Behavioral task
behavioral1
Sample
2920-0-0x00000000010C0000-0x00000000011F3000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2920-0-0x00000000010C0000-0x00000000011F3000-memory.exe
Resource
win10v2004-20240412-en
General
-
Target
2920-0-0x00000000010C0000-0x00000000011F3000-memory.dmp
-
Size
1.2MB
-
MD5
4c3dcf2e710edf1feb022f7dc74a005f
-
SHA1
447041b6b0ba8701b10b11313a4373a85353c038
-
SHA256
6fad997c2c6332aa5fc1dda6ddcb373849fce841f8da30b46245164b11dcad9c
-
SHA512
77cb7f7a24aa8ebc45713c96e7459bd1a1a33d1f633c554a012d1c61d4ccb8cf6ee3a327fa33861c00990b5b24e4893961ff2c4e947709ac2bc3c3d27cb71747
-
SSDEEP
12288:gq3Q4EYXRffMSf/vPY+8RvvfyAqvpV3uCMFLIvuSzjYz2Zu6wPOyr08scUzsfmfE:gq3WYXRffjHvPY+8Rv4vz+jImJrBU
Malware Config
Signatures
-
Redline family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2920-0-0x00000000010C0000-0x00000000011F3000-memory.dmp
Files
-
2920-0-0x00000000010C0000-0x00000000011F3000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 724KB - Virtual size: 723KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 83KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 375KB - Virtual size: 381KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.00cfg Size: 512B - Virtual size: 270B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ