Overview

overview

10

Static

static

3

53a71e3234...a4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-11-2024 13:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    53a71e3234f0726f96b4108f91fbe6aa728adf57b53ba0daa21fb58e3e845ca4.exe

  • Size

    534KB

  • MD5

    e0e4b017ff753e7bc9a38ee635d60d06

  • SHA1

    d1948c64401275b4583950ba8a2815e16fe0fc8e

  • SHA256

    53a71e3234f0726f96b4108f91fbe6aa728adf57b53ba0daa21fb58e3e845ca4

  • SHA512

    a5beb5ff5f0e12ee0c048a07b0f46a55dc775b2099f70b4d9c04fdb0a7795481696b359a51794ab5eff2939b446d05b5d639257f73b3fcc26437c167dcdc8d44

  • SSDEEP

    12288:0Mray90CMc8d61NfTTSxbPW4KjKAYSlkfTwM:2ynb8PPKASqft

Score
10/10
healerredlinerosndiscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Signatures

  • Detects Healer an antivirus disabler dropper 2 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Healer family
    healer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Redline family
    redline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53a71e3234f0726f96b4108f91fbe6aa728adf57b53ba0daa21fb58e3e845ca4.exe
    "C:\Users\Admin\AppData\Local\Temp\53a71e3234f0726f96b4108f91fbe6aa728adf57b53ba0daa21fb58e3e845ca4.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:5044
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziuF8693.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziuF8693.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:244
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jr578894.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jr578894.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1084
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ku201562.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ku201562.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:4540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziuF8693.exe
    Filesize

    392KB

    MD5

    28a4fef0f228e4e945cf4657dd8b9915

    SHA1

    0895e4faf4d2a22a8519ac5c72e12d2f238007f5

    SHA256

    12c32ff5524c4b9951bc809cad75da096efe6e3ddd6e22af044e695a17d17266

    SHA512

    eac47cee49dd7e977401a34b608b5e21faca70ce7e70b71ce41163a477be38e607a181a2946f0bc2fe58adbead58554841a1b3832b5d7d452c43a424f04c0873

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jr578894.exe
    Filesize

    12KB

    MD5

    52e33a4b68758ff0257acb107f478469

    SHA1

    257290d05b385b584991625424e630f45aff9a24

    SHA256

    4ccb6767009255865495316da68e4eec9b67e4fbe301996002274865b4aeb72f

    SHA512

    ddbc2704de587f4ff32edb398506d46f9a02dd9aa94736cd029dc04f0e6a7163129f35063b0a98d38ecd5f6a44d42d8143c2299d1a16a8db5b5e1abf1597e2a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ku201562.exe
    Filesize

    319KB

    MD5

    267a213be5b685670dd07cc4fed6a6c4

    SHA1

    1b047ddca9e7888ccd3b09373857295c626033d4

    SHA256

    fb59085ffb3bc6dc376e4fdcb186f412dac481e782add353a7af660714dfabe1

    SHA512

    68e2c4c84304af924ebe98e6f97b09180c3589cd579dbeb9c5ffdd3df171e2975a8b1777ff2e37fb02b85e5405ae0e95389ac66111ae5aec95c4faba87ff1271

    Download Submit

  • memory/1084-14-0x00007FFC5A293000-0x00007FFC5A295000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1084-15-0x0000000000A70000-0x0000000000A7A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1084-16-0x00007FFC5A293000-0x00007FFC5A295000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4540-64-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-52-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-24-0x0000000004A90000-0x0000000004AD4000-memory.dmp

    Filesize

    272KB

    Download

  • memory/4540-30-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-40-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-88-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-86-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-84-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-82-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-80-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-78-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-76-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-74-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-72-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-68-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-66-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-22-0x0000000004A10000-0x0000000004A56000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4540-62-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-58-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-56-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-54-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-23-0x0000000004B10000-0x00000000050B4000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4540-50-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-46-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-44-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-42-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-38-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-36-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-34-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-32-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-70-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-60-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-48-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-28-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-26-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-25-0x0000000004A90000-0x0000000004ACF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4540-931-0x00000000050F0000-0x0000000005708000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/4540-932-0x0000000005790000-0x000000000589A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4540-933-0x00000000058D0000-0x00000000058E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4540-934-0x00000000058F0000-0x000000000592C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4540-935-0x0000000005A40000-0x0000000005A8C000-memory.dmp

    Filesize

    304KB

    Download