Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    31/01/2023, 18:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    393KB

  • MD5

    c18009108480fdb057a8864a211212e5

  • SHA1

    2c46161be8dff6308f5d87534f41354fabbc6f25

  • SHA256

    f1d42be3aa56c1703b0fffcbc0e45ab6ea8b34e0a53fe00349648a24f731b045

  • SHA512

    a6a5779ee537a49092716ce683ea1de8a586ee68b8d0a5b6af7521743271d954b161fc3fada4b58d2c1beb2f2e953d5e33b9b5e8611b2993a5115e772320f47e

  • SSDEEP

    6144:cm+m7Lhu3kHfVUyZmHIV37cF7mZiiBP0e1ggL54mqMoIFayI8MN:X+iNdUfHIV37KuiiBMeyYBqM7ayI

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:964

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/964-54-0x00000000023F0000-0x000000000244A000-memory.dmp

          Filesize

          360KB

          Download

        • memory/964-55-0x000000000055D000-0x000000000058B000-memory.dmp

          Filesize

          184KB

          Download

        • memory/964-56-0x00000000002F0000-0x0000000000352000-memory.dmp

          Filesize

          392KB

          Download

        • memory/964-57-0x0000000000400000-0x000000000047D000-memory.dmp

          Filesize

          500KB

          Download

        • memory/964-58-0x00000000048B0000-0x0000000004908000-memory.dmp

          Filesize

          352KB

          Download

        • memory/964-59-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/964-60-0x000000000055D000-0x000000000058B000-memory.dmp

          Filesize

          184KB

          Download

        • memory/964-61-0x0000000000400000-0x000000000047D000-memory.dmp

          Filesize

          500KB

          Download