Overview

overview

10

Static

static

10

d6086904aa...c6.dll

windows7-x64

1

d6086904aa...c6.dll

windows10-2004-x64

1

e4d31acd4f...96.exe

windows7-x64

10

e4d31acd4f...96.exe

windows10-2004-x64

10

eb1a060a2f...2d.exe

windows7-x64

eb1a060a2f...2d.exe

windows10-2004-x64

10

f6147edac0...28.exe

windows7-x64

10

f6147edac0...28.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2023, 02:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e4d31acd4f6f9a8c85c0c7d946d55e4efd5a2571f54a3b6682e04495f951bd96.exe

  • Size

    12KB

  • MD5

    35a0e47267276a8e8882396e4f192a37

  • SHA1

    a6353f0584ca37d0f783e1a077b524ec54da2a2c

  • SHA256

    e4d31acd4f6f9a8c85c0c7d946d55e4efd5a2571f54a3b6682e04495f951bd96

  • SHA512

    e322cf2c200076ced13d097f6cb3a92164a6fc7cfcc7c855161d7bf76397c8eb96be20d347cb609bba1361ac803ba5b23668b02f6c7f62db25b2a025d5e6fc03

  • SSDEEP

    96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp

Score
10/10
healerdropperevasiontrojan

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 1 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e4d31acd4f6f9a8c85c0c7d946d55e4efd5a2571f54a3b6682e04495f951bd96.exe
    "C:\Users\Admin\AppData\Local\Temp\e4d31acd4f6f9a8c85c0c7d946d55e4efd5a2571f54a3b6682e04495f951bd96.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2404

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2404-0-0x0000000000FE0000-0x0000000000FEA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2404-1-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2404-2-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2404-3-0x000007FEF5E00000-0x000007FEF67EC000-memory.dmp

    Filesize

    9.9MB

    Download