Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
23-05-2022 18:52
Behavioral task
behavioral1
Sample
1684-55-0x0000000001ED0000-0x0000000001F02000-memory.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1684-55-0x0000000001ED0000-0x0000000001F02000-memory.exe
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1684-55-0x0000000001ED0000-0x0000000001F02000-memory.exe
-
Size
200KB
-
MD5
038ca458ecc3d2731f09dc219644f047
-
SHA1
2ce33af6fb9d00344c524af3192deb5371c41594
-
SHA256
4ae2c9fe2e06741ddcb1fc6112fc834011e9ac054d851a5a3a8301c5c1c4bf58
-
SHA512
5f6e890a296fdef00088270f2c2ff26461ac37e5ffa2c354db52d5a955fccb40c04295d594607166c38d20cb73b283dfa4ca849ede759899d410f8790c5c1da8
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1392-54-0x0000000000AF0000-0x0000000000B22000-memory.dmp family_redline -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
1684-55-0x0000000001ED0000-0x0000000001F02000-memory.exedescription pid process Token: SeDebugPrivilege 1392 1684-55-0x0000000001ED0000-0x0000000001F02000-memory.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1392-54-0x0000000000AF0000-0x0000000000B22000-memory.dmpFilesize
200KB