redline | 96db11589e31f55a3bb06de8f13246d3220a483e5ff41f8fabbb1070e0bf52fa | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 16:12

Sharing

Report Analysis Logs

General

Target

file.exe
Size

1.2MB
MD5

ea997020dfe8911e85a57e22185a827a
SHA1

8435195f9077b4759f61d7d5274622342152cd4c
SHA256

96db11589e31f55a3bb06de8f13246d3220a483e5ff41f8fabbb1070e0bf52fa
SHA512

79d46fd08c7c2ac46eac4a1f5c000cac59421817219ad48c4b9dbb539310c3ee5ac7134ca49ea994b110671a0eca91a7f87582f1765ad2bc0a699e7addcc973b
SSDEEP

24576:xscfqYRgWHOpTqaQBm6i65noMaDCLAyPsmGgivF18G6xDWmuZRCt:xaWHOpTqaQBrd57KgLsmSvf8GyWmuZ4

Score

10^/10

redline infostealer

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2296	2552	WerFault.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 2296	2552	file.exe	32
PID 2552 wrote to memory of 2296	2552	file.exe	32
PID 2552 wrote to memory of 2296	2552	file.exe	32
PID 2552 wrote to memory of 2296	2552	file.exe	32

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 108
  2⤵
  - Program crash
  PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2552-0-0x0000000000290000-0x0000000000427000-memory.dmp

Filesize
1.6MB

Download
memory/2552-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2552-2-0x0000000000290000-0x0000000000427000-memory.dmp

Filesize
1.6MB

Download