redline | 212f5fb634003890f2b61ade6d3bf474e16787e3f536f0484a2a23f55d562bf0

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
24-04-2024 14:02

Target

file.exe
Size

1.2MB
MD5

d41582bde613bd63caffa80f482e692b
SHA1

d1ccf0f0f4224e4daa412c868729977cddec079e
SHA256

212f5fb634003890f2b61ade6d3bf474e16787e3f536f0484a2a23f55d562bf0
SHA512

37defa103178d6e281a62f5cc221380f687740cfcf268c24dbeb7bf1c320fbb94be26ce74234b717cafe5f0c74b527ebf8c063fa4c49594174b68e2753e1474d
SSDEEP

12288:FCRMXFhAS3ocOaKANlQWE4goVyevmV/HSgrouJoz7ZyCwLvsTC/pSiAF1XcwJJSH:FCROhAS3onZANlQWEwtvEPg7SITCCXC

Score

10^/10

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3024 2920 WerFault.exe file.exe

pid	pid_target	process	target process
3024	2920	WerFault.exe	file.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

file.exe

description	pid	process	target process
PID 2920 wrote to memory of 3024	2920	file.exe	WerFault.exe
PID 2920 wrote to memory of 3024	2920	file.exe	WerFault.exe
PID 2920 wrote to memory of 3024	2920	file.exe	WerFault.exe
PID 2920 wrote to memory of 3024	2920	file.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 116
2⤵
- Program crash
PID:3024

memory/2920-0-0x00000000010C0000-0x00000000011F3000-memory.dmp

Filesize
1.2MB

Download