Analysis Overview
SHA256
2da8c55da46f148005b1b6eb5eaf231091b9f05ce4f73085abea04c242d77af4
Threat Level: Shows suspicious behavior
The file Redengine Crack.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Looks up external IP address via web service
Detects Pyinstaller
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-19 08:31
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 08:31
Reported
2024-06-19 08:41
Platform
win7-20240419-en
Max time kernel
359s
Max time network
360s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1720 wrote to memory of 1440 | N/A | C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe | C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe |
| PID 1720 wrote to memory of 1440 | N/A | C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe | C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe |
| PID 1720 wrote to memory of 1440 | N/A | C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe | C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe
"C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe"
C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe
"C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI17202\python39.dll
| MD5 | 2135da9f78a8ef80850fa582df2c7239 |
| SHA1 | aac6ad3054de6566851cae75215bdeda607821c4 |
| SHA256 | 324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3 |
| SHA512 | 423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-19 08:31
Reported
2024-06-19 08:41
Platform
win10v2004-20240508-en
Max time kernel
516s
Max time network
525s
Command Line
Signatures
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 208 wrote to memory of 4172 | N/A | C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe | C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe |
| PID 208 wrote to memory of 4172 | N/A | C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe | C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe
"C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe"
C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe
"C:\Users\Admin\AppData\Local\Temp\Redengine Crack.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI2082\python39.dll
| MD5 | 2135da9f78a8ef80850fa582df2c7239 |
| SHA1 | aac6ad3054de6566851cae75215bdeda607821c4 |
| SHA256 | 324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3 |
| SHA512 | 423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\VCRUNTIME140.dll
| MD5 | f34eb034aa4a9735218686590cba2e8b |
| SHA1 | 2bc20acdcb201676b77a66fa7ec6b53fa2644713 |
| SHA256 | 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1 |
| SHA512 | d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\base_library.zip
| MD5 | b8ed4da65fcd99bfa0ebc1e05c117368 |
| SHA1 | 9d822e68363ffd59d4e5b3af6a4f27f5a89d35e5 |
| SHA256 | da7b254387c376f8dd50db6c88b9e5a801aacfc7e577e34197ebac8fb990ce70 |
| SHA512 | d9dcbbf1e4f3e6837deca1030fc0b8b45513230ed11f60c7dfada87842f9c1ded53c6f8678ed8bc47d22c98805cd95fe3c27549a7069d04833ed32977456ba19 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\python3.DLL
| MD5 | 4a776941c0aa723c50223cb1a19e6d02 |
| SHA1 | 08e4cdf06f3b9ee5f9d5c865b49c808d20938583 |
| SHA256 | 5a2f39ed041d35bb48e89c72c1ad16a5a24a3674f8eb34bfbc6310fd75128f16 |
| SHA512 | 0319030bd2b51bf605c8ef4324eacf3a1f2e2315c92bc0cfc8e9eb7df72038f6c377b9537fec16470363499e6e0dbb7ca164169ae43601294310f84e53a06881 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_ctypes.pyd
| MD5 | a1e9b3cc6b942251568e59fd3c342205 |
| SHA1 | 3c5aaa6d011b04250f16986b3422f87a60326834 |
| SHA256 | a8703f949c9520b76cb1875d1176a23a2b3ef1d652d6dfac6e1de46dc08b2aa3 |
| SHA512 | 2015b2ae1b17afc0f28c4af9cedf7d0b6219c4c257dd0c89328e5bd3eee35e2df63ef4fccb3ee38e7e65f01233d7b97fc363c0eae0cfa7754612c80564360d6f |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_socket.pyd
| MD5 | cd56f508e7c305d4bfdeb820ecf3a323 |
| SHA1 | 711c499bcf780611a815afa7374358bbfd22fcc9 |
| SHA256 | 9e97b782b55400e5a914171817714bbbc713c0a396e30496c645fc82835e4b34 |
| SHA512 | e937c322c78e40947c70413404beba52d3425945b75255590dedf84ee429f685e0e5bc86ad468044925fbc59cf7ec8698a5472dd4f05b4363da30de04f9609a5 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\select.pyd
| MD5 | 35bb285678b249770dda3f8a15724593 |
| SHA1 | a91031d56097a4cbf800a6960e229e689ba63099 |
| SHA256 | 71ed480da28968a7fd07934e222ae87d943677468936fd419803280d0cad07f3 |
| SHA512 | 956759742b4b47609a57273b1ea7489ce39e29ebced702245a9665bb0479ba7d42c053e40c6dc446d5b0f95f8cc3f2267af56ccaaaf06e6875c94d4e3f3b6094 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_bz2.pyd
| MD5 | b024a6f227eafa8d43edfc1a560fe651 |
| SHA1 | 92451be6a2a6bfc4a8de8ad3559ba4a25d409f2e |
| SHA256 | c0dd9496b19ba9536a78a43a97704e7d4bef3c901d196ed385e771366682819d |
| SHA512 | b9edb6d0f1472dd01969e6f160b41c1e7e935d4eebcaf08554195eb85d91c19ff1bfbc150773f197462e582c6d31f12bd0304f636eb4f189ed3ed976824b283e |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_lzma.pyd
| MD5 | 77b78b43d58fe7ce9eb2fbb1420889fa |
| SHA1 | de55ce88854e314697fa54703a2cd6cc970f3111 |
| SHA256 | 6e571d93ce55d09583ec91c607883a43c1da3d4d36794d68c6ecd6bea4ab466a |
| SHA512 | 7b03b7d3f2fd9b51391de08e69ca9156a0232b56f210878a488b9d5a19492ab5880f45d9407331360fbe543a52c03d68f68da4387bf6a13b20ec903a7b081846 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\pyexpat.pyd
| MD5 | 3ee5ec36b631c2352cd8bd2e4b58b37f |
| SHA1 | d6ddab5eb14226fea6e5212382b5dd39aa50df97 |
| SHA256 | f32af8a21c016702647a83661eb4460bac7c791754cb1faaf1c4d096a94cd7cb |
| SHA512 | 873f72bc481bf6c55cdd00e97ea0e5946f466790f3319374b1c15772d4abdc7f394defd2cb130323fff2169380b0cda7319bb2b19f87ed5dfa479635f4b21317 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\win32api.pyd
| MD5 | 30d431bdd2419b1c59f22c0ab790ab88 |
| SHA1 | fe4c07f5e77806e5f0f5f90762849818eb4d29d1 |
| SHA256 | 0813e92197b04508363d93f3fc2065e962baab44f8a2c18c6297e1fb348cc679 |
| SHA512 | d5c8e362c5be1decffb7960b0169e18641816ada783e0ec5a3c909c163bf1aa8878d6e7d7efb0258a0f1a031ac8e71c084d7220347b85b07412d6717f3b5ff58 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\pywintypes39.dll
| MD5 | f0c9ae2851bdadd218d864430281b576 |
| SHA1 | b7fb397f1c9cd07c81c7ae794b2af794c918746f |
| SHA256 | 15ff353b873b58c7a8af42d94462aa4cb4ea03c10673a87a0d7f2c42b7ec60c0 |
| SHA512 | 915aa0121265b11d6ab58643fb1e4d867e3c49608dd5c8842364d4ed913f4742b4c4d54b21526ea62d7d48598b02c613f1ab39a4a071e403d4cc6fe68f839b7e |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\pythoncom39.dll
| MD5 | f7248c0bf2538a832f06bf5735badd88 |
| SHA1 | 301b9c6803781c9cf63414862d8ed8c64c1d5316 |
| SHA256 | 86be43773e1b863cc2e87c980ae9fd8291eff3d82dd4136491b8f95b2dbf868f |
| SHA512 | abc5ee57598cdbff3091d77f2f00bd7b69235b48810ba8946ffeed039b7aa03a7d49db2e21b01b6d0753b1dcb7ac5a29d56732451d2c739b5c47fe299a99c765 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_sqlite3.pyd
| MD5 | d7dce668e11c61245f91e723db68b134 |
| SHA1 | 0edd1d7783b6be460e9a5c02aaec971bb4aa25af |
| SHA256 | e8cd83af8716df93b761ffaa01949d57e2551804c3bab679d81ac72534490a1d |
| SHA512 | ace805042be4130329bafbe29d44a5c80a3746abdfc1ab63016f8e0dba97f4d02b30dd4dc29cb658f5757215bd132e8acc34a5842f955a0c45c1837b916319e4 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\sqlite3.dll
| MD5 | 1d234679a3e6e068b741b83eebc3adb2 |
| SHA1 | e63c5b5ee813a73585ecf5e4425cf3fe52e1294c |
| SHA256 | 5a4fc3957bc5f007b6c3a2df66c8286fe65ae74827a233f0df2e9679dc7ad39f |
| SHA512 | a085613067482b4544bddcdceef56f5fb46322ddb4490b1034f2fdacbe2a3dcc3721e645941d89dbb9110cd5630cab0cc4cc1573946e5667d6c6c07ffce341cd |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\libcrypto-1_1.dll
| MD5 | ab01c808bed8164133e5279595437d3d |
| SHA1 | 0f512756a8db22576ec2e20cf0cafec7786fb12b |
| SHA256 | 9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55 |
| SHA512 | 4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_hashlib.pyd
| MD5 | 69dc506cf2fa3da9d0caba05fca6a35d |
| SHA1 | 33b24abb7b1d68d3b0315be7f8f49de50c9bdcb6 |
| SHA256 | c5b8c4582e201fef2d8cb2c8672d07b86dec31afb4a17b758dbfb2cff163b12f |
| SHA512 | 0009ec88134e25325a47b8b358da0fed8bb34fe80602e08a60686f6029b80f4287d33adb66ef41435d11d6edff86a88916f776eeaf2d1cb72035783f109ca1ff |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_ssl.pyd
| MD5 | 70014e88ecf3133b7be097536f77b459 |
| SHA1 | 5d75675bb35ba6fae774937789491e051e62a252 |
| SHA256 | d318795c98c5f3c127c8e47220a92acba0736daf31bab0dc9c7e6c3513bb2aa3 |
| SHA512 | aa59b32c9164afca1b799e389c7087e95eeaa543790b6f590f9e30aa13b7fdb8cc83d0ef6351f0b578a4da636f4ca1e6dfe4558dcf3a813b744a80f7392aa462 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\libssl-1_1.dll
| MD5 | de72697933d7673279fb85fd48d1a4dd |
| SHA1 | 085fd4c6fb6d89ffcc9b2741947b74f0766fc383 |
| SHA256 | ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f |
| SHA512 | 0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_brotli.cp39-win_amd64.pyd
| MD5 | 2c7528407abfd7c6ef08f7bcf2e88e21 |
| SHA1 | ee855c0cde407f9a26a9720419bf91d7f1f283a7 |
| SHA256 | 093ab305d9780373c3c7d04d19244f5e48c48e71958963ceca6211d5017a4441 |
| SHA512 | 93e7c12a6038778fcda30734d933b869f93e3b041bb6940852404641a599fe9c8ee1168a2e99dcfb624f84c306aff99757d17570febabc259908c8f6cda4dbea |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\VCRUNTIME140_1.dll
| MD5 | 135359d350f72ad4bf716b764d39e749 |
| SHA1 | 2e59d9bbcce356f0fece56c9c4917a5cacec63d7 |
| SHA256 | 34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32 |
| SHA512 | cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_queue.pyd
| MD5 | 328e41b501a51b58644c7c6930b03234 |
| SHA1 | bc09f8b62fec750a48bafd9db3494d2f30f7bd54 |
| SHA256 | 2782cf3c04801ede65011be282e99cd34d163b2b2b2333fd3147b33f7d5e72ab |
| SHA512 | c6e6e6bca0e9c4e84f7c07541995a7ee4960da095329f69120ba631c3c3e07c0441cf2612d9dcc3d062c779aec7d4e6a00f71f57cc32e2a980a1e3574b67d248 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\MSVCP140.dll
| MD5 | 0929e46b1020b372956f204f85e48ed6 |
| SHA1 | 9dc01cf3892406727c8dc7d12ad8855871c9ef09 |
| SHA256 | cb3c74d6fcc091f4eb7c67ee5eb5f76c1c973dea8b1c6b851fcca62c2a9d8aa8 |
| SHA512 | dd28fca139d316e2cc4d13a6adffb7af6f1a9dc1fc7297976a4d5103fae44de555a951b99f7601590b331f6dbb9bfc592d31980135e3858e265064117012c8d5 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\unicodedata.pyd
| MD5 | 3ba2a20dda6d1b4670767455bbe32870 |
| SHA1 | 7c98221bc6ed763030087b1f33fb83eac2823ea4 |
| SHA256 | 3a0987025f1cf2111dc6e4f59402073ba123d7436d809ee4198b4e7bfb8cb868 |
| SHA512 | 0688f8af3359a8571bef2a89efabc2dbf26f3f5c6220932a4e7df2e33fac95cafee8b80796346ba698e6bf43630b8069f56538b95a8ff62ec21d629787ca5cd1 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\_cffi_backend.cp39-win_amd64.pyd
| MD5 | 3d48e9bc9a3b68e816e1d0be284f2d3f |
| SHA1 | 410921af4383bdc898df691ea39e3e9f558c3d85 |
| SHA256 | 88451f322707b22c43b36796c3711bace64f50ef7b22c94fbf29a04a2838e533 |
| SHA512 | 829c0e0458f927ffd8e60194c5ef75c9e4f9da86d3fa7d7184715a869a2765b5e3a0d4263ab9acbbdb752f451acc87eb5a7b1d63712c67e21fcef8c228da3db3 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\Crypto\Cipher\_raw_ecb.pyd
| MD5 | ade53f8427f55435a110f3b5379bdde1 |
| SHA1 | 90bdafccfab8b47450f8226b675e6a85c5b4fcce |
| SHA256 | 55cf117455aa2059367d89e508f5e2ad459545f38d01e8e7b7b0484897408980 |
| SHA512 | 2856d4c1bbdd8d37c419c5df917a9cc158c79d7f2ee68782c23fb615d719d8fe61aaa1b5f5207f80c31dc381cd6d8c9dabd450dbc0c774ff8e0a95337fda18bd |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\Crypto\Cipher\_raw_cbc.pyd
| MD5 | 0d0450292a5cf48171411cc8bfbbf0f7 |
| SHA1 | 5de70c8bab7003bbd4fdcadb5c0736b9e6d0014c |
| SHA256 | cb3ce4f65c9e18be6cbb504d79b594b51f38916e390dad73de4177fe88ce9c37 |
| SHA512 | ba6bbcc394e07fe09bb3a25e4aae9c4286516317d0b71d090b91aaec87fc10f61a4701aa45bc74cb216fff1e4ad881f62eb94d4ee2a3a9c8f04a954221b81d3a |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\Crypto\Cipher\_raw_cfb.pyd
| MD5 | 0f4d8993f0d2bd829fea19a1074e9ce7 |
| SHA1 | 4dfe8107d09e4d725bb887dc146b612b19818abf |
| SHA256 | 6ca8711c8095bbc475d84f81fc8dfff7cd722ffe98e0c5430631ae067913a11f |
| SHA512 | 1e6f4bc9c682654bd18e1fc4bd26b1e3757c9f89dc5d0764b2e6c45db079af184875d7d3039161ea93d375e67f33e4fb48dcb63eae0c4ee3f98f1d2f7002b103 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\Crypto\Cipher\_raw_ofb.pyd
| MD5 | b894480d74efb92a7820f0ec1fc70557 |
| SHA1 | 07eaf9f40f4fce9babe04f537ff9a4287ec69176 |
| SHA256 | cdff737d7239fe4f39d76683d931c970a8550c27c3f7162574f2573aee755952 |
| SHA512 | 498d31f040599fe3e4cfd9f586fc2fee7a056635e9c8fd995b418d6263d21f1708f891c60be09c08ccf01f7915e276aafb7abb84554280d11b25da4bdf3f3a75 |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\Crypto\Cipher\_raw_ctr.pyd
| MD5 | 8f385dbacd6c787926ab370c59d8bba2 |
| SHA1 | 953bad3e9121577fab4187311cb473d237f6cba3 |
| SHA256 | ddf0b165c1c4eff98c4ac11e08c7beadcdd8cc76f495980a21df85ba4368762a |
| SHA512 | 973b80559f238f6b0a83cd00a2870e909a0d34b3df1e6bb4d47d09395c4503ea8112fb25115232c7658e5de360b258b6612373a96e6a23cde098b60fe5579c1c |
C:\Users\Admin\AppData\Local\Temp\_MEI2082\Crypto\Util\_strxor.pyd
| MD5 | 8070eb2be9841525034a508cf16a6fd6 |
| SHA1 | 84df6bceba52751f22841b1169d7cd090a4bb0c6 |
| SHA256 | ee59933eba41bca29b66af9421ba53ffc90223ac88ccd35056503af52a2813fe |
| SHA512 | 33c5f4623a2e5afe404056b92556fdbaf2419d7b7728416d3368d760ddfde44a2739f551de26fa443d59294b8726a05a77733fee66abc3547073d85f2d4ebeee |