Overview

overview

10

Static

static

3

11150c9d8a...e6.exe

windows7-x64

10

11150c9d8a...e6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-04-2024 19:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    11150c9d8a2f9a1e63873093679df9e9e296de205d569d2b6a12b9e1024679e6.exe

  • Size

    404KB

  • MD5

    ecac473f9b84e214e12d32f6d8eef9df

  • SHA1

    e8eaf5de5f10a90985e3d4f52f9886817e8f2442

  • SHA256

    11150c9d8a2f9a1e63873093679df9e9e296de205d569d2b6a12b9e1024679e6

  • SHA512

    ea1a0d8e87374c788de2a8d0cad75e256efca2c66cd159413ee170513facd04681adf782bfd2c46e202b0da5dcc15a2333d5142a38e388ba3816cb49a4a49fc6

  • SSDEEP

    6144:waRaszDv9nooP9L6rxmbWDa6B99c4YYNE4p1WGjnwY7Q1TCV+4:waRX5ooP92rx4S9XTndwYsTCVH

Score
10/10
healerdropperevasiontrojan

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 17 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 17 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\11150c9d8a2f9a1e63873093679df9e9e296de205d569d2b6a12b9e1024679e6.exe
    "C:\Users\Admin\AppData\Local\Temp\11150c9d8a2f9a1e63873093679df9e9e296de205d569d2b6a12b9e1024679e6.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/640-1-0x00000000008E0000-0x00000000009E0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/640-2-0x0000000000220000-0x000000000024D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/640-3-0x0000000000400000-0x000000000080A000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/640-4-0x0000000074810000-0x0000000074EFE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/640-5-0x0000000004CE0000-0x0000000004D20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/640-6-0x0000000000A80000-0x0000000000A9A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/640-7-0x0000000004CE0000-0x0000000004D20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/640-8-0x0000000002320000-0x0000000002338000-memory.dmp

    Filesize

    96KB

    Download

  • memory/640-9-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-10-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-12-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-14-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-16-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-18-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-20-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-22-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-32-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-36-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-34-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-30-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-28-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-26-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-24-0x0000000002320000-0x0000000002332000-memory.dmp

    Filesize

    72KB

    Download

  • memory/640-37-0x0000000000400000-0x000000000080A000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/640-38-0x0000000000400000-0x000000000080A000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/640-39-0x0000000000220000-0x000000000024D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/640-40-0x0000000074810000-0x0000000074EFE000-memory.dmp

    Filesize

    6.9MB

    Download