Analysis Overview
SHA256
6dbf5bd3cc04522f3a9a8694ccef864b3abc2e63f4d553b9a68ace16d9666f65
Threat Level: Known bad
The file 6dbf5bd3cc04522f3a9a8694ccef864b3abc2e63f4d553b9a68ace16d9666f65 was found to be: Known bad.
Malicious Activity Summary
RedLine
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-08-12 21:00
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-12 21:00
Reported
2023-08-12 21:02
Platform
win10-20230703-en
Max time kernel
128s
Max time network
134s
Command Line
Signatures
RedLine
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\6dbf5bd3cc04522f3a9a8694ccef864b3abc2e63f4d553b9a68ace16d9666f65.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6dbf5bd3cc04522f3a9a8694ccef864b3abc2e63f4d553b9a68ace16d9666f65.exe
"C:\Users\Admin\AppData\Local\Temp\6dbf5bd3cc04522f3a9a8694ccef864b3abc2e63f4d553b9a68ace16d9666f65.exe"
Network
| Country | Destination | Domain | Proto |
| PL | 51.83.170.21:19447 | tcp | |
| US | 8.8.8.8:53 | 21.170.83.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.8.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.148.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.16.208.104.in-addr.arpa | udp |
Files
memory/1432-117-0x00000000034E0000-0x0000000003509000-memory.dmp
memory/1432-118-0x0000000003530000-0x000000000356F000-memory.dmp
memory/1432-119-0x0000000000400000-0x00000000018D5000-memory.dmp
memory/1432-120-0x0000000003600000-0x0000000003610000-memory.dmp
memory/1432-121-0x0000000005DF0000-0x0000000005E28000-memory.dmp
memory/1432-122-0x0000000073630000-0x0000000073D1E000-memory.dmp
memory/1432-123-0x0000000003600000-0x0000000003610000-memory.dmp
memory/1432-124-0x0000000005E30000-0x000000000632E000-memory.dmp
memory/1432-125-0x0000000006380000-0x00000000063B4000-memory.dmp
memory/1432-126-0x00000000088F0000-0x00000000088F6000-memory.dmp
memory/1432-127-0x0000000006670000-0x0000000006C76000-memory.dmp
memory/1432-128-0x0000000006CC0000-0x0000000006DCA000-memory.dmp
memory/1432-129-0x0000000006E00000-0x0000000006E12000-memory.dmp
memory/1432-130-0x0000000003600000-0x0000000003610000-memory.dmp
memory/1432-131-0x0000000006E20000-0x0000000006E5E000-memory.dmp
memory/1432-132-0x0000000006EC0000-0x0000000006F0B000-memory.dmp
memory/1432-133-0x00000000034E0000-0x0000000003509000-memory.dmp
memory/1432-134-0x0000000000400000-0x00000000018D5000-memory.dmp
memory/1432-135-0x0000000003530000-0x000000000356F000-memory.dmp
memory/1432-136-0x0000000007000000-0x0000000007076000-memory.dmp
memory/1432-137-0x0000000007080000-0x0000000007112000-memory.dmp
memory/1432-138-0x0000000007220000-0x0000000007286000-memory.dmp
memory/1432-139-0x0000000073630000-0x0000000073D1E000-memory.dmp
memory/1432-140-0x0000000003600000-0x0000000003610000-memory.dmp
memory/1432-141-0x0000000007B70000-0x0000000007D32000-memory.dmp
memory/1432-142-0x0000000007D50000-0x000000000827C000-memory.dmp
memory/1432-143-0x0000000003600000-0x0000000003610000-memory.dmp
memory/1432-144-0x00000000085B0000-0x0000000008600000-memory.dmp
memory/1432-146-0x0000000000400000-0x00000000018D5000-memory.dmp
memory/1432-147-0x0000000073630000-0x0000000073D1E000-memory.dmp