Analysis Overview
SHA256
49fe76a8a8986e9c1f1edb8f179390e4ae8a4555a2f2dca3bd4b70c1f6d3755b
Threat Level: Known bad
The file 49fe76a8a8986e9c1f1edb8f179390e4ae8a4555a2f2dca3bd4b70c1f6d3755b was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-11 04:53
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-11 04:53
Reported
2023-12-11 04:58
Platform
win10-20231023-en
Max time kernel
288s
Max time network
303s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\49fe76a8a8986e9c1f1edb8f179390e4ae8a4555a2f2dca3bd4b70c1f6d3755b.exe
"C:\Users\Admin\AppData\Local\Temp\49fe76a8a8986e9c1f1edb8f179390e4ae8a4555a2f2dca3bd4b70c1f6d3755b.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp |
Files
memory/4264-0-0x0000000000060000-0x000000000009C000-memory.dmp
memory/4264-5-0x0000000073790000-0x0000000073E7E000-memory.dmp
memory/4264-6-0x00000000074C0000-0x00000000079BE000-memory.dmp
memory/4264-7-0x00000000070A0000-0x0000000007132000-memory.dmp
memory/4264-8-0x00000000026A0000-0x00000000026B0000-memory.dmp
memory/4264-9-0x0000000007060000-0x000000000706A000-memory.dmp
memory/4264-10-0x0000000008550000-0x0000000008B56000-memory.dmp
memory/4264-12-0x0000000008460000-0x0000000008472000-memory.dmp
memory/4264-13-0x00000000084C0000-0x00000000084FE000-memory.dmp
memory/4264-11-0x0000000009CA0000-0x0000000009DAA000-memory.dmp
memory/4264-14-0x0000000008500000-0x000000000854B000-memory.dmp
memory/4264-15-0x0000000073790000-0x0000000073E7E000-memory.dmp
memory/4264-16-0x00000000026A0000-0x00000000026B0000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-11 04:53
Reported
2023-12-11 04:58
Platform
win7-20231023-en
Max time kernel
289s
Max time network
304s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\49fe76a8a8986e9c1f1edb8f179390e4ae8a4555a2f2dca3bd4b70c1f6d3755b.exe
"C:\Users\Admin\AppData\Local\Temp\49fe76a8a8986e9c1f1edb8f179390e4ae8a4555a2f2dca3bd4b70c1f6d3755b.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp | |
| RU | 195.10.205.16:2245 | tcp |
Files
memory/1168-0-0x0000000000170000-0x00000000001AC000-memory.dmp
memory/1168-5-0x0000000074820000-0x0000000074F0E000-memory.dmp
memory/1168-6-0x0000000007530000-0x0000000007570000-memory.dmp
memory/1168-7-0x0000000074820000-0x0000000074F0E000-memory.dmp
memory/1168-8-0x0000000007530000-0x0000000007570000-memory.dmp