Analysis Overview
SHA256
ea79ee028f9137297f4b4f42165658c0c60fd51a54e3df57361079e18cb42e22
Threat Level: Known bad
The file ea79ee028f9137297f4b4f42165658c0c60fd51a54e3df57361079e18cb42e22 was found to be: Known bad.
Malicious Activity Summary
RedLine
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-08-15 07:22
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-15 07:22
Reported
2023-08-15 07:24
Platform
win10-20230703-en
Max time kernel
127s
Max time network
132s
Command Line
Signatures
RedLine
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\ea79ee028f9137297f4b4f42165658c0c60fd51a54e3df57361079e18cb42e22.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ea79ee028f9137297f4b4f42165658c0c60fd51a54e3df57361079e18cb42e22.exe
"C:\Users\Admin\AppData\Local\Temp\ea79ee028f9137297f4b4f42165658c0c60fd51a54e3df57361079e18cb42e22.exe"
Network
| Country | Destination | Domain | Proto |
| PL | 51.83.170.21:19447 | tcp | |
| US | 8.8.8.8:53 | 21.170.83.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
Files
memory/948-121-0x0000000001B40000-0x0000000001B69000-memory.dmp
memory/948-122-0x0000000001B70000-0x0000000001BAF000-memory.dmp
memory/948-123-0x00000000039B0000-0x00000000039E8000-memory.dmp
memory/948-124-0x0000000000400000-0x00000000018D2000-memory.dmp
memory/948-125-0x0000000003A30000-0x0000000003A40000-memory.dmp
memory/948-126-0x0000000005FC0000-0x00000000064BE000-memory.dmp
memory/948-128-0x0000000003A40000-0x0000000003A74000-memory.dmp
memory/948-127-0x0000000073D50000-0x000000007443E000-memory.dmp
memory/948-129-0x0000000003890000-0x0000000003896000-memory.dmp
memory/948-130-0x00000000065C0000-0x0000000006BC6000-memory.dmp
memory/948-131-0x0000000006BD0000-0x0000000006CDA000-memory.dmp
memory/948-133-0x0000000003A30000-0x0000000003A40000-memory.dmp
memory/948-132-0x0000000006CE0000-0x0000000006CF2000-memory.dmp
memory/948-134-0x0000000006D00000-0x0000000006D3E000-memory.dmp
memory/948-135-0x0000000006D90000-0x0000000006DDB000-memory.dmp
memory/948-136-0x0000000001B40000-0x0000000001B69000-memory.dmp
memory/948-137-0x0000000000400000-0x00000000018D2000-memory.dmp
memory/948-138-0x0000000001B70000-0x0000000001BAF000-memory.dmp
memory/948-139-0x0000000073D50000-0x000000007443E000-memory.dmp
memory/948-140-0x0000000006ED0000-0x0000000006F46000-memory.dmp
memory/948-141-0x0000000006F50000-0x0000000006FE2000-memory.dmp
memory/948-142-0x00000000070F0000-0x0000000007156000-memory.dmp
memory/948-143-0x0000000007930000-0x0000000007AF2000-memory.dmp
memory/948-144-0x0000000007B10000-0x000000000803C000-memory.dmp
memory/948-145-0x0000000008550000-0x00000000085A0000-memory.dmp
memory/948-146-0x0000000003A30000-0x0000000003A40000-memory.dmp
memory/948-148-0x0000000000400000-0x00000000018D2000-memory.dmp
memory/948-149-0x0000000073D50000-0x000000007443E000-memory.dmp