Overview

overview

10

Static

static

3

2ed64c23ee...5e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-11-2024 02:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ed64c23ee729f848f43c4ca4d7f1ba5bdf1dc7ff7e23866e116c4f5d03d645e.exe

  • Size

    563KB

  • MD5

    3fb5519beee609098fe7b34b3b0cd74b

  • SHA1

    cec4b0e6dc4c2bc8fc8fc333b4ab5d66d798ebef

  • SHA256

    2ed64c23ee729f848f43c4ca4d7f1ba5bdf1dc7ff7e23866e116c4f5d03d645e

  • SHA512

    691c3ec1b8d2a9ced3933031a93770631c60cf1e45179a32b4ed667bce10f5ef281636adbdb9796a01e7b067a04aae20d1063cec3bca3d4145e39d60ab354c30

  • SSDEEP

    12288:Hy90P4cYL2s2vAIPQd/rSTdqvhmhlFbAnPc1ywvyNHj:Hy84cYL2o6QFrhvuzEWaD

Score
10/10
healerredlinediscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 2 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Healer family
    healer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Redline family
    redline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ed64c23ee729f848f43c4ca4d7f1ba5bdf1dc7ff7e23866e116c4f5d03d645e.exe
    "C:\Users\Admin\AppData\Local\Temp\2ed64c23ee729f848f43c4ca4d7f1ba5bdf1dc7ff7e23866e116c4f5d03d645e.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st520843.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st520843.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1632
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\75178879.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\75178879.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4092
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp282061.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp282061.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:3400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\st520843.exe
    Filesize

    409KB

    MD5

    2c139e94444679c05e699875d365693a

    SHA1

    9359753a3c7b4a8cae31378b918cfd5fb849740c

    SHA256

    8ed9b28503718bc1355566eac4970754135ed7bf2af15704b2e1a1d97ea383d2

    SHA512

    859db5bb919f9db79f074f6ce78abd90e20489363997c810e5d1f9b3474882dbe53e9de48a84471d40707a8e89809d2fdfc946d4fa8f12649ab974153c478ee6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\75178879.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kp282061.exe
    Filesize

    353KB

    MD5

    75a696a2af7e862a5e0b12350e51e0f2

    SHA1

    f6145810765272fc57efed2df658c33cd20a8d93

    SHA256

    d2c79cd476d0a281bb9902703438214db26408930784150d374f04506f2b8a23

    SHA512

    fcf2b3b95b5e778a32086f73fc7b39b5a0d350bde59427a074eb2b7ce808b499a89955cbff5706a957342c52c8888eddd7d6b8cb6958ac2e7c3d99810afb16ca

    Download Submit

  • memory/3400-68-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-22-0x0000000007130000-0x000000000716C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3400-821-0x0000000006C60000-0x0000000006CAC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3400-62-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-23-0x0000000007190000-0x0000000007734000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3400-24-0x0000000007780000-0x00000000077BA000-memory.dmp

    Filesize

    232KB

    Download

  • memory/3400-40-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-28-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-25-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-64-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-66-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-87-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-60-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-82-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-80-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-78-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-77-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-74-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-72-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-820-0x000000000A480000-0x000000000A4BC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3400-88-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-819-0x000000000A360000-0x000000000A46A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3400-84-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-58-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-56-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-54-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-52-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-50-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-48-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-46-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-44-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-42-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-38-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-36-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-34-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-32-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-30-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-26-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-70-0x0000000007780000-0x00000000077B5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3400-817-0x0000000009C80000-0x000000000A298000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/3400-818-0x000000000A340000-0x000000000A352000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4092-16-0x00007FFBFA473000-0x00007FFBFA475000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4092-14-0x00007FFBFA473000-0x00007FFBFA475000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4092-15-0x0000000000E70000-0x0000000000E7A000-memory.dmp

    Filesize

    40KB

    Download