Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    47s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    16-11-2022 12:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    358KB

  • MD5

    05d396b39d0b2f31fdf66e1a634064ed

  • SHA1

    6c31c3ed6f851502b7c60290eec55eb6e55ade10

  • SHA256

    8039783b4425a891dc455a929b4ba8c6f9e706403c76ebf53cc9e435dbbd4394

  • SHA512

    dea24c3d3a80c1133d3c6eea4846e304805cd72bf8b9b9bb3f56e5b2a0f321ce11f89108f5aef6cb1baa6829107edf1c04635e1f1f1a46e9fcde2ee4d29431f7

  • SSDEEP

    6144:hNqWLn6ddONwkx99ERIaR0/QkKRLOhtCNOKRbKz2B13rtIJKC:hNqW76ddanCd0/3dSbi21AP

Score
10/10
redlineneruzdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

neruz

C2

193.106.191.27:47242

Attributes
  • auth_value

    0169a8759f3c9be473f782b96a6ff704

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1204

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1204-54-0x00000000023C0000-0x000000000240C000-memory.dmp
    Filesize

    304KB

    Download
  • memory/1204-55-0x0000000002680000-0x00000000026CA000-memory.dmp
    Filesize

    296KB

    Download
  • memory/1204-56-0x0000000074DE1000-0x0000000074DE3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1204-57-0x000000000091A000-0x0000000000950000-memory.dmp
    Filesize

    216KB

    Download
  • memory/1204-58-0x00000000002D0000-0x0000000000329000-memory.dmp
    Filesize

    356KB

    Download
  • memory/1204-59-0x0000000000400000-0x000000000085D000-memory.dmp
    Filesize

    4.4MB

    Download
  • memory/1204-60-0x000000000091A000-0x0000000000950000-memory.dmp
    Filesize

    216KB

    Download
  • memory/1204-61-0x0000000000400000-0x000000000085D000-memory.dmp
    Filesize

    4.4MB

    Download