Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05-02-2023 08:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    389KB

  • MD5

    1a83beba2e0d0d46a3488ac434f1885f

  • SHA1

    15904e40dd85537d64416b5cb46e8c9022f36df0

  • SHA256

    3c860282284223ce741ebe8ca857a2a4fcc3eecd710dd1776d9f9273fff80de4

  • SHA512

    5e30742edb4742f0b09b039dd604bd76d9f7927a0d1b3b37ae7b670e0a1481a72c43740f4df263b618581bd315c25611cfbe966aada0ec22b75735f6d8b41d90

  • SSDEEP

    3072:WMvOhhKvwqUGLLtyqWEn56k7O3AYQgzj7pugLnHgD1TAu/cwVnLgyPYRRKCd5Ev3:WMvhYrGLL8qLq4G3cfcqX6j5EKWSt8k

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1992

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1992-54-0x0000000001DA0000-0x0000000001DFA000-memory.dmp

    Filesize

    360KB

    Download

  • memory/1992-55-0x0000000002170000-0x00000000021C8000-memory.dmp

    Filesize

    352KB

    Download

  • memory/1992-56-0x000000000059B000-0x00000000005C9000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1992-57-0x00000000002C0000-0x0000000000322000-memory.dmp

    Filesize

    392KB

    Download

  • memory/1992-58-0x0000000000400000-0x00000000004E3000-memory.dmp

    Filesize

    908KB

    Download

  • memory/1992-59-0x0000000076411000-0x0000000076413000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1992-60-0x000000000059B000-0x00000000005C9000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1992-61-0x0000000000400000-0x00000000004E3000-memory.dmp

    Filesize

    908KB

    Download