Overview

overview

10

Static

static

3

NEAS.07eb5...JC.exe

windows7-x64

10

NEAS.07eb5...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    109s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-10-2023 16:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.07eb5dd8b5ba47ed4d5a38e37b147030_JC.exe

  • Size

    233KB

  • MD5

    07eb5dd8b5ba47ed4d5a38e37b147030

  • SHA1

    43ccfd81fa278b1f27340e78dc21c27bc0288789

  • SHA256

    ec2a5f24c8c2a7cb28842098b10d8485a87baff38999e66db2e427a4708ed917

  • SHA512

    4f6cce62aa3739fa53178ddeebde8fe3e51d38722d13176078372fac2cb8d3000711d73595fa8ebb9a983a65f85c6a064155b8ece968ec49cc2659dcc85ec237

  • SSDEEP

    6144:IT9iGjZ+M23Xgf7bBE+gDHiMMYY8+BvD:IcGjIM23Qf7bBE+WiMMYY8+BvD

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

C2

5.42.65.101:40676

Attributes
  • auth_value

    5ea5ff960adfcd6deb133457d13c18fe

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.07eb5dd8b5ba47ed4d5a38e37b147030_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.07eb5dd8b5ba47ed4d5a38e37b147030_JC.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3336-0-0x0000000000400000-0x000000000043E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3336-1-0x0000000002060000-0x000000000208A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3336-5-0x0000000075070000-0x0000000075820000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3336-6-0x0000000004AF0000-0x0000000005108000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/3336-7-0x0000000005120000-0x000000000522A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3336-8-0x0000000005250000-0x0000000005262000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3336-9-0x0000000075070000-0x0000000075820000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3336-10-0x00000000052B0000-0x00000000052C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3336-11-0x0000000005270000-0x00000000052AC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3336-12-0x00000000052E0000-0x000000000532C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3336-13-0x00000000052B0000-0x00000000052C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3336-14-0x00000000056E0000-0x0000000005746000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3336-15-0x00000000059C0000-0x0000000005A52000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3336-16-0x0000000005A60000-0x0000000006004000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3336-17-0x0000000006070000-0x00000000060E6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/3336-18-0x0000000006110000-0x0000000006160000-memory.dmp

    Filesize

    320KB

    Download

  • memory/3336-19-0x0000000006320000-0x00000000064E2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/3336-20-0x00000000064F0000-0x0000000006A1C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3336-23-0x0000000075070000-0x0000000075820000-memory.dmp

    Filesize

    7.7MB

    Download