Analysis

  • max time kernel
    79s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-06-2024 00:04

General

  • Target

    9ad49977ef65476a7c03f8f44cefc8a80da08425d1ee51b87aca9c0004eb1fa4.exe

  • Size

    213KB

  • MD5

    65137ec382edef42ab1b9d2af33e2c0f

  • SHA1

    1dfbd39b301620f9e774e8d0487aaf8e025222bb

  • SHA256

    9ad49977ef65476a7c03f8f44cefc8a80da08425d1ee51b87aca9c0004eb1fa4

  • SHA512

    cbbbc94dddb8cfe64108a84b6f4e887130a245161a3eb884c4995d810a01b88e3f68184d05807536f6501ce437942f500b168753e87abfb37a83e94a93f8a662

  • SSDEEP

    6144:oPtiKL/yfYb5B+BO99c0s0ZVtAOOgufEE9:At//yfYb5BIQZVtUpx9

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 1 IoCs
  • Healer

    Healer an antivirus disabler dropper.

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
  • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ad49977ef65476a7c03f8f44cefc8a80da08425d1ee51b87aca9c0004eb1fa4.exe
    "C:\Users\Admin\AppData\Local\Temp\9ad49977ef65476a7c03f8f44cefc8a80da08425d1ee51b87aca9c0004eb1fa4.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3904
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Modifies Windows Defender Real-time Protection settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2876

Network

    No results found
  • 52.111.227.14:443
    322 B
    7
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2876-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2876-1-0x0000000074DDE000-0x0000000074DDF000-memory.dmp

    Filesize

    4KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.