Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 19:20

General

  • Target

    ebcddf46ea507afb5e3ae02e736b467a_JaffaCakes118.exe

  • Size

    380KB

  • MD5

    ebcddf46ea507afb5e3ae02e736b467a

  • SHA1

    c98af6480de8f8b6de29dadb15677873ca0a1f91

  • SHA256

    79fc47434aec38f3f72dcb8f657b805d4462e227d4dff3345673151b07a5ca6f

  • SHA512

    07bb1782a483f4ce2505b5bc43815dd299bc28b03dc51441b680be1bd22bcfead7835224b5a94089c8ba886833c42dadba4831dcfc97bd760f36195680ccc742

  • SSDEEP

    6144:r/vSQLnmwRnnt9HCeFsdCTgXwY+5OYch6RAVx98aC3Vc/rWEt:r3SGnmgaeW40wDbclH8nVc/rP

Score
10/10

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ebcddf46ea507afb5e3ae02e736b467a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ebcddf46ea507afb5e3ae02e736b467a_JaffaCakes118.exe"
    1⤵
      PID:2276

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2276-1-0x00000000002B0000-0x00000000003B0000-memory.dmp

            Filesize

            1024KB

          • memory/2276-2-0x00000000001B0000-0x00000000001F0000-memory.dmp

            Filesize

            256KB

          • memory/2276-3-0x0000000000400000-0x00000000004D1000-memory.dmp

            Filesize

            836KB

          • memory/2276-5-0x0000000073E10000-0x00000000744FE000-memory.dmp

            Filesize

            6.9MB

          • memory/2276-4-0x0000000002150000-0x0000000002196000-memory.dmp

            Filesize

            280KB

          • memory/2276-7-0x00000000024B0000-0x00000000024F0000-memory.dmp

            Filesize

            256KB

          • memory/2276-6-0x00000000024B0000-0x00000000024F0000-memory.dmp

            Filesize

            256KB

          • memory/2276-8-0x00000000024B0000-0x00000000024F0000-memory.dmp

            Filesize

            256KB

          • memory/2276-9-0x0000000002190000-0x00000000021D4000-memory.dmp

            Filesize

            272KB

          • memory/2276-10-0x00000000024B0000-0x00000000024F0000-memory.dmp

            Filesize

            256KB

          • memory/2276-11-0x0000000000400000-0x00000000004D1000-memory.dmp

            Filesize

            836KB

          • memory/2276-12-0x0000000073E10000-0x00000000744FE000-memory.dmp

            Filesize

            6.9MB