Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-07-2023 07:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eb1560b13d05bcbb3fd51e6e114389b05b9a43a709ceb6ca3b303ba404089ef5.exe

  • Size

    295KB

  • MD5

    118873600bd030a6761f73ff76977e36

  • SHA1

    16a8e8d1f8fcb6b88d23e8bc37d4df5ba182ea82

  • SHA256

    eb1560b13d05bcbb3fd51e6e114389b05b9a43a709ceb6ca3b303ba404089ef5

  • SHA512

    b64ece2d0f7631297a594ebe0508ff221ba7a91b4a2a05cb1086763add95a05e3d3a111930b1d094cbfa6d5f81e3fe13d579abfcd05d07646f2341aed12660b0

  • SSDEEP

    6144:AHOFlGmFaxv+6XulGEK4JAtAUf8M/78B2c:yOFlLQXc9K4JAttf8E9c

Score
10/10
healerdropperevasiontrojan

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 1 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eb1560b13d05bcbb3fd51e6e114389b05b9a43a709ceb6ca3b303ba404089ef5.exe
    "C:\Users\Admin\AppData\Local\Temp\eb1560b13d05bcbb3fd51e6e114389b05b9a43a709ceb6ca3b303ba404089ef5.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3752

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3752-133-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3752-134-0x0000000000700000-0x000000000073E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3752-140-0x0000000074C20000-0x00000000753D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3752-141-0x0000000000700000-0x000000000073E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/3752-142-0x00000000025B0000-0x00000000025B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3752-143-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/3752-144-0x0000000074C20000-0x00000000753D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3752-147-0x0000000074C20000-0x00000000753D0000-memory.dmp

    Filesize

    7.7MB

    Download