Analysis Overview
SHA256
554b75cb65327d24a3b341c72a0a0acb8d17eb974f5d34b5abb44ce170142489
Threat Level: Known bad
The file 662a5d4a94a2c4bb33ea35756afce582.exe was found to be: Known bad.
Malicious Activity Summary
RedLine
Program crash
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-08-08 07:46
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-08 07:46
Reported
2023-08-08 07:48
Platform
win7-20230712-en
Max time kernel
121s
Max time network
124s
Command Line
Signatures
RedLine
Processes
C:\Users\Admin\AppData\Local\Temp\662a5d4a94a2c4bb33ea35756afce582.exe
"C:\Users\Admin\AppData\Local\Temp\662a5d4a94a2c4bb33ea35756afce582.exe"
Network
Files
memory/2044-54-0x0000000000220000-0x0000000000249000-memory.dmp
memory/2044-55-0x0000000000250000-0x000000000028F000-memory.dmp
memory/2044-56-0x0000000000400000-0x00000000018CC000-memory.dmp
memory/2044-57-0x0000000003840000-0x0000000003878000-memory.dmp
memory/2044-60-0x0000000003800000-0x0000000003840000-memory.dmp
memory/2044-59-0x0000000003800000-0x0000000003840000-memory.dmp
memory/2044-61-0x0000000003800000-0x0000000003840000-memory.dmp
memory/2044-58-0x00000000741D0000-0x00000000748BE000-memory.dmp
memory/2044-62-0x0000000001C30000-0x0000000001C64000-memory.dmp
memory/2044-63-0x0000000000220000-0x0000000000249000-memory.dmp
memory/2044-64-0x0000000000400000-0x00000000018CC000-memory.dmp
memory/2044-65-0x0000000000250000-0x000000000028F000-memory.dmp
memory/2044-66-0x0000000000400000-0x00000000018CC000-memory.dmp
memory/2044-67-0x00000000741D0000-0x00000000748BE000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-08-08 07:46
Reported
2023-08-08 07:48
Platform
win10v2004-20230703-en
Max time kernel
139s
Max time network
153s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\662a5d4a94a2c4bb33ea35756afce582.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\662a5d4a94a2c4bb33ea35756afce582.exe
"C:\Users\Admin\AppData\Local\Temp\662a5d4a94a2c4bb33ea35756afce582.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4428 -ip 4428
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 1148
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
Files
memory/4428-133-0x0000000001B50000-0x0000000001B79000-memory.dmp
memory/4428-134-0x0000000001B80000-0x0000000001BBF000-memory.dmp
memory/4428-135-0x0000000000400000-0x00000000018CC000-memory.dmp
memory/4428-136-0x0000000074800000-0x0000000074FB0000-memory.dmp
memory/4428-137-0x0000000003960000-0x0000000003970000-memory.dmp
memory/4428-138-0x0000000003960000-0x0000000003970000-memory.dmp
memory/4428-139-0x0000000006030000-0x00000000065D4000-memory.dmp
memory/4428-140-0x00000000066C0000-0x0000000006752000-memory.dmp
memory/4428-141-0x0000000000400000-0x00000000018CC000-memory.dmp
memory/4428-144-0x0000000001B50000-0x0000000001B79000-memory.dmp
memory/4428-145-0x0000000001B80000-0x0000000001BBF000-memory.dmp
memory/4428-146-0x0000000000400000-0x00000000018CC000-memory.dmp
memory/4428-147-0x0000000074800000-0x0000000074FB0000-memory.dmp