Overview

overview

10

Static

static

3

87d210b1de...dN.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2024 06:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87d210b1deabcd9b956ffea38df7266f421df5bd295185b8a1c0ce4d482288edN.exe

  • Size

    568KB

  • MD5

    2a8129119b43dd0083788b2b45974410

  • SHA1

    223e4e8163d427e65b24c1d8a2dd7b0088e148c3

  • SHA256

    87d210b1deabcd9b956ffea38df7266f421df5bd295185b8a1c0ce4d482288ed

  • SHA512

    fdf8c8a012b86dee12c98f1f165c20ed2141bd043250ce8afdefe9dad9f63c30e9c11dadb756ba25decdd89826467c355ca333b8cbceb892c0f170bfe3c7cf47

  • SSDEEP

    12288:/y9098+PIfhtGltMHDbTPBT5t5eYIeioiek4LNARp0:/yeUGltCXFVt5eYIFQnWRp0

Score
10/10
healerredlinediscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 2 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Healer family
    healer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 35 IoCs
  • Redline family
    redline
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87d210b1deabcd9b956ffea38df7266f421df5bd295185b8a1c0ce4d482288edN.exe
    "C:\Users\Admin\AppData\Local\Temp\87d210b1deabcd9b956ffea38df7266f421df5bd295185b8a1c0ce4d482288edN.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziNo7819.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziNo7819.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2932
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\it287319.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\it287319.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:632
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jr368764.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jr368764.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ziNo7819.exe
    Filesize

    415KB

    MD5

    da62bc2b677c6f661b9d93b95f4ce67d

    SHA1

    2b78fe3adf16f42d9d539601c77bae4b195d081f

    SHA256

    41e810e3b4db8e833bf643304da7cd0b1d07bb36fd6e97282fb3c465e7b99ea8

    SHA512

    7348b043fe7f0af3e0442c021148ce5a07fc29c92ffa23efa5a169c9cd0cb95dacdc97245680f4ad09df64a33ab90bd0f1cfe7366b6219c76d7cf14cfd25e5cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\it287319.exe
    Filesize

    11KB

    MD5

    7e93bacbbc33e6652e147e7fe07572a0

    SHA1

    421a7167da01c8da4dc4d5234ca3dd84e319e762

    SHA256

    850cd190aaeebcf1505674d97f51756f325e650320eaf76785d954223a9bee38

    SHA512

    250169d7b6fcebff400be89edae8340f14130ced70c340ba9da9f225f62b52b35f6645bfb510962efb866f988688cb42392561d3e6b72194bc89d310ea43aa91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jr368764.exe
    Filesize

    360KB

    MD5

    e12dc270ace18045e5e10abf8a3ec2ba

    SHA1

    e86b928548fc4817c1b71a461035e2228673d248

    SHA256

    95ab6617929867dfb4c543de2d302559e032640efe277d741c7506ad65999f78

    SHA512

    54e5ff135ec224b04cc28e1fce662f2592a98cea809729f0e886b1d6f7b70562af4277518ec5fcf21ff4da1fc435718d37f2c8ae082654b8b966a9d544649e50

    Download Submit

  • memory/632-14-0x00007FFBB84C3000-0x00007FFBB84C5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/632-15-0x0000000000810000-0x000000000081A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/632-16-0x00007FFBB84C3000-0x00007FFBB84C5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2792-64-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-52-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-24-0x00000000071E0000-0x000000000721A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2792-36-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-38-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-88-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-86-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-85-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-82-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-80-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-78-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-76-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-72-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-70-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-68-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-66-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-22-0x0000000004CF0000-0x0000000004D2C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2792-62-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-60-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-58-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-56-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-23-0x00000000072F0000-0x0000000007894000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2792-50-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-48-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-46-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-44-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-42-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-40-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-34-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-32-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-74-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-54-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-30-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-28-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-26-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-25-0x00000000071E0000-0x0000000007215000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2792-817-0x0000000009D20000-0x000000000A338000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2792-818-0x000000000A340000-0x000000000A352000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2792-819-0x000000000A360000-0x000000000A46A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2792-820-0x000000000A480000-0x000000000A4BC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2792-821-0x0000000004AE0000-0x0000000004B2C000-memory.dmp

    Filesize

    304KB

    Download