Analysis

  • max time kernel
    0s
  • max time network
    11s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-05-2024 13:23

Errors

Reason
Machine shutdown

General

  • Target

    ccc5c313f416465ffc57b4343c6e512d0568f618620aaa7b258b5d5721aaf394.exe

  • Size

    389KB

  • MD5

    2eeefdf643f78c415d5773e6839837b2

  • SHA1

    797a0d8433f1b575915a9cb2952795535fb3546d

  • SHA256

    ccc5c313f416465ffc57b4343c6e512d0568f618620aaa7b258b5d5721aaf394

  • SHA512

    96c66dfb44902289d99a122c9e8b2804a236e61351e81ad56f5406fd935a2c5e65fac58da2bb8dd8f2738e5d7e1251128413b5247a1cfc421e1b5dc6c960272f

  • SSDEEP

    6144:K8y+bnr+9p0yN90QEA748JHJlPx2r5z3HVK9ehKCCB2GTNXeD3zsvHclk:QMrty90mM8VJluVSaKCCEUXau

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 2 IoCs
  • Healer

    Healer an antivirus disabler dropper.

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ccc5c313f416465ffc57b4343c6e512d0568f618620aaa7b258b5d5721aaf394.exe
    "C:\Users\Admin\AppData\Local\Temp\ccc5c313f416465ffc57b4343c6e512d0568f618620aaa7b258b5d5721aaf394.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4964
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\z2882788.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\z2882788.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:3280
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\p8565578.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\p8565578.exe
        3⤵
        • Executes dropped EXE
        PID:3412

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
No results found
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
    1

    DNS Request

    g.bing.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\z2882788.exe

    Filesize

    206KB

    MD5

    6de9a950d4a4b7c0332b45a5bd235d01

    SHA1

    841af90b26f4db62c4b8f90e28338191a6a7f828

    SHA256

    3259015332b3c7d28f60d87021ad2c8774ee8fecdf700f3955e15f54889187a7

    SHA512

    5020589a686c79d44bd60222e57d114a395b06e9d2a57d29097c2666ec76a8312558593415f55017d066964c49abe9a45ebd738d761666d1b0d93f1bb1e6ba3b

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\p8565578.exe

    Filesize

    14KB

    MD5

    96a788f0a5be814e86485a5a69530a9f

    SHA1

    2d3e089f1d1e6bcd963d905e4562b3f463795d85

    SHA256

    49cb26c4643b21f4e6b5ac16f17256db971437aa4ad718cf747ffe01449a8e34

    SHA512

    d2f13b86e881b2663e32b77cdc3323c971a42737295766ad575bad1fbc21bf8e7c358e87145acbd092dace56b56c7c76203580b4cdf91afb0346b22cb00ecc0f

  • memory/3412-14-0x00007FF84F1C3000-0x00007FF84F1C5000-memory.dmp

    Filesize

    8KB

  • memory/3412-15-0x0000000000840000-0x000000000084A000-memory.dmp

    Filesize

    40KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.