Overview

overview

10

Static

static

3

a3fbf2d6bc...70.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/11/2024, 21:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a3fbf2d6bc40792e74d9decc55cbf9cc1a58c253d012b10dcfa211480a9ea070.exe

  • Size

    568KB

  • MD5

    b87e973cbb38cddbe16bd689837522fe

  • SHA1

    4b5df50ee8aac2a127f121dbfad3416ab7493aa8

  • SHA256

    a3fbf2d6bc40792e74d9decc55cbf9cc1a58c253d012b10dcfa211480a9ea070

  • SHA512

    0876a17e2a7a7652b1211e06c84810455661b3f7f1c6dc10ab8108e6fd3bd4ed474871b004c65ee9e09db6942fe617cc15fa16bbb18a4e89826a2edcd54844cb

  • SSDEEP

    12288:uy90OcXViR4JFfIlg/mkrCiYtO/6dESneIxEejD37H2gr:uy8G4JOO/3YtkezDT2gr

Score
10/10
healerredlinediscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 2 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Healer family
    healer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Redline family
    redline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a3fbf2d6bc40792e74d9decc55cbf9cc1a58c253d012b10dcfa211480a9ea070.exe
    "C:\Users\Admin\AppData\Local\Temp\a3fbf2d6bc40792e74d9decc55cbf9cc1a58c253d012b10dcfa211480a9ea070.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3988
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziAZ2936.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziAZ2936.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3460
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\it967898.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\it967898.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1672
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp706363.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp706363.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:4728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziAZ2936.exe
    Filesize

    414KB

    MD5

    465f9a7f06dc8e5956f6269490577172

    SHA1

    e21ae00be5a673b0acf519ea547ab026a00c307c

    SHA256

    2603fa38eaaf562e33440c0252233d3216d3942fee48c841072a277e97ab7af9

    SHA512

    4445806665362144c932074f8763efc785aac0f894fddc3e26ca0ec27c7e3db659534f97e0f350c8978d33a01db37e060010a45d97c35cee4dc6f5a17113d004

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\it967898.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp706363.exe
    Filesize

    381KB

    MD5

    f6a66e6f69d5798d5967942a6d39e5ff

    SHA1

    3477b71e38f40e89c84b7fe326590871b24acc72

    SHA256

    bc208cfbc96a48ce4d5782f03c7673f7ed8fba2de4676b75d8c29a1284eb9245

    SHA512

    8941682a52d42a1eb8243f1646cd7de05253e37f667397045296ad10f88ae7cd1644c0d055b47f27e005c75d7a2266cf81551c7015cef55ee9d2851ab0bdc81d

    Download Submit

  • memory/1672-14-0x00007FFF6FB13000-0x00007FFF6FB15000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1672-15-0x0000000000FC0000-0x0000000000FCA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4728-59-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-50-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-23-0x00000000071D0000-0x000000000720A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/4728-48-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-51-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-87-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-83-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-81-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-79-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-77-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-75-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-73-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-71-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-69-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-67-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-65-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-61-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-21-0x0000000004AF0000-0x0000000004B2C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4728-58-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-55-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-53-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-22-0x00000000072E0000-0x0000000007884000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4728-45-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-41-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-37-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-35-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-33-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-31-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-85-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-63-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-43-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-39-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-29-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-27-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-25-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-24-0x00000000071D0000-0x0000000007205000-memory.dmp

    Filesize

    212KB

    Download

  • memory/4728-817-0x000000000A350000-0x000000000A362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4728-816-0x0000000009D10000-0x000000000A328000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/4728-818-0x000000000A370000-0x000000000A47A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4728-819-0x000000000A4A0000-0x000000000A4DC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/4728-820-0x0000000004BA0000-0x0000000004BEC000-memory.dmp

    Filesize

    304KB

    Download