217fe97ec1b075c24dbc936

  • SHA512

    720fab9db81b5dae8de9528f68747b2ba4495b53388e53558663d85a6eb1a261dc34dd98032f6a20e3b90e723d1bc177ea772724961caafe5ab7d21308343522

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\914f0131854c868ce96f1dbeebcd8edd.exe
    "C:\Users\Admin\AppData\Local\Temp\914f0131854c868ce96f1dbeebcd8edd.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1144

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1144-2-0x00000000026C0000-0x00000000026C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-3-0x0000000002830000-0x0000000002831000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-4-0x0000000073950000-0x000000007403E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1144-5-0x0000000002680000-0x00000000026A8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1144-6-0x00000000025D0000-0x0000000002605000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1144-7-0x0000000000400000-0x0000000000438000-memory.dmp

    Filesize

    224KB

    Download

  • memory/1144-9-0x00000000029A3000-0x00000000029A4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-8-0x00000000029A2000-0x00000000029A3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-11-0x0000000005030000-0x0000000005031000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-10-0x00000000029A0000-0x00000000029A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-12-0x0000000002970000-0x0000000002997000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1144-13-0x0000000002A30000-0x0000000002A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-14-0x00000000029A4000-0x00000000029A6000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1144-15-0x0000000005A30000-0x0000000005A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-16-0x0000000005C00000-0x0000000005C01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-17-0x0000000006290000-0x0000000006291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-18-0x00000000062B0000-0x00000000062B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-19-0x0000000006420000-0x0000000006421000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-20-0x00000000065A0000-0x00000000065A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-21-0x0000000006DA0000-0x0000000006DA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-22-0x0000000006F80000-0x0000000006F81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-23-0x00000000075D0000-0x00000000075D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-24-0x0000000007680000-0x0000000007681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1144-25-0x0000000007EC0000-0x0000000007EC1000-memory.dmp

    Filesize

    4KB

    Download