Overview

overview

10

Static

static

tmp.exe

windows7_x64

10

tmp.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    135s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    21-05-2022 21:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    1.3MB

  • MD5

    f4def4de7f90c40691bc3a09cbcf91e1

  • SHA1

    c53ebad54e849bdc162483c40a3f7b387a2870d1

  • SHA256

    425526e0fc3149a179a394f19444bf1d11b252859a94f46ad3da4ad2841306d4

  • SHA512

    6f4ae7fb265b88fbf077e53a3b13534046cdcd62da945dba47027e761c54108ff895bec89b30c255cd2abc55058be9cc28e1a2ccfdd38e53ba86e6ca858ae8f7

Score
10/10
redlineinfostealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2684
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
    1⤵
      PID:2368

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2684-130-0x0000000000DE0000-0x0000000000F13000-memory.dmp
      Filesize

      1.2MB

      Download
    • memory/2684-131-0x0000000000F70000-0x0000000000FB6000-memory.dmp
      Filesize

      280KB

      Download
    • memory/2684-132-0x0000000000DE0000-0x0000000000F13000-memory.dmp
      Filesize

      1.2MB

      Download
    • memory/2684-133-0x0000000075BD0000-0x0000000075DE5000-memory.dmp
      Filesize

      2.1MB

      Download
    • memory/2684-134-0x0000000000DE0000-0x0000000000F13000-memory.dmp
      Filesize

      1.2MB

      Download
    • memory/2684-135-0x0000000000DE0000-0x0000000000F13000-memory.dmp
      Filesize

      1.2MB

      Download
    • memory/2684-136-0x00000000733D0000-0x0000000073459000-memory.dmp
      Filesize

      548KB

      Download
    • memory/2684-137-0x00000000769F0000-0x0000000076FA3000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/2684-138-0x0000000005FB0000-0x00000000065C8000-memory.dmp
      Filesize

      6.1MB

      Download
    • memory/2684-139-0x0000000005750000-0x0000000005762000-memory.dmp
      Filesize

      72KB

      Download
    • memory/2684-140-0x0000000005990000-0x0000000005A9A000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/2684-141-0x00000000057F0000-0x000000000582C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/2684-142-0x000000006EBE0000-0x000000006EC2C000-memory.dmp
      Filesize

      304KB

      Download