Overview

overview

10

Static

static

3

cddf92f109...68.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-11-2024 13:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cddf92f109d0b48b7d7fb3c7a424623be643cb2ae2a3feeb5dbaec0f2de91368.exe

  • Size

    641KB

  • MD5

    54453cf11175585a3b13ff2658153195

  • SHA1

    ce68bebbaa34c95636e120e438e85b8493fb482e

  • SHA256

    cddf92f109d0b48b7d7fb3c7a424623be643cb2ae2a3feeb5dbaec0f2de91368

  • SHA512

    7b1ad57f6ab9ba0b2f665978745b52d6840f284920f7f449569de414d0005ff45a230bfa1e8a6e92bfe684b7ed9e1db3983b9007113ad5530e605993746355b0

  • SSDEEP

    12288:Oy90ybhCjAH9wDayKZMgYBMVhoP2LSy/rcXIwZ/G94Uo4Zf2:Oy9hCjvNyAM/eAcYwZoZf2

Score
10/10
healerredlinediscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 17 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Healer family
    healer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 21 IoCs
  • Redline family
    redline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cddf92f109d0b48b7d7fb3c7a424623be643cb2ae2a3feeb5dbaec0f2de91368.exe
    "C:\Users\Admin\AppData\Local\Temp\cddf92f109d0b48b7d7fb3c7a424623be643cb2ae2a3feeb5dbaec0f2de91368.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4872
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st006709.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st006709.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2004
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\04122798.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\04122798.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4444
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp956591.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp956591.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:4692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st006709.exe
    Filesize

    488KB

    MD5

    b5358e924b1f5e831d0499355e445b4d

    SHA1

    86a6dbb2931d0863df71444beba43f8e26ea12c4

    SHA256

    910341b9744085533e0a070fce0b1b747f97f76c6f38045cb9dfda3bcc3f85fe

    SHA512

    7d7f95a7e9cac8ead42a5565ab3ec8751b50699e6ba57e0410f6a32e7c87b43d6dc2e37c7471884c6efee4632788317aa2aa95eaea8088de23a1adcb89bd9ef5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\04122798.exe
    Filesize

    176KB

    MD5

    2b71f4b18ac8214a2bff547b6ce2f64f

    SHA1

    b8f2f25139a7b2e8d5e8fbc024eb5cac518bc6a5

    SHA256

    f7eedf3aec775a62c265d1652686b30a8a45a953523e2fb3cfc1fac3c6a66fbc

    SHA512

    33518eff768610bf54f9888d9d0d746b0c3500dc5f2b8fd5f1641d5a264f657a8311b40364f70932512581183b244fec3feb535e21c13e0ec8adec9994175177

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp956591.exe
    Filesize

    340KB

    MD5

    936efdf88e92c221a62e18fae00f517f

    SHA1

    77aa45464e97d367b75ba39d7340fed5039d00e5

    SHA256

    3f57f27351c33bf50e4ad67558516e3b5bfe8e59b8f6d12543edd8180073dd73

    SHA512

    972c5ca32e84476f0bf9b28be1340f722f5d8eaf4f06a3f4ca2dc6676b16d2d6b8969cbb602606d288e0ae6ff13731bc3405a5fe3e418b9c0ab70435cd6b3fe1

    Download Submit

  • memory/4444-50-0x0000000073CC0000-0x0000000074470000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4444-47-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4444-16-0x0000000073CC0000-0x0000000074470000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4444-18-0x0000000073CC0000-0x0000000074470000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4444-19-0x0000000002440000-0x0000000002458000-memory.dmp

    Filesize

    96KB

    Download

  • memory/4444-29-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4444-17-0x0000000004BA0000-0x0000000005144000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4444-45-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4444-43-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4444-41-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4444-39-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4444-37-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4444-35-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4444-33-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4444-31-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4444-27-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4444-25-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4444-23-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4444-14-0x0000000073CCE000-0x0000000073CCF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4444-20-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4444-48-0x0000000073CC0000-0x0000000074470000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4444-49-0x0000000073CCE000-0x0000000073CCF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4444-15-0x0000000002050000-0x000000000206A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4444-52-0x0000000073CC0000-0x0000000074470000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4444-21-0x0000000002440000-0x0000000002453000-memory.dmp

    Filesize

    76KB

    Download

  • memory/4692-855-0x000000000A4F0000-0x000000000A53C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/4692-62-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-59-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-73-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-94-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-92-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-88-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-86-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-84-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-83-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-80-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-854-0x0000000007300000-0x000000000733C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4692-76-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-78-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-68-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-66-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-64-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-90-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-70-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-60-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-74-0x0000000004B20000-0x0000000004B55000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4692-851-0x0000000009D90000-0x000000000A3A8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/4692-852-0x00000000072D0000-0x00000000072E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4692-853-0x000000000A3B0000-0x000000000A4BA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4692-58-0x0000000004B20000-0x0000000004B5A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/4692-57-0x0000000004A80000-0x0000000004ABC000-memory.dmp

    Filesize

    240KB

    Download