Analysis Overview
SHA256
43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0
Threat Level: Known bad
The file 43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0 was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-11 04:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-11 04:52
Reported
2023-12-11 04:57
Platform
win7-20231130-en
Max time kernel
299s
Max time network
296s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0.exe
"C:\Users\Admin\AppData\Local\Temp\43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp |
Files
memory/3052-0-0x0000000000250000-0x000000000028C000-memory.dmp
memory/3052-5-0x0000000074450000-0x0000000074B3E000-memory.dmp
memory/3052-6-0x0000000004B80000-0x0000000004BC0000-memory.dmp
memory/3052-7-0x0000000074450000-0x0000000074B3E000-memory.dmp
memory/3052-8-0x0000000004B80000-0x0000000004BC0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-11 04:52
Reported
2023-12-11 04:57
Platform
win10-20231129-en
Max time kernel
295s
Max time network
298s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0.exe
"C:\Users\Admin\AppData\Local\Temp\43b960a691ed77d169bc3b46bb506708ba4fca8f6418297f5f63c9ae2a35a4a0.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 77.105.132.87:20104 | tcp | |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp | |
| RU | 77.105.132.87:20104 | tcp |
Files
memory/292-0-0x00000000027A0000-0x00000000027DC000-memory.dmp
memory/292-6-0x0000000007B20000-0x000000000801E000-memory.dmp
memory/292-7-0x00000000076C0000-0x0000000007752000-memory.dmp
memory/292-8-0x00000000078B0000-0x00000000078C0000-memory.dmp
memory/292-9-0x0000000002A70000-0x0000000002A7A000-memory.dmp
memory/292-5-0x0000000073C70000-0x000000007435E000-memory.dmp
memory/292-12-0x00000000089C0000-0x00000000089D2000-memory.dmp
memory/292-14-0x000000000A1C0000-0x000000000A20B000-memory.dmp
memory/292-13-0x000000000A180000-0x000000000A1BE000-memory.dmp
memory/292-11-0x000000000A290000-0x000000000A39A000-memory.dmp
memory/292-10-0x0000000008A30000-0x0000000009036000-memory.dmp
memory/292-15-0x0000000073C70000-0x000000007435E000-memory.dmp
memory/292-16-0x00000000078B0000-0x00000000078C0000-memory.dmp