Overview

overview

10

Static

static

3

7eb05fc54d...7N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-11-2024 01:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7eb05fc54d29f8fa24419323d017d1e6ed9270aaa07f0a4386b9b5d94ec802f7N.exe

  • Size

    617KB

  • MD5

    83b5f04b5954bf61e91ad3b564553e10

  • SHA1

    c0a1dde3ea9eee54ebfeb8d07fb4f4f4fd9b09ac

  • SHA256

    7eb05fc54d29f8fa24419323d017d1e6ed9270aaa07f0a4386b9b5d94ec802f7

  • SHA512

    5de226d37290564c3701a74447c33201235dfe1a673643850f9c1166b4c06ddea94f2d837a9f1ae8afb2ece2c5b4a06ce0b1477b3dfc2951d5611a78f6b1d9ce

  • SSDEEP

    12288:ky90u5uLKmdm8qZttadtSL0fKov5H6dJzuCW57r:kyXIKmd8UtxKaeJzuCWVr

Score
10/10
healerredlinediscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 2 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Healer family
    healer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Redline family
    redline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7eb05fc54d29f8fa24419323d017d1e6ed9270aaa07f0a4386b9b5d94ec802f7N.exe
    "C:\Users\Admin\AppData\Local\Temp\7eb05fc54d29f8fa24419323d017d1e6ed9270aaa07f0a4386b9b5d94ec802f7N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4876
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziXj0470.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziXj0470.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3708
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\it060108.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\it060108.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:5020
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jr929836.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jr929836.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:3136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziXj0470.exe
    Filesize

    462KB

    MD5

    bc4c321d233efdfec863250c868ed87c

    SHA1

    b8f4aa57560ff9591495f54bba2d21acdecd4322

    SHA256

    ecee8b2121c83ae9d127a98ed7c0724296bc35887ad1c48e8a40f052685dd95d

    SHA512

    ecf18bc00bba8ebc13829104602cafb53ece3887f1b0ae4e34576c9f6f3a438e2217444c697aa737a0f69bada31f22cded281d5bdbfef05772a7df68c31aaca0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\it060108.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jr929836.exe
    Filesize

    474KB

    MD5

    a9f37db4a9bd6c3eeaaff52ff573cb63

    SHA1

    8320862b72ee758522c5fd568b09642bea0effd0

    SHA256

    4c304cb647fd06326c53865b84f4f5356401775be7db926b6bf6dd782b9f7ecc

    SHA512

    120d748278d5d89115d6068e39775a14aa7e44924db50c14beadbdab34a1fb7a818484280189751e869ae107fe8be904bafd2c84c95b65fae3ae099143337cb0

    Download Submit

  • memory/3136-62-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-22-0x0000000002700000-0x000000000273C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3136-821-0x00000000028B0000-0x00000000028FC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/3136-58-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-23-0x0000000004DD0000-0x0000000005374000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3136-24-0x00000000053C0000-0x00000000053FA000-memory.dmp

    Filesize

    232KB

    Download

  • memory/3136-25-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-40-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-88-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-84-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-60-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-80-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-56-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-76-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-74-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-72-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-70-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-66-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-64-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-820-0x00000000080E0000-0x000000000811C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/3136-82-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-819-0x0000000007FC0000-0x00000000080CA000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3136-78-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-54-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-52-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-50-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-48-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-46-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-44-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-42-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-38-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-36-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-34-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-32-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-30-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-28-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-26-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-86-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-68-0x00000000053C0000-0x00000000053F5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3136-817-0x00000000078E0000-0x0000000007EF8000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/3136-818-0x0000000007FA0000-0x0000000007FB2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/5020-16-0x00007FFEF9953000-0x00007FFEF9955000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5020-14-0x00007FFEF9953000-0x00007FFEF9955000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5020-15-0x0000000000090000-0x000000000009A000-memory.dmp

    Filesize

    40KB

    Download