Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06-05-2024 22:45

General

  • Target

    7609a7d901338139b8209f1c9e1e11a9496f87dcbea4f6b0ccb0e6f49e6a11a5.exe

  • Size

    501KB

  • MD5

    d50c6a922e0c314d6a17e26a8dce4278

  • SHA1

    68bb17b90f03bbc52ff9e6329764285e6b9de5a8

  • SHA256

    7609a7d901338139b8209f1c9e1e11a9496f87dcbea4f6b0ccb0e6f49e6a11a5

  • SHA512

    09aa848a2a760c6958c5415d268d9f3201180df92af061f1f5ae371b54ea6818bbc3ef0027188470102164171aff92b636a5d6f1ab4a1ced976bdf6e0d4f0134

  • SSDEEP

    12288:5ZJQdCWmX3jfaw5vm/nE26V42ghBePfJ6VlbDByL98V:zedCWCn9m/nB6yIB6Pb4Z+

Score
10/10

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7609a7d901338139b8209f1c9e1e11a9496f87dcbea4f6b0ccb0e6f49e6a11a5.exe
    "C:\Users\Admin\AppData\Local\Temp\7609a7d901338139b8209f1c9e1e11a9496f87dcbea4f6b0ccb0e6f49e6a11a5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 88
      2⤵
      • Program crash
      PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2092-0-0x0000000000310000-0x000000000038E000-memory.dmp

    Filesize

    504KB