Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24-04-2024 11:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
General
-
Target
tmp.exe
-
Size
990KB
-
MD5
9056dca80b3431615d63b13b72ca143c
-
SHA1
cf9122b3b7f57f0f4cd6ff8303417f1f6279a80c
-
SHA256
cedfb47b22871e12b67b3d7d01e4eb1bcad63bf61dfab89db5acde64cc12832b
-
SHA512
13a26a8d261ff4c6d83158ea0d7d99aac670159fca9f2a6b1e180ed9be1bdd5abdceab2fc232774f828c61d3aa267f29cebc22fe3d276fd0ae8d7e4681f38fb2
-
SSDEEP
12288:dRMAkWbP+k/ldbNxhZcKMMbm8gtnwaJioTTQ3AwHuwZ+U4cxV0q4Z5g1:HMAkCP+k/l7xhZcKMwmSajn/U4cO2
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2000-0-0x0000000001210000-0x000000000130D000-memory.dmp family_redline -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1612 2000 WerFault.exe tmp.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
tmp.exedescription pid process target process PID 2000 wrote to memory of 1612 2000 tmp.exe WerFault.exe PID 2000 wrote to memory of 1612 2000 tmp.exe WerFault.exe PID 2000 wrote to memory of 1612 2000 tmp.exe WerFault.exe PID 2000 wrote to memory of 1612 2000 tmp.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2000-0-0x0000000001210000-0x000000000130D000-memory.dmpFilesize
1012KB