Overview

overview

10

Static

static

3

Inject.rar

windows7-x64

10

Inject.rar

windows10-2004-x64

3

Inject/Inject.exe

windows7-x64

10

Inject/Inject.exe

windows10-2004-x64

10

Inject/_in...40.dll

windows7-x64

1

Inject/_in...40.dll

windows10-2004-x64

1

Inject/_in...z2.dll

windows7-x64

1

Inject/_in...z2.dll

windows10-2004-x64

1

Inject/_in...es.dll

windows7-x64

1

Inject/_in...es.dll

windows10-2004-x64

1

Inject/_in...al.dll

windows7-x64

1

Inject/_in...al.dll

windows10-2004-x64

1

Inject/_in...ib.dll

windows7-x64

1

Inject/_in...ib.dll

windows10-2004-x64

1

Inject/_in...ma.dll

windows7-x64

1

Inject/_in...ma.dll

windows10-2004-x64

1

Inject/_in...et.dll

windows7-x64

1

Inject/_in...et.dll

windows10-2004-x64

1

Inject/_in...ry.zip

windows7-x64

1

Inject/_in...ry.zip

windows10-2004-x64

1

Inject/_in..._1.dll

windows7-x64

1

Inject/_in..._1.dll

windows10-2004-x64

1

Inject/_in...-7.dll

windows7-x64

1

Inject/_in...-7.dll

windows10-2004-x64

1

Inject/_in...39.dll

windows7-x64

1

Inject/_in...39.dll

windows10-2004-x64

1

Inject/_in...ct.dll

windows7-x64

1

Inject/_in...ct.dll

windows10-2004-x64

1

Inject/_in...ta.dll

windows7-x64

1

Inject/_in...ta.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    209s
  • max time network
    210s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25-05-2024 17:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Inject.rar

  • Size

    4.2MB

  • MD5

    5c6b145a15f3c0b94a5f72cd469133eb

  • SHA1

    975953651a808e118d7fe9efb9a5f0412598101a

  • SHA256

    b56f3ef36c1a05d0bc5b28b9bc7e38a5f8d8ff49c05fab2c686976fd195f73fa

  • SHA512

    857f0842a0279ae23a380652a2cd903cebc1cf33df9029ba0f4529b53a109857a8f5841133dabfb437ee7a882bb27176077bf915377bce0e796a981beb4ac1a1

  • SSDEEP

    98304:/yU39OUPWLYUD2Id4QY3Zu3at66tcO8V/PT6KfdQ1N9bnSe:aU3YIId1WZptl8FP+KfCVbnSe

Score
10/10
redlineinfostealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Inject.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2240
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Inject.rar"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2596
  • C:\Users\Admin\Desktop\Inject\Inject.exe
    "C:\Users\Admin\Desktop\Inject\Inject.exe"
    1⤵
    • Executes dropped EXE
    PID:2668
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2744
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x48c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Desktop\Inject\Inject.exe
    Filesize

    10.0MB

    MD5

    5c02826d4b0ee2ba6f50a9fef4f31281

    SHA1

    57adb9017811b37fe756093c9b7c61181ef2fe8b

    SHA256

    8ecd9f59a8ddd6a3d3e520fafb41ff63cbe36f881dd250b50b7f9212a6bbac57

    SHA512

    823b8fe1626bc1bb76c6a78711a9135ca7ca4ca353646d23d27d0b409d10712f0d348de7b7cd3bb49f77b240d5e3f1c7d2379c6fd4688cc7e00e242228ae8183

    Download Submit
  • memory/2668-53-0x0000000000220000-0x0000000000248000-memory.dmp
    Filesize

    160KB

    Download
  • memory/2744-58-0x0000000140000000-0x00000001405E8000-memory.dmp
    Filesize

    5.9MB

    Download
  • memory/2744-59-0x0000000140000000-0x00000001405E8000-memory.dmp
    Filesize

    5.9MB

    Download
  • memory/2744-61-0x0000000140000000-0x00000001405E8000-memory.dmp
    Filesize

    5.9MB

    Download
  • memory/2744-62-0x0000000003860000-0x0000000003870000-memory.dmp
    Filesize

    64KB

    Download