Behavioral task
behavioral1
Sample
1276-125-0x0000000004BC0000-0x0000000004C00000-memory.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1276-125-0x0000000004BC0000-0x0000000004C00000-memory.dll
Resource
win10v2004-20230220-en
General
-
Target
1276-125-0x0000000004BC0000-0x0000000004C00000-memory.dmp
-
Size
256KB
-
MD5
be2c1524fb09adb87470f25251843706
-
SHA1
34a27422e5bd11d41febbfa5573a7cfc03825fd7
-
SHA256
b7a1881d2f102f0a80b66f473125c0bc2c51af631379a45092ef0167d7ae05c3
-
SHA512
15a72a0c50e4d589ea739ab33bc6b08fe0ee93b888c7268806456a96cdc09f5f42e3efff7a405e0feb01bb416b53ff49cd9dcee911ee147405991e72d06309d4
-
SSDEEP
3072:h8e8hgClPkmfv4r8W2qTvI2t2qVwoMTOIkvlB8e8hg/Q:hGlXfvhZ/RfkvlBbQ
Malware Config
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 1276-125-0x0000000004BC0000-0x0000000004C00000-memory.dmp
Files
-
1276-125-0x0000000004BC0000-0x0000000004C00000-memory.dmp.dll windows x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorDllMain
Sections
.text Size: 512B - Virtual size: 420B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ