Overview

overview

10

Static

static

3

109fb1344c...cs.exe

windows7-x64

10

109fb1344c...cs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-05-2024 22:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    109fb1344c7ea711623f0e1dc4641460_NeikiAnalytics.exe

  • Size

    299KB

  • MD5

    109fb1344c7ea711623f0e1dc4641460

  • SHA1

    769475366a953e6d1c1da34a88e32f560470ff05

  • SHA256

    eb418a9a959d700086b5b8eb7d64a6f6d039afa1855ea7d9bc8f190b67d7e460

  • SHA512

    ca57cc15e4eee65fa469406cd871a44572fac7a835d715dd73557f39c58286812b65dd0e82ad05dee725b3950845fc61800486f92b35c1b2d2cbb5ae7a68acbc

  • SSDEEP

    6144:P8JFx8y2h+Gy1SPvPzOi+WsCRmOSCa03JdlYK7RV/QGrcJ5r4ofVIKkop3VVLgYp:0Jz8hh+f1STIOaGdlYK7RV/QGrcJ5r4i

Score
10/10
healerdropperevasiontrojan

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 17 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\109fb1344c7ea711623f0e1dc4641460_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\109fb1344c7ea711623f0e1dc4641460_NeikiAnalytics.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4776
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 880
      2⤵
      • Program crash
      PID:2808
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4776 -ip 4776
    1⤵
      PID:2104

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4776-2-0x0000000002C40000-0x0000000002C6D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/4776-3-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/4776-1-0x0000000002E80000-0x0000000002F80000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/4776-4-0x0000000004900000-0x000000000491A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/4776-5-0x00000000072F0000-0x0000000007894000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4776-6-0x0000000004BD0000-0x0000000004BE8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/4776-7-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-34-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-33-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-30-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-29-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-26-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-25-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-23-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-20-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-18-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-16-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-14-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-12-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-10-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-8-0x0000000004BD0000-0x0000000004BE2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4776-35-0x0000000000400000-0x0000000002BB4000-memory.dmp

      Filesize

      39.7MB

      Download

    • memory/4776-39-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/4776-40-0x0000000000400000-0x0000000002BB4000-memory.dmp

      Filesize

      39.7MB

      Download