Overview

overview

10

Static

static

2245bcc8a2...70.exe

windows7_x64

10

2245bcc8a2...70.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    43s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220331-en
  • submitted
    11-04-2022 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2245bcc8a29546d7857680789e3c5570.exe

  • Size

    345KB

  • MD5

    2245bcc8a29546d7857680789e3c5570

  • SHA1

    67603329135d4729a9929c42f5176f4f5e3d748f

  • SHA256

    94b78106989de9df32a0db19e58d3c79292bad1c125e3b699b7f5f2c099c8156

  • SHA512

    c4d6552aa5c2d51938ed5e32283e853a1de0149584c47d08a55881293f65c89e24e0cd77598de6712d40fba00dc017e6f22e58ff05f8a8fc8362622c171b07df

Score
10/10
redline50discoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

50

C2

193.106.191.132:23196

Attributes
  • auth_value

    8735fcb130c82dd9d353478678d60bde

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2245bcc8a29546d7857680789e3c5570.exe
    "C:\Users\Admin\AppData\Local\Temp\2245bcc8a29546d7857680789e3c5570.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1500

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1500-54-0x000000000051A000-0x0000000000544000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1500-55-0x00000000004D0000-0x0000000000500000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1500-56-0x0000000001EA0000-0x0000000001ECE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1500-57-0x000000000051A000-0x0000000000544000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1500-58-0x00000000002B0000-0x00000000002E7000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1500-59-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/1500-60-0x00000000047D4000-0x00000000047D6000-memory.dmp

    Filesize

    8KB

    Download