Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
24-04-2024 14:02
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
12 signatures
150 seconds
General
-
Target
file.exe
-
Size
1.2MB
-
MD5
d41582bde613bd63caffa80f482e692b
-
SHA1
d1ccf0f0f4224e4daa412c868729977cddec079e
-
SHA256
212f5fb634003890f2b61ade6d3bf474e16787e3f536f0484a2a23f55d562bf0
-
SHA512
37defa103178d6e281a62f5cc221380f687740cfcf268c24dbeb7bf1c320fbb94be26ce74234b717cafe5f0c74b527ebf8c063fa4c49594174b68e2753e1474d
-
SSDEEP
12288:FCRMXFhAS3ocOaKANlQWE4goVyevmV/HSgrouJoz7ZyCwLvsTC/pSiAF1XcwJJSH:FCROhAS3onZANlQWEwtvEPg7SITCCXC
Score
10/10
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3024 2920 WerFault.exe file.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
file.exedescription pid process target process PID 2920 wrote to memory of 3024 2920 file.exe WerFault.exe PID 2920 wrote to memory of 3024 2920 file.exe WerFault.exe PID 2920 wrote to memory of 3024 2920 file.exe WerFault.exe PID 2920 wrote to memory of 3024 2920 file.exe WerFault.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2920-0-0x00000000010C0000-0x00000000011F3000-memory.dmpFilesize
1.2MB