Analysis Overview
SHA256
84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e
Threat Level: Known bad
The file 84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-17 22:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-17 22:26
Reported
2023-12-17 22:31
Platform
win7-20231215-en
Max time kernel
274s
Max time network
287s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e.exe
"C:\Users\Admin\AppData\Local\Temp\84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp |
Files
memory/2508-0-0x0000000000160000-0x000000000019C000-memory.dmp
memory/2508-5-0x0000000074AC0000-0x00000000751AE000-memory.dmp
memory/2508-6-0x0000000007760000-0x00000000077A0000-memory.dmp
memory/2508-7-0x0000000074AC0000-0x00000000751AE000-memory.dmp
memory/2508-8-0x0000000007760000-0x00000000077A0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-17 22:26
Reported
2023-12-17 22:31
Platform
win10-20231215-en
Max time kernel
296s
Max time network
301s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e.exe
"C:\Users\Admin\AppData\Local\Temp\84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 77.105.132.87:17066 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| RU | 77.105.132.87:17066 | tcp | |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| RU | 77.105.132.87:17066 | tcp | |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp |
Files
memory/5004-0-0x0000000001280000-0x00000000012BC000-memory.dmp
memory/5004-5-0x0000000073330000-0x0000000073A1E000-memory.dmp
memory/5004-7-0x0000000007DF0000-0x0000000007E82000-memory.dmp
memory/5004-6-0x0000000008250000-0x000000000874E000-memory.dmp
memory/5004-8-0x0000000007DE0000-0x0000000007DF0000-memory.dmp
memory/5004-9-0x0000000003230000-0x000000000323A000-memory.dmp
memory/5004-10-0x0000000009160000-0x0000000009766000-memory.dmp
memory/5004-12-0x0000000009120000-0x0000000009132000-memory.dmp
memory/5004-13-0x000000000A8F0000-0x000000000A92E000-memory.dmp
memory/5004-14-0x000000000A930000-0x000000000A97B000-memory.dmp
memory/5004-11-0x000000000A9C0000-0x000000000AACA000-memory.dmp
memory/5004-15-0x0000000073330000-0x0000000073A1E000-memory.dmp