Analysis Overview
SHA256
fd6705aab9c1ec51c3eb49ff78e36066b78fc291abcb7da777f8e74c31256a02
Threat Level: Known bad
The file fd6705aab9c1ec51c3eb49ff78e36066b78fc291abcb7da777f8e74c31256a02 was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-02-04 03:43
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-04 03:43
Reported
2024-02-04 03:48
Platform
win10-20231220-en
Max time kernel
287s
Max time network
300s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\fd6705aab9c1ec51c3eb49ff78e36066b78fc291abcb7da777f8e74c31256a02.exe
"C:\Users\Admin\AppData\Local\Temp\fd6705aab9c1ec51c3eb49ff78e36066b78fc291abcb7da777f8e74c31256a02.exe"
Network
| Country | Destination | Domain | Proto |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| US | 138.91.171.81:80 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp |
Files
memory/316-0-0x0000000002350000-0x000000000238C000-memory.dmp
memory/316-5-0x00000000740B0000-0x000000007479E000-memory.dmp
memory/316-6-0x0000000007870000-0x0000000007D6E000-memory.dmp
memory/316-7-0x0000000007410000-0x00000000074A2000-memory.dmp
memory/316-8-0x0000000007660000-0x0000000007670000-memory.dmp
memory/316-9-0x00000000026F0000-0x00000000026FA000-memory.dmp
memory/316-12-0x0000000009FB0000-0x0000000009FC2000-memory.dmp
memory/316-13-0x000000000A010000-0x000000000A04E000-memory.dmp
memory/316-14-0x000000000A050000-0x000000000A09B000-memory.dmp
memory/316-11-0x000000000A0A0000-0x000000000A1AA000-memory.dmp
memory/316-10-0x0000000008840000-0x0000000008E46000-memory.dmp
memory/316-15-0x00000000740B0000-0x000000007479E000-memory.dmp
memory/316-16-0x0000000007660000-0x0000000007670000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-04 03:43
Reported
2024-02-04 03:48
Platform
win7-20231215-en
Max time kernel
289s
Max time network
304s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\fd6705aab9c1ec51c3eb49ff78e36066b78fc291abcb7da777f8e74c31256a02.exe
"C:\Users\Admin\AppData\Local\Temp\fd6705aab9c1ec51c3eb49ff78e36066b78fc291abcb7da777f8e74c31256a02.exe"
Network
| Country | Destination | Domain | Proto |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp | |
| DE | 195.10.205.16:2245 | tcp |
Files
memory/1256-0-0x0000000000130000-0x000000000016C000-memory.dmp
memory/1256-5-0x0000000073DB0000-0x000000007449E000-memory.dmp
memory/1256-6-0x0000000007650000-0x0000000007690000-memory.dmp
memory/1256-7-0x0000000073DB0000-0x000000007449E000-memory.dmp
memory/1256-8-0x0000000007650000-0x0000000007690000-memory.dmp