Analysis Overview
SHA256
64a0d961e9f643a9457fd35d908a3549c87413dca21226e199c67bcafd47317b
Threat Level: Known bad
The file 64a0d961e9f643a9457fd35d908a3549c87413dca21226e199c67bcafd47317b was found to be: Known bad.
Malicious Activity Summary
RedLine
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-08-10 10:20
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-10 10:20
Reported
2023-08-10 10:23
Platform
win10-20230703-en
Max time kernel
102s
Max time network
109s
Command Line
Signatures
RedLine
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\64a0d961e9f643a9457fd35d908a3549c87413dca21226e199c67bcafd47317b.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\64a0d961e9f643a9457fd35d908a3549c87413dca21226e199c67bcafd47317b.exe
"C:\Users\Admin\AppData\Local\Temp\64a0d961e9f643a9457fd35d908a3549c87413dca21226e199c67bcafd47317b.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 209.250.248.11:33522 | tcp | |
| US | 8.8.8.8:53 | 11.248.250.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
Files
memory/2912-121-0x00000000024B0000-0x00000000025B0000-memory.dmp
memory/2912-122-0x0000000002440000-0x000000000247F000-memory.dmp
memory/2912-123-0x0000000000400000-0x00000000022FC000-memory.dmp
memory/2912-124-0x00000000043C0000-0x00000000043F8000-memory.dmp
memory/2912-125-0x0000000004480000-0x0000000004490000-memory.dmp
memory/2912-126-0x00000000732E0000-0x00000000739CE000-memory.dmp
memory/2912-127-0x00000000068F0000-0x0000000006DEE000-memory.dmp
memory/2912-128-0x0000000004440000-0x0000000004474000-memory.dmp
memory/2912-129-0x0000000004080000-0x0000000004086000-memory.dmp
memory/2912-130-0x000000000C320000-0x000000000C926000-memory.dmp
memory/2912-131-0x000000000C9A0000-0x000000000CAAA000-memory.dmp
memory/2912-133-0x0000000004480000-0x0000000004490000-memory.dmp
memory/2912-132-0x000000000CAE0000-0x000000000CAF2000-memory.dmp
memory/2912-134-0x000000000CB00000-0x000000000CB3E000-memory.dmp
memory/2912-135-0x000000000CBA0000-0x000000000CBEB000-memory.dmp
memory/2912-136-0x00000000024B0000-0x00000000025B0000-memory.dmp
memory/2912-137-0x0000000002440000-0x000000000247F000-memory.dmp
memory/2912-138-0x0000000000400000-0x00000000022FC000-memory.dmp
memory/2912-139-0x0000000004480000-0x0000000004490000-memory.dmp
memory/2912-141-0x00000000732E0000-0x00000000739CE000-memory.dmp
memory/2912-142-0x000000000CDE0000-0x000000000CE56000-memory.dmp
memory/2912-143-0x000000000CE60000-0x000000000CEF2000-memory.dmp
memory/2912-144-0x000000000CF00000-0x000000000CF66000-memory.dmp
memory/2912-145-0x00000000040C0000-0x0000000004110000-memory.dmp
memory/2912-146-0x00000000092D0000-0x0000000009492000-memory.dmp
memory/2912-147-0x00000000094A0000-0x00000000099CC000-memory.dmp
memory/2912-148-0x0000000004480000-0x0000000004490000-memory.dmp
memory/2912-150-0x0000000000400000-0x00000000022FC000-memory.dmp
memory/2912-151-0x00000000732E0000-0x00000000739CE000-memory.dmp