Overview

overview

10

Static

static

5

output.pdf

windows7-x64

10

output.pdf

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2025 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    output.pdf

  • Size

    1KB

  • MD5

    db3778162ef03444aaf68624f1be9f46

  • SHA1

    17a74c29ddad59a4c9a5d5b890424de9c1215f10

  • SHA256

    efc46388e00b249aa532bf7ef8e49648fbc5754fb515b1c221a0774ccdd89ae0

  • SHA512

    b77d5ab13eec233d626c04cd73c2e75610d6155f4bc770556d4ddff86bafe154be19255319dec81a30374010317f7fb928b95d321ff4e4de17ba1b30c4ca29e9

Score
10/10
redlinediscoveryinfostealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Redline family
    redline
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\output.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://195.177.92.19/denuvo.exe
      2⤵
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2576
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\denuvo.exe
        "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\denuvo.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f82ff0f884a2a0b7440d40e79fd75765

    SHA1

    182248cf16c10c2e7a19360669d707bca1f3ae13

    SHA256

    7270ca2276c4cc0f226ab900e1a528fe56ad7866fd7b350c71464bce86ab4978

    SHA512

    9267d7b19922f297c6f45409e695ba674176cb770c7ef6bcaf2481dcc5efd5861fe3710ba76151955ec447193f06c11a658baf30c987ae1e015a5d30bfd00f22

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27e1955941fee5106e0b209f923830e3

    SHA1

    84dd339280b0e60f7ce1889e05f5c29be9ae09ff

    SHA256

    c3083b203b48ebcc40120be64e8fc54737587c2afe3a53102685aaae68b51fc2

    SHA512

    4cd0b23813cd5d9d5147a3a7d5a1b9dce949bcbcf93cb0f46a8b1420f428a0727ed6ed917d96802c2c4db30fb8f152fb9ee1a5110037f4abcfd15d2dd15451bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4863deea0a625e99b3e35a6c2febd56

    SHA1

    21cbf3f8ce66cff666c89d7ffc564d9a793a9f73

    SHA256

    1497d7e98f8123c6625076970b37e8b77c8bc3a2e96a4d59cdc67e71790ea206

    SHA512

    5c5e95437460fca341c737aed52a7a04f41e82d3280654f9a8b8978c4c954454e637833f139c37c6b1121e9e8d2a73cce89540bf10506aef9b0855e52d74bd92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6c8003c09bc178c8ba9f2a10ad6a7af

    SHA1

    4bcba395e9147d603ba1f115162a19a185bb442e

    SHA256

    3fcebf45d7a87e22a8d3dd53267d335bfaeada097c6416734ec436c2a694fb43

    SHA512

    d72d77a05ec7b3d61cf07a4e362d1982b565b680d0195dc0eff0812d43eb41c899bb94614ee65789df5eade2988c56bad3bb2e9ac22f1ddb5cdd14199ecb3d7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef7477782d9672cfbd66abee7450c5b5

    SHA1

    360357c822ee554bf6f13a962ec94feb6d2298a5

    SHA256

    f72819b9e172397a4a2ea2ebc638dcf01d1b8daf70138cee1a1bd3f60d9b7945

    SHA512

    e0535bd068fb312f69dfddf06c3e1e8ed3829dc864357be3e340183234376d9cdc826cc3db4f7e249ed9fc57b8f4342dde50d5a69f9f404aaa8f2a5c614e5e7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1df629ac139849957b67baddb1574036

    SHA1

    17c1fe2384197aa493d7deae9e4ad329eeb63361

    SHA256

    da18193d615e6a8a3edd0d9a51ec617bdcb03fc8897e0249eb8745d9fe239ed6

    SHA512

    ae2ea8c9838f257a6b503d723ad56b0ee54495e09306bb24b9579e26b27daebb4da479d6eca018fddc539268f2baa77305ac1a7e232cdbc87d80299d259f4427

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    626a07d9f3ca21147f7d99c7dd8c123b

    SHA1

    18ee97a91ae5ffd1098d33fdf542fea6b23e72fe

    SHA256

    9b73d5962b872f8a0fb3282983a6b7d900d1323c90732257627254e5470fde05

    SHA512

    daaabb8a1570d765700494f4fa7264ed9606bd04cfe85593a7ef34fe64708545f893550faa52d13854a7de9dac8ae8ca635d1d4c4b52ba608132c4ccb68aea19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11ec333e1c758ab06e7b5f248791605f

    SHA1

    62af5c5847d755b308fbd419032e92bdc9bb6eb9

    SHA256

    53f7a16f98a4bce82694639605b3dacd499ea821257978488355a5c7ccc92606

    SHA512

    7cd36bcd4ec9ed014f86c6aa9c14a03bed3424dbe61110d416c4cd139a85cbb13e614d8158b9086b8b6a3bda2d6a2a83725e02c01bd242df6f525e776a89dd7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0eb95a38bde0ded92af824d7d9279a27

    SHA1

    39f3de8e8b3e14597406d89feb7bb5cafdefe438

    SHA256

    84b1a0ffc418336146b8f664eaebd3adcf058cc5514863c716e31e632b2422bf

    SHA512

    e935eb3ce51e459b92d68b4e89290740a2db5a3bb8df0fc6fee3222aeb33732ad564e67e36f99d84d8d9a3fc44568ee293338e3335b95fb5b55bda68a17c75b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07bea632f9ce8fb3933c282ea12df8e7

    SHA1

    9bb453e5c79325ba9fcfc1660cbc7346b1c477f6

    SHA256

    a01e766f16117f1a91067302631d42132ba42fc2ef5b59771ec88816460384ca

    SHA512

    bf4590f3938ea67462f4a271e5289e2ed9c3e50479bbe98dcd2deb4e0580379cf6007aaea72c295d98e51876c39cb315325a2e1136c831baf7da4df5065910a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    699a1aa085c32732b6b3d4f04b6a0601

    SHA1

    235ae8cb1cb9747cdfe2c962685419fa1ded2dec

    SHA256

    834f594e257deb9f026e65b6cfa5bffb1619b1cfb2adb88b72b208714199536a

    SHA512

    1b1428093f4a58286fcd1119391f51125b7182d6d65ba61ed0060ece41f8b83e74e03f70b706b1723cd480163ae4b4d0b436065c58e0eff1fcc452d7d8d8371a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    efc70a6c2de0b94b597acb9d3e9bebb7

    SHA1

    737ebc2e9fdc2e158eabff1ecec9c83c9cd71724

    SHA256

    d54e0b619ce5c6ee27a89c62c79bd098b8432fe643df4c14b0261b23e8a05fb9

    SHA512

    a48aed855fceb5554f605a37e84a1a1c9f0aacc043b270732f4c05957036e173ce1f322a57f444efe829c00cd33392be313c22875348e792bb7757de00ef5ce3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    859719e668ecbbc816e799fa840938ab

    SHA1

    28f56e85572193c537983bd61b3fe49925ab2cab

    SHA256

    e806bff7020fdc2821f90bb90ae9713b3160de552f9a2a2e877f070530ff3b56

    SHA512

    c1ea956bf847f9cbfd36e8a363f877db1d63f050baf23969956f1662cf6058306a014c830413abd6e56ab8afea9deefee6083b1f90036a43f75a6002f17fdff0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86ea80cbe83a1197c01d8646ebbf1ccd

    SHA1

    10f3bcf45c4192f3cdeccf0bc9e915febe5ee566

    SHA256

    99d3671910aaa840d87c61789bdfc4881dee3008e4e8d47b45dd286bd2daa822

    SHA512

    daf978b8ac8eac68f67952448a2e5f322ec55da0d9904082e1b213164a351efa0a71de4cb7028070a442efa680163afc250dc39933e43f273f96fe371f769ae5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06b15ccf7bb44df2d151127d85191d8b

    SHA1

    3abda7b9ceb542520d282844a8d6a74fb122fa18

    SHA256

    e50899c2e7c69b3d8476c80bd561e60f31db46f079585f9834eb371557140380

    SHA512

    a96de1d9fef5b3b97ffd3a456218d580c51f8874cd5f4346bca98cf2bab53fdc0868f595b4a7d17cc0175fdda7ae7ebcce0e441135ded2c7b638739544eada76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b92694138e00ef5af7e3333803968d8e

    SHA1

    cf3fb1deac54bf60ea6508329edf1c1c7100cbc8

    SHA256

    81ed118e0dc749c53e855b4f4689d619eda23fd816d05f32a36835e1f31e2723

    SHA512

    e6c35674d21f00ed32cba9d8edcbae6af939f92a2796461ca89bdf3652bf92e809475b6f30bfc34eb1dde0f44ace76115620c2affa8d0ed30f53cfe54766e946

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7425b99592c08fa4919a43d1b3166021

    SHA1

    b9c6f1e12c247bd68c59dab504b3c26ed24c83a0

    SHA256

    3b45f65ad78f7a5af013f5f2c9c7a2a767b31e12b6969967e67b8937fa166316

    SHA512

    0c35831ccf3f11a1f06c3115438044ad069af86053d970b4aa2df6a7b3f6c2aa343e3dbd159d01fa2dc5b8091bf4b66681de7bd02eeabdc3b61871d968abdb3c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ccb3aa7c7c126ef4ecc530ec7be2833

    SHA1

    56a2eae44fb5774ed07913ca32e99059011c7f75

    SHA256

    e5c93959e8c35f2707a545f772a6847d0891cfde0c70c987a0e737e50ffa5e32

    SHA512

    78bda6b1f5e6f0d048db593d44ac3d707e074198a78a626e074da37c4e11f575954b58d6e4e8640c8042e7ea0fac907a59af46a39f7c7fdd903c9771e350ff37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eebfa49a56ea0c70621840fe34d77aa0

    SHA1

    1f3c94c5220cc7032091282d1cab9f15ecb2321b

    SHA256

    e838f64bda3a5082e57fa19ca6103e83ca79bfc54eab9fbd91f1d4a5680a976d

    SHA512

    db23deb4823da9173c486c404ca908f32dd07429813fc1f042bf2986305ab72a4b5e7812b8829c155a09a1ec791f79de80fc097ed4afd58f882e28a24de56312

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24d097b5ba5eab979e13d56c12a76889

    SHA1

    22c944e0aa3f6e2ac496f60ca2d48d2af394ded9

    SHA256

    1a00ce0c3e1f8578512f1c191d9b47e181977fc1004fc868089f6a20619dc121

    SHA512

    128cd5741d033db3926c54e4c2bd4f8453593632bb8409753028e8ddcb0b72f23f2e8d900229c20d4ddd879f3537adf3c15d53017e9e0ba506605e028fd3bfc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e922dcb22fe15707c4ae01db028f2a2

    SHA1

    6d2c083340d3bd60f547d3d8fe75130abbd46c65

    SHA256

    e5bfb0de4d9edeeb8711e858190c2d720c3586feae6e6a3cc86bdab8c2f350fb

    SHA512

    320ba54b90ccb52a3447d1c591ec425af2e4c4bdc5743174352a7c8ea056600f6c6468b70028bade322e6d7f2e7d5e7c7be3db27c5fbae294d05ec8a711353c1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\denuvo.exe.k0kojtq.partial
    Filesize

    3.9MB

    MD5

    21e4d229e67971abede49de4d1c501d6

    SHA1

    9b688958f1a1932f34ce24abe8aa1355bf510cea

    SHA256

    0faf491ddc77fd6e2d323f612dd9512c2525ad617bcd2a887e89c494f9f7858e

    SHA512

    137821dd623ee1dba6de230af441ce099ad30ef532f9e64b9c59667f6792146b6963433304cc6321a909fa9ce2abcdef76bd81fc07507f16e85a76a362eb9848

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2BB5.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2D4E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    549e3e4a27f321f33a2f401c4c075c80

    SHA1

    f2c9eddf9ed4af47d0e4b404caddc9acdaaea678

    SHA256

    097d878fc2740006630f19c2149eb816fb4b77e64b2a283efb64e5ceed87e945

    SHA512

    8ab2e91aa948ee64eb01fe8df2f861e090023f7e9dc3196d3b3eb6ecd440fa479f67e8ed4563f2591aa361e09232bf6ba0f52b42532dd99970ec5b64886ce15d

    Download Submit

  • memory/2972-480-0x0000000007CD0000-0x0000000007D1A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2972-469-0x0000000007C80000-0x0000000007CCA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2972-468-0x0000000007C80000-0x0000000007CCA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2972-440-0x0000000010000000-0x0000000010005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2972-439-0x0000000010000000-0x0000000010005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2972-442-0x0000000010000000-0x0000000010005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2972-444-0x0000000010000000-0x0000000010005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2972-446-0x0000000010000000-0x0000000010005000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2972-430-0x00000000021C0000-0x00000000022D7000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2972-428-0x00000000021C0000-0x00000000022D7000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2972-427-0x00000000021C0000-0x00000000022D7000-memory.dmp

    Filesize

    1.1MB

    Download