Analysis Overview
SHA256
84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e
Threat Level: Known bad
The file 84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-12-18 04:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-18 04:56
Reported
2023-12-18 05:01
Platform
win7-20231215-en
Max time kernel
279s
Max time network
293s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e.exe
"C:\Users\Admin\AppData\Local\Temp\84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp |
Files
memory/1728-0-0x00000000001D0000-0x000000000020C000-memory.dmp
memory/1728-5-0x0000000074910000-0x0000000074FFE000-memory.dmp
memory/1728-6-0x0000000007510000-0x0000000007550000-memory.dmp
memory/1728-7-0x0000000074910000-0x0000000074FFE000-memory.dmp
memory/1728-8-0x0000000007510000-0x0000000007550000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-18 04:56
Reported
2023-12-18 05:01
Platform
win10-20231215-en
Max time kernel
292s
Max time network
302s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e.exe
"C:\Users\Admin\AppData\Local\Temp\84cb5b6c51eb19008e1dae4bf5c6824def9cf1d981d71ece3bfd658f2766070e.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| RU | 77.105.132.87:17066 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp | |
| RU | 77.105.132.87:17066 | tcp |
Files
memory/916-0-0x0000000001050000-0x000000000108C000-memory.dmp
memory/916-6-0x0000000007FB0000-0x00000000084AE000-memory.dmp
memory/916-7-0x0000000007B90000-0x0000000007C22000-memory.dmp
memory/916-8-0x0000000007D20000-0x0000000007D30000-memory.dmp
memory/916-9-0x0000000005100000-0x000000000510A000-memory.dmp
memory/916-5-0x0000000073E90000-0x000000007457E000-memory.dmp
memory/916-10-0x0000000009080000-0x0000000009686000-memory.dmp
memory/916-12-0x0000000009030000-0x0000000009042000-memory.dmp
memory/916-13-0x000000000A810000-0x000000000A84E000-memory.dmp
memory/916-14-0x000000000A850000-0x000000000A89B000-memory.dmp
memory/916-11-0x000000000A8E0000-0x000000000A9EA000-memory.dmp
memory/916-15-0x0000000073E90000-0x000000007457E000-memory.dmp
memory/916-16-0x0000000007D20000-0x0000000007D30000-memory.dmp