Analysis Overview
SHA256
40d6861fe84821ca8a2d3f226ac49f6406dada0a1504592dd86fb25b0136b896
Threat Level: Known bad
The file Loader (1).zip was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-07-05 00:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-05 00:23
Reported
2024-07-05 00:25
Platform
win7-20240611-en
Max time kernel
101s
Max time network
103s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Loader (1).zip"
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Loader\G£àpasswordG£à--free.txt
C:\Users\Admin\Desktop\Loader\loader.exe
"C:\Users\Admin\Desktop\Loader\loader.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Loader\tpm\sys-2023-10-01-074053 (2).log
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Loader\tpm\sys-2023-10-01-074053.log
Network
| Country | Destination | Domain | Proto |
| NL | 45.15.156.142:33597 | tcp | |
| NL | 45.15.156.142:33597 | tcp |
Files
memory/376-0-0x0000000000280000-0x00000000002D0000-memory.dmp
memory/376-4-0x0000000073CFE000-0x0000000073CFF000-memory.dmp
memory/376-5-0x0000000073CFE000-0x0000000073CFF000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-05 00:23
Reported
2024-07-05 00:26
Platform
win10v2004-20240704-en
Max time kernel
94s
Max time network
130s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Loader (1).zip"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |