Analysis Overview
SHA256
143f61b9140d61bbb6061573d25aba49c38687512242136312ea1f5f078557b8
Threat Level: Known bad
The file redEngine-main.zip was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Unsigned PE
Program crash
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-23 07:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-23 07:34
Reported
2024-02-23 07:37
Platform
win10-20240221-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Lumma Stealer
Program crash
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531473092409231" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1104443672-3570440473-4052989528-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\redEngine-main\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\redEngine-main\Loader.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 208 -s 1028
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 208 -s 1028
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbb0819758,0x7ffbb0819768,0x7ffbb0819778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5220 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5324 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5400 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4468 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5972 --field-trial-handle=1856,i,16621538519726773790,13258015707624067929,131072 /prefetch:2
C:\Users\Admin\Downloads\redEngine-main\redEngine-main\Loader.exe
"C:\Users\Admin\Downloads\redEngine-main\redEngine-main\Loader.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 976
C:\Users\Admin\Downloads\redEngine-main\redEngine-main\Loader.exe
"C:\Users\Admin\Downloads\redEngine-main\redEngine-main\Loader.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 976
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 996
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 996
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | gemcreedarticulateod.shop | udp |
| US | 172.67.152.52:443 | gemcreedarticulateod.shop | tcp |
| US | 8.8.8.8:53 | secretionsuitcasenioise.shop | udp |
| US | 104.21.16.152:443 | secretionsuitcasenioise.shop | tcp |
| US | 8.8.8.8:53 | claimconcessionrebe.shop | udp |
| US | 172.67.199.120:443 | claimconcessionrebe.shop | tcp |
| US | 8.8.8.8:53 | 152.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.152.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | liabilityarrangemenyit.shop | udp |
| US | 172.67.182.52:443 | liabilityarrangemenyit.shop | tcp |
| US | 8.8.8.8:53 | 120.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.182.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | private-user-images.githubusercontent.com | udp |
| DE | 172.217.16.131:443 | beacons.gcp.gvt2.com | tcp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | private-user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.16.217.172.in-addr.arpa | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.10:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 10.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 172.67.152.52:443 | gemcreedarticulateod.shop | tcp |
| US | 104.21.16.152:443 | secretionsuitcasenioise.shop | tcp |
| US | 172.67.199.120:443 | claimconcessionrebe.shop | tcp |
| US | 172.67.182.52:443 | liabilityarrangemenyit.shop | tcp |
| US | 172.67.152.52:443 | gemcreedarticulateod.shop | tcp |
| US | 104.21.16.152:443 | secretionsuitcasenioise.shop | tcp |
| US | 172.67.199.120:443 | claimconcessionrebe.shop | tcp |
| US | 172.67.182.52:443 | liabilityarrangemenyit.shop | tcp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
Files
memory/208-0-0x0000000000970000-0x0000000000A07000-memory.dmp
memory/208-8-0x0000000000790000-0x0000000000791000-memory.dmp
memory/208-7-0x0000000000790000-0x0000000000791000-memory.dmp
memory/208-6-0x0000000000790000-0x0000000000791000-memory.dmp
memory/208-5-0x0000000000790000-0x0000000000791000-memory.dmp
memory/208-9-0x0000000000970000-0x0000000000A07000-memory.dmp
\??\pipe\crashpad_5056_NHGRYVCBGBPDKDLS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 916c93c360717be310e2dd5040c6265a |
| SHA1 | 9a13d72f8b7b69ac10ea137826a5bdcdc3a14e74 |
| SHA256 | bc0b8959db307906cc1c1bb5fa9722853486587b29820b5ee5996f4f5f852855 |
| SHA512 | 740f8c7ce46afc28cfa89b8749913b0728a4ea419e90117800f7bdafe1fc1ccde51f2ef41f65c9c7ff5f9989a9f55c3070a4a210c797ab5a5b4f3b97e98bc142 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5f0526c9bf47ec219d4eb46e5492b3d7 |
| SHA1 | e288896bfd8efe32a278964da2886517b43401c0 |
| SHA256 | 670508cd346b2d69c91923e82ce28da4b9dff5176ec082d7cff44fdbb0524d3d |
| SHA512 | 4f4571218571f8cbb311b299e32088e58b5df8b673e86fe71f8f1094111c229f1d05b44587ded65cdb08540d6946637bea191cc49af92c95577d7a8b1c79a27d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9c908604cb82f61027ca125e63e07657 |
| SHA1 | 3e026c3cf9735b1ca8881907860908a052808c19 |
| SHA256 | ba2379117848b981a8cb048e4aa9361a4777f998fd5671e26a66f67059a9224f |
| SHA512 | 0f0e8a749540739e33d5ee6305246d944c69d1c4a1ff4e69dd979512094646ea6c4ee47d43a75ac78d90f7a9498b214c7c0fac4bd8741eb6f807c37d23be4f52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 873734b55d4c7d35a177c8318b0caec7 |
| SHA1 | 469b913b09ea5b55e60098c95120cc9b935ddb28 |
| SHA256 | 4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d |
| SHA512 | 24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 5a11f09540045d9e450e69cd4c52e600 |
| SHA1 | 19d33c5dd96207110f4e1ffca7133670a1bcb23c |
| SHA256 | 6ae6e7a3331d29109254cebee5d750d9657dc2b1217ff497aa227868bf740e2f |
| SHA512 | 9d685d223c1e7775e996f3444133b44f0c5550c44eff1ba24b34bfde3022dc34c6299886593a708ec4447f642197cbb3f96881ca4383269f33ad870237933ae6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b47f790dbc693679eadd6f9a97fcf0ac |
| SHA1 | 3b14603949727057d84bc41889257a80f4aa9b68 |
| SHA256 | ec8bfcf7bc41d1362775c06886ddcd12c7118b05a627efd6fcbda036493ef9bf |
| SHA512 | 6bb4ccd1bfcf02d88cdefe679029280b60fd457288c6703431f11598ed69f5d01f13c87ed7e3ba4a1b0f239c27bc6fb169ee2275e7638f415acf96fee99ff360 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac4dd354d5a8ce30d8d70b5407638670 |
| SHA1 | a7f6ab65f899575744bbf766e9ddf0fb451e329d |
| SHA256 | 75e19629de2b71ba9733cdd38af33b8d03e0690df78f2dff61a9b6bb98b3b192 |
| SHA512 | ad9ce378af89291afb79390cffd86677b00342bc62dbd0f012e2da83b61ab092f8c7347fe6c61c7bf8efdb54d51395c5d35757ea1d5dcfee8d6ef62e6f8f1c98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0a187eced3f6500e205edd99b1873b1d |
| SHA1 | 5183a7cb1f6aeedfed5bcf3c708ec7e66db0c716 |
| SHA256 | 2504ca6c9cb4389c4083b73c6abb6dfbc8edd31fd323ab3afdf3998f18012858 |
| SHA512 | ff290e072f02d145c9f0afb1c3b33cf256258b94f2cdbfdaf3def672ca34c879f67c9c258c50aa67b66ed367135e748f7ebd96a07bb83aa40485330d782d5e17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 84ee603db47661547f2dc679feb8a92c |
| SHA1 | 244bd879955491cd7a86b937f5337d5b90a1c9b5 |
| SHA256 | 32310459cce3fc41988f62245a5c783164f1aaa31b2bdf64fc16744f996c0060 |
| SHA512 | ee7d1562ba964fc3fe58070c7990cb40fcbbdcd2379bf9b75f66e860f564243f64532f68a0e10bfdcf09cd4816e4ab3ee1f3155e15d97bf234341f5ce01b8618 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 07b584d940ff84c2aea4a15f64a66d00 |
| SHA1 | 19d66a64a701d2b76fe97f584f3366cf9f7ee05a |
| SHA256 | 26bb08c75fbd8bcdc66e5b20f9b245efde97aec079fa430079e8b10a84daf38f |
| SHA512 | 3278f0ebecd5e2857647f1fe4c4df4d47e3c06d8cf0994965f2278571eb4553f921202e2b630585698e721476c7461fc0d529da57d390a862063ebe81ccab108 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 11d2d61182fdc19e0f040872611169e6 |
| SHA1 | 6842fb84d365e2000ad4e0f1b33507aea4b66ce8 |
| SHA256 | 361f0688de80a8e4939740643b6c91bfba1425e77553e818d823b7d0c0e05ae5 |
| SHA512 | abb59a1e57685d66d6c662006c89ea51b05654564df9eb287815cc2d37edec088c812e7b7a2bc18a25a4fbaa52b526c5bafa1e7132cafd40bd6098d5cd42e9cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 597e05de7f96f1d9468c1106fc611e55 |
| SHA1 | 7729426ae9ef2438678ac1f8479b207a98414a11 |
| SHA256 | 833c4c8fe3d880499e9fb61bd8de6b3e2a1b7619d1d5396f15712826416a287f |
| SHA512 | 47f1a5f0887d0c9d7a7329231929d053d52e5617a82aace51f00ce2d48aeea329a5d0a99e48105f91c6326adf7a7fe36c870854ee92baccc65455bb9c091157d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fd3f5dc2c1a173aaccebf01c2e37ba3c |
| SHA1 | 0c32b69d8335bf7be7d5064d61ba46a8a15ae0c7 |
| SHA256 | 42f3f9b04b0fa86b08f5220d3c804745587d99cd04ea5cc9d4f3ef72a6887a94 |
| SHA512 | 0a0d4d6f2cd4a385d2898c19d54318575c3a6007947249be94e99bc01230f43b4a26995b5f0e0533b840203dcc2b49fd52c5c350fcb10098c95a10bf4ae1533f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | dc30395cd7f1f34a685f883d45e91482 |
| SHA1 | 92dee480226c2fd8943b4a66ac1624e7dfda5134 |
| SHA256 | 9fe468cde5e0e160be9ec4b7795807ff947bfd933690ee74c2f9f6da5dfb01d3 |
| SHA512 | 151caf6b99cadf953e69b1b6b8f8ad46cfe153580e161c7ce384882c88d801a0632a1edcb2943d08087c051c00fb7043c64d655d1b9fc28e2b1f730778a7372b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4b4cccdb158328a97be99c440522c9ce |
| SHA1 | b70d3d3794644c6557040bfbffa59cd5be2027ee |
| SHA256 | f4100e6fc129ebdea881bd3ddf67ec04da8037cc5de2d83d56fecbb9ca05bde1 |
| SHA512 | 3c1c467e3aca37256856b744a7dd9d31362830f0545c10812eef1a7cb94697026a4a802918b7894c0fc7f60b7b893375d2c8eff2f8efcc90fd8060bcb3bb609c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4c0c0e05-7e95-4330-a262-0e38e515afcb.tmp
| MD5 | c1fc77537f11b114c64d9b33195bea82 |
| SHA1 | 4df0ea798d8781239e1d47527a037f0b7543e16d |
| SHA256 | f9ba43c31a95a2da59d3811a03ae0e2e410c262f3a51760cc339fc566fe4352a |
| SHA512 | f5a1de2da7b36462e6686379b551a5fb464d73856191dde5386f0e43e6fe9e11e700cab08fbde8a35bd5882ad30a38a7016e1fc523160262cb9d6a62f3f1478b |
C:\Users\Admin\Downloads\redEngine-main.zip.crdownload
| MD5 | b22cd20a651ed5844c81b3856ab1293e |
| SHA1 | b1d58aa192e4a3662117380967c28eee89796cd4 |
| SHA256 | 143f61b9140d61bbb6061573d25aba49c38687512242136312ea1f5f078557b8 |
| SHA512 | 4f0072b6931ff55a92ada5d5e98a4a0b5cd288b46f2584e6da685074849363c4545b33a150187eea8707702060f1200742866a8281abe63d9768a696b80b8989 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 070fbf0f54ad866325933f6bb863797c |
| SHA1 | 0e49f9d1733530a834bd5bf52d7f74e4383145be |
| SHA256 | fe6ef77647f0e19a282733cce8bf071f51132cf9d0d620a0767df672d0a45b82 |
| SHA512 | c69cc07610590dfaee1e00d4a1b45b6c67dffa689510857e6f72c11fc7dd270083b6a8c983f5802f8a115a254809566dd03a892a34d4d01c84da5f1cfafc7ce7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3417d2b9e25676b8499fdc4ef6de5173 |
| SHA1 | 40d5f661c7997099c24a169daff4f74142d583ba |
| SHA256 | 9d75124b2bf889699807c5362fe9187ba7bef5fcdd81d36293a22056b13e6156 |
| SHA512 | c37cd0b9704130dc71b915a592362f461f9e7a0f339d86b16b7866d0249a9b662417448a5c7f50d8ce53bdf0eaa4a01b81d00538b27bd1be4fb429b9c2d0f5e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe593697.TMP
| MD5 | 5440fb34f82505967efde0f36dfc4334 |
| SHA1 | 44cda07046f05b0a21b5f98316c817727a70faca |
| SHA256 | 263f9d44fbfc9aa0b46d98a6d5b53449cd10f631ef6000de153bc65f74ba6da9 |
| SHA512 | 82e0f2c4badabbf4df93ca490d68f57df9117b9a519098ed1024fc5e7c9ea2c9899660c65c8c4b308afa7fa7ce2339f48d031ca4f3fa041acd3d3f77f2cf97e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 8a2bfbb8b19d2e48fef2afb1294beddf |
| SHA1 | aa2a90de191e22d40f4003065c12d48db6477d56 |
| SHA256 | 7f5c82d80c8447124271b286d726123e97066b0e94cfa94f521845c7c4631e55 |
| SHA512 | 1c61d48d14ce36afe6d69dd4b5cea390b8adc10cac75a44d646465bef2533d8fcfe53885de8c3282ecefa7784da0d2ed747cebbd40cc438db8d6cecc252e9d38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b6d4d268e0255f9300b4c94a278ef507 |
| SHA1 | da85eb44d79f8ea3ccaeb60cc85e1045518be2b9 |
| SHA256 | 3c4a52ecdb131880738a6642b188e04e4d2bb0ff51c2740c2e0fb861e6457854 |
| SHA512 | c6044e39c0709e5b7029026e73642e17304de641f47f5170636c5b59a52fcde255780eab81330af7c0ceaed6443eb9b80a730a191e2eafc2887332e6bf901f0d |
memory/4168-413-0x0000000000B90000-0x0000000000C27000-memory.dmp
memory/4168-418-0x00000000005F0000-0x00000000005F1000-memory.dmp
memory/4168-419-0x00000000005F0000-0x00000000005F1000-memory.dmp
memory/4168-420-0x00000000005F0000-0x00000000005F1000-memory.dmp
memory/4168-421-0x00000000005F0000-0x00000000005F1000-memory.dmp
memory/4168-422-0x00000000005F0000-0x00000000005F1000-memory.dmp
memory/4168-423-0x00000000005F0000-0x00000000005F1000-memory.dmp
memory/2388-425-0x00000000000F0000-0x0000000000187000-memory.dmp
memory/4168-424-0x0000000000B90000-0x0000000000C27000-memory.dmp
memory/2388-430-0x0000000000D60000-0x0000000000D61000-memory.dmp
memory/2388-431-0x0000000000D60000-0x0000000000D61000-memory.dmp
memory/2388-432-0x0000000000D60000-0x0000000000D61000-memory.dmp
memory/2388-433-0x0000000000D60000-0x0000000000D61000-memory.dmp
memory/2388-434-0x0000000000D60000-0x0000000000D61000-memory.dmp
memory/2388-435-0x0000000000D60000-0x0000000000D61000-memory.dmp
memory/2388-436-0x00000000000F0000-0x0000000000187000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-02-23 07:34
Reported
2024-02-23 07:37
Platform
win10-20240221-en
Max time kernel
132s
Max time network
137s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\redEngine-main\license.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |