Overview

overview

10

Static

static

1

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    06-04-2023 13:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    343KB

  • MD5

    b4366bb38342bf5092ecc110684d091e

  • SHA1

    4abe6534a59472bb469b5d65d6988a9ac3baaffa

  • SHA256

    5098edc4249c3b818f3d99da1491aa8e51060f8714641bdf7ee7524a4df5ce4b

  • SHA512

    227dc47c63822ef6744174dd43ce2dae80177ac19a03b3a7dcd49350a3845a19f9fb5bec8c063e3243ad9a755f00d77306b1e200e97daf83030062c76b164085

  • SSDEEP

    6144:tZO6UaE2WsWx6+t5WY/G2uQRxbqf+NU9GsCPaW:tg6rE2W3lLv/aAGfrGZf

Score
10/10
redline@chicagoinfostealer

Malware Config

Extracted

Family

redline

Botnet

@chicago

C2

185.11.61.125:22344

Attributes
  • auth_value

    21f863e0cbd09d0681058e068d0d1d7f

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1560-55-0x00000000021B0000-0x000000000220A000-memory.dmp
    Filesize

    360KB

    Download
  • memory/1560-56-0x00000000002D0000-0x0000000000332000-memory.dmp
    Filesize

    392KB

    Download
  • memory/1560-58-0x0000000004D40000-0x0000000004D80000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1560-57-0x0000000004D40000-0x0000000004D80000-memory.dmp
    Filesize

    256KB

    Download
  • memory/1560-59-0x0000000002230000-0x0000000002288000-memory.dmp
    Filesize

    352KB

    Download
  • memory/1560-60-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-61-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-63-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-65-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-67-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-71-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-73-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-75-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-77-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-79-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-81-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-85-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-87-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-93-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-95-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-97-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-99-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-101-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-105-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-103-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-107-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-109-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-111-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-113-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-115-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-117-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-119-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-121-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-123-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-91-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-89-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-83-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download
  • memory/1560-69-0x0000000002230000-0x0000000002282000-memory.dmp
    Filesize

    328KB

    Download