Analysis Overview
SHA256
cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513
Threat Level: Known bad
The file cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513 was found to be: Known bad.
Malicious Activity Summary
RedLine
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-08-06 21:15
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-06 21:15
Reported
2023-08-06 21:18
Platform
win10-20230703-en
Max time kernel
125s
Max time network
132s
Command Line
Signatures
RedLine
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513.exe
"C:\Users\Admin\AppData\Local\Temp\cc7bcb15df19d5cb4f94968171c86ae63b46e2ce4a91a95e5f483c84310c9513.exe"
Network
| Country | Destination | Domain | Proto |
| GB | 51.89.201.49:6932 | tcp | |
| US | 8.8.8.8:53 | 49.201.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.148.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
Files
memory/2520-123-0x0000000002540000-0x0000000002640000-memory.dmp
memory/2520-124-0x00000000024A0000-0x00000000024DF000-memory.dmp
memory/2520-125-0x00000000040B0000-0x00000000040E8000-memory.dmp
memory/2520-126-0x0000000000400000-0x0000000002304000-memory.dmp
memory/2520-127-0x0000000006AD0000-0x0000000006AE0000-memory.dmp
memory/2520-128-0x0000000006AE0000-0x0000000006FDE000-memory.dmp
memory/2520-129-0x0000000004160000-0x0000000004194000-memory.dmp
memory/2520-131-0x00000000041B0000-0x00000000041B6000-memory.dmp
memory/2520-130-0x0000000073EF0000-0x00000000745DE000-memory.dmp
memory/2520-132-0x0000000006FE0000-0x00000000075E6000-memory.dmp
memory/2520-133-0x00000000075F0000-0x00000000076FA000-memory.dmp
memory/2520-134-0x0000000006AB0000-0x0000000006AC2000-memory.dmp
memory/2520-135-0x0000000006AD0000-0x0000000006AE0000-memory.dmp
memory/2520-136-0x0000000007700000-0x000000000773E000-memory.dmp
memory/2520-137-0x0000000007790000-0x00000000077DB000-memory.dmp
memory/2520-138-0x0000000002540000-0x0000000002640000-memory.dmp
memory/2520-139-0x0000000000400000-0x0000000002304000-memory.dmp
memory/2520-141-0x00000000024A0000-0x00000000024DF000-memory.dmp
memory/2520-142-0x0000000006AD0000-0x0000000006AE0000-memory.dmp
memory/2520-143-0x00000000079D0000-0x0000000007A46000-memory.dmp
memory/2520-144-0x0000000007A50000-0x0000000007AE2000-memory.dmp
memory/2520-145-0x0000000007AF0000-0x0000000007B56000-memory.dmp
memory/2520-146-0x0000000073EF0000-0x00000000745DE000-memory.dmp
memory/2520-147-0x000000000A360000-0x000000000A522000-memory.dmp
memory/2520-148-0x000000000A530000-0x000000000AA5C000-memory.dmp
memory/2520-149-0x0000000008620000-0x0000000008670000-memory.dmp
memory/2520-150-0x0000000006AD0000-0x0000000006AE0000-memory.dmp
memory/2520-152-0x0000000000400000-0x0000000002304000-memory.dmp
memory/2520-153-0x0000000073EF0000-0x00000000745DE000-memory.dmp