Overview

overview

10

Static

static

3

7831aae6a8...ab.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/11/2024, 14:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7831aae6a88dcbd3eafdfd15005a00a98e0839e9c5bda7fedd5bb46d7334edab.exe

  • Size

    612KB

  • MD5

    7c9b09bafaf6f93bdf8a7495abc66613

  • SHA1

    9697d64937b2731e9b88801c60b64411db484808

  • SHA256

    7831aae6a88dcbd3eafdfd15005a00a98e0839e9c5bda7fedd5bb46d7334edab

  • SHA512

    334ad1cdfdad5223e1c5a262ca0aebbdba2445ea38812856dc614c233faf5d3863843f93e812c9eb36e0ca724e43f73e928bb7944a695b945433df83026217c8

  • SSDEEP

    12288:cy90Um2hpwSx14EhnRoi6WRxswEHgBI66fcsWsn:cyPJMSCDOBEABp65W6

Score
10/10
healerredlinediscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 2 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Healer family
    healer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Redline family
    redline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7831aae6a88dcbd3eafdfd15005a00a98e0839e9c5bda7fedd5bb46d7334edab.exe
    "C:\Users\Admin\AppData\Local\Temp\7831aae6a88dcbd3eafdfd15005a00a98e0839e9c5bda7fedd5bb46d7334edab.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4440
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st497574.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st497574.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:912
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\82194597.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\82194597.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:316
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp372162.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp372162.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:3552

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st497574.exe
          Filesize

          458KB

          MD5

          6a0899374f7db21466797a5488c4dd07

          SHA1

          ff166122a2e3e3cffa67166e1b5d7aada2ec37ec

          SHA256

          567ee495708b75897bce03769dd1dcc3b42a47a931f1bde2f66dd11286563840

          SHA512

          c87f2a231729cb4320ca388b2c702ccb9ac9a3447748f654f7c04d36bb3061d4750c0fbcfe32bbb62bf24a875777e23c299136db112372263eba6acb66acfcc3

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\82194597.exe
          Filesize

          11KB

          MD5

          7e93bacbbc33e6652e147e7fe07572a0

          SHA1

          421a7167da01c8da4dc4d5234ca3dd84e319e762

          SHA256

          850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

          SHA512

          250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp372162.exe
          Filesize

          460KB

          MD5

          aa51b05967b8b1d1ecb1c4a079b79342

          SHA1

          e51b286b6df47f917cb4d33ea15223fed6bb7b64

          SHA256

          a62b0d99de393db32e1e0183cd587f43f6460e7b4d85d6891db918fc2e759afe

          SHA512

          404fde71eb7f1850286fbf60355219564512f61e701b3f3ab0283312d2951a735d9e8cfd811c5a835011adcd12220d022cd71716f2b985c568454cf56993026e

          Download Submit

        • memory/316-14-0x00007FFD8E7A3000-0x00007FFD8E7A5000-memory.dmp

          Filesize

          8KB

          Download

        • memory/316-15-0x0000000000DD0000-0x0000000000DDA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/316-16-0x00007FFD8E7A3000-0x00007FFD8E7A5000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3552-58-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-48-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-24-0x0000000004DF0000-0x0000000004E2A000-memory.dmp

          Filesize

          232KB

          Download

        • memory/3552-30-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-36-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-86-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-88-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-84-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-77-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-74-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-72-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-68-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-67-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-64-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-62-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-60-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-22-0x00000000025F0000-0x000000000262C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/3552-56-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-54-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-52-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-50-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-23-0x0000000004F20000-0x00000000054C4000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/3552-47-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-45-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-42-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-40-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-39-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-34-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-33-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-82-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-81-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-79-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-71-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-28-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-26-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-25-0x0000000004DF0000-0x0000000004E25000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3552-817-0x0000000007950000-0x0000000007F68000-memory.dmp

          Filesize

          6.1MB

          Download

        • memory/3552-818-0x0000000007FA0000-0x0000000007FB2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/3552-819-0x0000000007FC0000-0x00000000080CA000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/3552-820-0x00000000080E0000-0x000000000811C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/3552-821-0x0000000002760000-0x00000000027AC000-memory.dmp

          Filesize

          304KB

          Download