Analysis Overview
SHA256
c0cbd3727926b4ed773615f88cb831e7582ec9c670f07d85d9bb7fd981cf6fb8
Threat Level: Known bad
The file c0cbd3727926b4ed773615f88cb831e7582ec9c670f07d85d9bb7fd981cf6fb8 was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
Redline family
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-07-07 01:45
Signatures
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Redline family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-07 01:45
Reported
2024-07-07 01:48
Platform
win7-20240705-en
Max time kernel
133s
Max time network
150s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54.exe
"C:\Users\Admin\AppData\Local\Temp\264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54.exe"
Network
| Country | Destination | Domain | Proto |
| RU | 85.28.47.7:17210 | tcp | |
| RU | 85.28.47.7:17210 | tcp | |
| RU | 85.28.47.7:17210 | tcp | |
| RU | 85.28.47.7:17210 | tcp | |
| RU | 85.28.47.7:17210 | tcp | |
| RU | 85.28.47.7:17210 | tcp |
Files
memory/2804-0-0x0000000074E7E000-0x0000000074E7F000-memory.dmp
memory/2804-1-0x00000000013E0000-0x0000000001430000-memory.dmp
memory/2804-2-0x0000000074E70000-0x000000007555E000-memory.dmp
memory/2804-3-0x0000000074E7E000-0x0000000074E7F000-memory.dmp
memory/2804-4-0x0000000074E70000-0x000000007555E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-07 01:45
Reported
2024-07-07 01:48
Platform
win10v2004-20240704-en
Max time kernel
141s
Max time network
162s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54.exe
"C:\Users\Admin\AppData\Local\Temp\264db4d677606c95912a93a457675d5ebaa24dc886da8bbcb800fe831c540a54.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| RU | 85.28.47.7:17210 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| RU | 85.28.47.7:17210 | tcp | |
| RU | 85.28.47.7:17210 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| RU | 85.28.47.7:17210 | tcp | |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| RU | 85.28.47.7:17210 | tcp | |
| RU | 85.28.47.7:17210 | tcp |
Files
memory/1660-0-0x0000000074B3E000-0x0000000074B3F000-memory.dmp
memory/1660-1-0x0000000000BD0000-0x0000000000C20000-memory.dmp
memory/1660-2-0x0000000005CD0000-0x0000000006274000-memory.dmp
memory/1660-3-0x0000000005600000-0x0000000005692000-memory.dmp
memory/1660-4-0x00000000056C0000-0x00000000056CA000-memory.dmp
memory/1660-5-0x0000000074B30000-0x00000000752E0000-memory.dmp
memory/1660-6-0x00000000068A0000-0x0000000006EB8000-memory.dmp
memory/1660-7-0x0000000005AC0000-0x0000000005BCA000-memory.dmp
memory/1660-8-0x00000000057A0000-0x00000000057B2000-memory.dmp
memory/1660-9-0x0000000005900000-0x000000000593C000-memory.dmp
memory/1660-10-0x0000000005950000-0x000000000599C000-memory.dmp
memory/1660-11-0x0000000074B3E000-0x0000000074B3F000-memory.dmp
memory/1660-12-0x0000000074B30000-0x00000000752E0000-memory.dmp