Analysis
-
max time kernel
120s -
max time network
165s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
22-10-2021 18:45
General
-
Target
d08c7505d9deda3037398a2bddec6e49.exe
-
Size
452KB
-
MD5
d08c7505d9deda3037398a2bddec6e49
-
SHA1
c35417022f575351d7b634aaa297d2e456887a7f
-
SHA256
8840d8c54b58cc29c57916919906a81fff6bca7bede7c6d5b08a363359ff3582
-
SHA512
94e88d77a383f657233d3777dcb313cd23f10d4042aa3472c92c0082a706098235f29722e2262a4f3e7ec48cdaa796558d611ba8607340208aa1296162280e9e
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d08c7505d9deda3037398a2bddec6e49.exe"C:\Users\Admin\AppData\Local\Temp\d08c7505d9deda3037398a2bddec6e49.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/476-54-0x0000000000CF9000-0x0000000000D24000-memory.dmpFilesize
172KB
-
memory/476-55-0x0000000000220000-0x0000000000264000-memory.dmpFilesize
272KB
-
memory/476-56-0x0000000000400000-0x00000000008A0000-memory.dmpFilesize
4.6MB
-
memory/476-57-0x0000000004AC0000-0x0000000004AED000-memory.dmpFilesize
180KB
-
memory/476-58-0x0000000004C91000-0x0000000004C92000-memory.dmpFilesize
4KB
-
memory/476-59-0x0000000004C92000-0x0000000004C93000-memory.dmpFilesize
4KB
-
memory/476-60-0x0000000004C93000-0x0000000004C94000-memory.dmpFilesize
4KB
-
memory/476-61-0x0000000004AF0000-0x0000000004B1B000-memory.dmpFilesize
172KB
-
memory/476-62-0x0000000004C94000-0x0000000004C96000-memory.dmpFilesize
8KB