Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    138s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16/07/2023, 12:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    74300b6d43400e327dadddaeb0dcdcf8ef6ac9a34d01bafa43730d0b49404194.exe

  • Size

    295KB

  • MD5

    d061d4fe53154eda26a80aa94b64fa47

  • SHA1

    f64b33cced915d151d39939d37573abec9206b12

  • SHA256

    74300b6d43400e327dadddaeb0dcdcf8ef6ac9a34d01bafa43730d0b49404194

  • SHA512

    0e0ef22144e6c07fff6c297facc94a35ed041cffbb3f84d594e8791a51efc01431b23d8d5e46af91258d8ad5fc40d7f88f62eedfd12aa40ae859c43ce1c8d59a

  • SSDEEP

    6144:O+oZI0FvxYHw8nJrTc853tpK4ucvgHBfLuGZdmLK77iuQmOc:O+oZv/8/53tpK4uok5Vdme77pQS

Score
10/10
healerdropperevasiontrojan

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 1 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74300b6d43400e327dadddaeb0dcdcf8ef6ac9a34d01bafa43730d0b49404194.exe
    "C:\Users\Admin\AppData\Local\Temp\74300b6d43400e327dadddaeb0dcdcf8ef6ac9a34d01bafa43730d0b49404194.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:656

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/656-120-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/656-121-0x0000000002060000-0x000000000209E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/656-127-0x0000000073090000-0x000000007377E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/656-128-0x0000000002060000-0x000000000209E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/656-129-0x0000000006A70000-0x0000000006A71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/656-130-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/656-131-0x0000000073090000-0x000000007377E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/656-134-0x0000000073090000-0x000000007377E000-memory.dmp

          Filesize

          6.9MB

          Download