Overview

overview

10

Static

static

3

d84ffc4929...3N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    117s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-11-2024 11:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d84ffc49297c60e6deb96fa465907cf4b7624881aaf6edad44171f9f717056c3N.exe

  • Size

    551KB

  • MD5

    637416edb6535e0803a07bd3db417e20

  • SHA1

    8c1b929abad12fb7dd6637f7ab661f5f4cc480ed

  • SHA256

    d84ffc49297c60e6deb96fa465907cf4b7624881aaf6edad44171f9f717056c3

  • SHA512

    d7a530854ed47aae9ecca1e3fc4f6dfef13dc31433375101a1c9fc3032ada32756a6f3067b9428395d7fa394a2f7bafea92792f46687367ed70349dd4dbb317a

  • SSDEEP

    12288:/y90wWlOperKHgzaBk6EZIKlaRzm9QJfCYZ:/y7HC+BwTlaRzm9QJfCK

Score
10/10
healerredlinediscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 17 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Healer family
    healer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 20 IoCs
  • Redline family
    redline
  • Executes dropped EXE 2 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d84ffc49297c60e6deb96fa465907cf4b7624881aaf6edad44171f9f717056c3N.exe
    "C:\Users\Admin\AppData\Local\Temp\d84ffc49297c60e6deb96fa465907cf4b7624881aaf6edad44171f9f717056c3N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:852
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\pr127026.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\pr127026.exe
      2⤵
      • Modifies Windows Defender Real-time Protection settings
      • Executes dropped EXE
      • Windows security modification
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:220
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 220 -s 1088
        3⤵
        • Program crash
        PID:4832
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu650285.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu650285.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:5056
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 220 -ip 220
    1⤵
      PID:1836

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\pr127026.exe
      Filesize

      277KB

      MD5

      fad22d1ae2535fb18806501a5d9b8a14

      SHA1

      88262fd27056e25ed6c7cfcf56b366f7a45cbeae

      SHA256

      dc2d3a33763236c39f7c5b6b18c6822764b6010afa0c2bf17cde6724fcd47689

      SHA512

      38dd7c5275fec407cc472209c367eaf2fd33fda3cd54c5dba1883de4014b61be7d4c025e5f0482ebfcfec03896dc2e70f3ec417c5f6c3ce5cef579d4a5d41e50

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qu650285.exe
      Filesize

      360KB

      MD5

      f602d9774230d97e9eb0b35ebe2a9c3d

      SHA1

      cee4fe97300ce46a4148fe537cccf4c630888b73

      SHA256

      e1712b4f539d47c6cc925987751c717113df30c1548d77bdcb5ebd0b54a2601e

      SHA512

      e40bb6be04dda0c293223a5baec0dcb9dfb7d52ed8d3277abf278e6edfe92c4b9b7cf75fefa6dba98e9ced27b9df52c9d616f068dfb9a97b5c0be916c0beb83b

      Download Submit

    • memory/220-46-0x0000000002DC0000-0x0000000002EC0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/220-12-0x0000000000400000-0x0000000002B9F000-memory.dmp

      Filesize

      39.6MB

      Download

    • memory/220-8-0x0000000002DC0000-0x0000000002EC0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/220-13-0x0000000004CD0000-0x0000000004CE8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/220-23-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-14-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-41-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-39-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-37-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-35-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-33-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-31-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-29-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-27-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-25-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-10-0x0000000004A70000-0x0000000004A8A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/220-21-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-19-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-17-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-15-0x0000000004CD0000-0x0000000004CE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/220-42-0x0000000000400000-0x0000000002B9F000-memory.dmp

      Filesize

      39.6MB

      Download

    • memory/220-45-0x0000000000400000-0x0000000002B9F000-memory.dmp

      Filesize

      39.6MB

      Download

    • memory/220-47-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/220-9-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/220-11-0x0000000007200000-0x00000000077A4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/5056-52-0x0000000004C00000-0x0000000004C3C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/5056-87-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-53-0x0000000007180000-0x00000000071BA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/5056-67-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-85-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-83-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-81-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-63-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-77-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-75-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-73-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-850-0x0000000006CA0000-0x0000000006CEC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/5056-65-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-69-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-79-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-61-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-59-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-57-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-55-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-54-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download

    • memory/5056-846-0x0000000009C90000-0x000000000A2A8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/5056-847-0x000000000A330000-0x000000000A342000-memory.dmp

      Filesize

      72KB

      Download

    • memory/5056-848-0x000000000A350000-0x000000000A45A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/5056-849-0x000000000A4B0000-0x000000000A4EC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/5056-71-0x0000000007180000-0x00000000071B5000-memory.dmp

      Filesize

      212KB

      Download