Analysis Overview
SHA256
f19631e5456b043a5ca7bb5d5b07a6c062a1e737259298594cd0001f50195f19
Threat Level: Known bad
The file f19631e5456b043a5ca7bb5d5b07a6c062a1e737259298594cd0001f50195f19 was found to be: Known bad.
Malicious Activity Summary
RedLine
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-08-09 19:00
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-09 19:00
Reported
2023-08-09 19:03
Platform
win10-20230703-en
Max time kernel
128s
Max time network
133s
Command Line
Signatures
RedLine
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\f19631e5456b043a5ca7bb5d5b07a6c062a1e737259298594cd0001f50195f19.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f19631e5456b043a5ca7bb5d5b07a6c062a1e737259298594cd0001f50195f19.exe
"C:\Users\Admin\AppData\Local\Temp\f19631e5456b043a5ca7bb5d5b07a6c062a1e737259298594cd0001f50195f19.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 209.250.248.11:33522 | tcp | |
| US | 8.8.8.8:53 | 11.248.250.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.201.50.20.in-addr.arpa | udp |
Files
memory/4380-118-0x0000000001A30000-0x0000000001A59000-memory.dmp
memory/4380-119-0x0000000001A60000-0x0000000001A9F000-memory.dmp
memory/4380-121-0x0000000000400000-0x00000000018CF000-memory.dmp
memory/4380-120-0x00000000039C0000-0x00000000039F8000-memory.dmp
memory/4380-122-0x0000000005F60000-0x0000000005F70000-memory.dmp
memory/4380-123-0x0000000005F70000-0x000000000646E000-memory.dmp
memory/4380-124-0x00000000731C0000-0x00000000738AE000-memory.dmp
memory/4380-125-0x0000000003A00000-0x0000000003A34000-memory.dmp
memory/4380-126-0x0000000005F60000-0x0000000005F70000-memory.dmp
memory/4380-127-0x0000000005F60000-0x0000000005F70000-memory.dmp
memory/4380-128-0x00000000037D0000-0x00000000037D6000-memory.dmp
memory/4380-129-0x00000000066B0000-0x0000000006CB6000-memory.dmp
memory/4380-130-0x0000000006CC0000-0x0000000006DCA000-memory.dmp
memory/4380-132-0x0000000005F60000-0x0000000005F70000-memory.dmp
memory/4380-131-0x0000000006E00000-0x0000000006E12000-memory.dmp
memory/4380-133-0x0000000006E20000-0x0000000006E5E000-memory.dmp
memory/4380-134-0x0000000006EC0000-0x0000000006F0B000-memory.dmp
memory/4380-135-0x0000000000400000-0x00000000018CF000-memory.dmp
memory/4380-136-0x0000000001A30000-0x0000000001A59000-memory.dmp
memory/4380-137-0x0000000001A60000-0x0000000001A9F000-memory.dmp
memory/4380-138-0x0000000007000000-0x0000000007076000-memory.dmp
memory/4380-139-0x0000000007080000-0x0000000007112000-memory.dmp
memory/4380-140-0x0000000007220000-0x0000000007286000-memory.dmp
memory/4380-141-0x0000000005F60000-0x0000000005F70000-memory.dmp
memory/4380-142-0x00000000731C0000-0x00000000738AE000-memory.dmp
memory/4380-143-0x0000000007B60000-0x0000000007D22000-memory.dmp
memory/4380-144-0x0000000005F60000-0x0000000005F70000-memory.dmp
memory/4380-145-0x0000000007D40000-0x000000000826C000-memory.dmp
memory/4380-146-0x0000000005F60000-0x0000000005F70000-memory.dmp
memory/4380-147-0x0000000008690000-0x00000000086E0000-memory.dmp
memory/4380-148-0x0000000005F60000-0x0000000005F70000-memory.dmp
memory/4380-150-0x0000000000400000-0x00000000018CF000-memory.dmp
memory/4380-151-0x00000000731C0000-0x00000000738AE000-memory.dmp