Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

19422cd310...d7.exe

windows7-x64

10

19422cd310...d7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1s
  • max time network
    5s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2023, 09:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    19422cd310419c2884cc79a1b6abfcd7816a7decaaad7.exe

  • Size

    538KB

  • MD5

    7cab780a8f24d381d4fa6836237983bf

  • SHA1

    2e2eb93799eb883593d9d8f910f415d8aa55bb08

  • SHA256

    19422cd310419c2884cc79a1b6abfcd7816a7decaaad7407ecaf27a209d149f0

  • SHA512

    0be2be3088ccaff19f5cd26a71025d74c8c830a77eb852d726c313bcf56dd129e01273f1d2036318fc02847240cdbdf3a0a823c1752899020ce6b5f0ff38188e

  • SSDEEP

    12288:vegHqsz47HBakwxUW2u9YhfjWP+4bOQHHhif:bKm47H3wxPFTb9g

Score
10/10
healerdropper

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 1 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

Processes

  • C:\Users\Admin\AppData\Local\Temp\19422cd310419c2884cc79a1b6abfcd7816a7decaaad7.exe
    "C:\Users\Admin\AppData\Local\Temp\19422cd310419c2884cc79a1b6abfcd7816a7decaaad7.exe"
    1⤵
      PID:3420
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\y5357107.exe
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\y5357107.exe
        2⤵
          PID:4944
          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k6822355.exe
            C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k6822355.exe
            3⤵
              PID:1068
            • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\l9803929.exe
              C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\l9803929.exe
              3⤵
                PID:208

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\System.dll.log
            Filesize

            226B

            MD5

            916851e072fbabc4796d8916c5131092

            SHA1

            d48a602229a690c512d5fdaf4c8d77547a88e7a2

            SHA256

            7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d

            SHA512

            07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\y5357107.exe
            Filesize

            32KB

            MD5

            ac68e4b1bda736550570a97ec25e5869

            SHA1

            3ae09e344701da3b3402ff38023a018f1c28f387

            SHA256

            91e85f4b35ef5fffe9ec1949a0c37bdffbcf8cef2b156cf8e3f2cf4c0703b923

            SHA512

            94184b990d661c9f3ab41297a2152f051b308d8143782a0968d3124e7ed1b477094dbce128677738f417babe0ed9f151efc0b1be0228eff6982d22ba4330d25d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\y5357107.exe
            Filesize

            32KB

            MD5

            ac68e4b1bda736550570a97ec25e5869

            SHA1

            3ae09e344701da3b3402ff38023a018f1c28f387

            SHA256

            91e85f4b35ef5fffe9ec1949a0c37bdffbcf8cef2b156cf8e3f2cf4c0703b923

            SHA512

            94184b990d661c9f3ab41297a2152f051b308d8143782a0968d3124e7ed1b477094dbce128677738f417babe0ed9f151efc0b1be0228eff6982d22ba4330d25d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k6822355.exe
            Filesize

            64KB

            MD5

            d8ab9fa89a7720668aee0eed53372c9d

            SHA1

            fb92c12c96b6a8216bb31d55fb28e822b14e7c01

            SHA256

            024f62dcea76748ca20defe9080ae541f6a3cedd9becd84eb3c499cceac48e8a

            SHA512

            e561c9b7742cd1a1385d15986b0de17fb1fc43c97ae7cd1cadf395703b79730b3e6fcbe9ed7420ca2534492ef61ccd431100cd2c6efd9b2cd2cc206c795d1793

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\k6822355.exe
            Filesize

            32KB

            MD5

            ad14542fafbd2de84000d7535f9d1856

            SHA1

            5dbbe018e40b33547fa13b6883f5b7966e971d15

            SHA256

            f34efa09e3eeaa8cb790d9cbefa65380c658091b9949adeda30f81f6c8142edd

            SHA512

            9c8c61214a6f582706d81e9b25831aa51b0df3cec741fc5e960c02b9f36febcaeee2ad81d77f41a33a668195ff1af1c747673599cdf34060ffdf429373c3a25b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\l9803929.exe
            Filesize

            32KB

            MD5

            e9e1847b27c465333c7dac712b40ca68

            SHA1

            618ebab1a8219a456f2bc86e94a04103b808b1a7

            SHA256

            490e2ccf696b4a57fabea841032bc75fc7811721c3292513b4dce69270710e01

            SHA512

            8ecccd5255cef9257c7496fdfa416cdac3bfa7fa30377cc8b4140beba95cea888f2553b9127fd26f99c4611b3eb8a663d0ea1d3fe2e007d03bd21184e0daaaa1

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\l9803929.exe
            Filesize

            32KB

            MD5

            e9e1847b27c465333c7dac712b40ca68

            SHA1

            618ebab1a8219a456f2bc86e94a04103b808b1a7

            SHA256

            490e2ccf696b4a57fabea841032bc75fc7811721c3292513b4dce69270710e01

            SHA512

            8ecccd5255cef9257c7496fdfa416cdac3bfa7fa30377cc8b4140beba95cea888f2553b9127fd26f99c4611b3eb8a663d0ea1d3fe2e007d03bd21184e0daaaa1

            Download Submit

          • memory/208-162-0x00000000007C0000-0x00000000007F0000-memory.dmp

            Filesize

            192KB

            Download

          • memory/1068-153-0x00000000001F0000-0x00000000001FA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/3420-133-0x0000000000560000-0x00000000005D4000-memory.dmp

            Filesize

            464KB

            Download