Overview

overview

10

Static

static

3

4d1ab88c14...3N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    113s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-11-2024 03:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d1ab88c142d74d9773d3f040faeb56827a7f8324a71ac635c82a8b327a9c2c3N.exe

  • Size

    467KB

  • MD5

    ee0f317f44b37b2bd1d2c476cd496f80

  • SHA1

    00874fed0aaf45d425d05e44561fae53f704d807

  • SHA256

    4d1ab88c142d74d9773d3f040faeb56827a7f8324a71ac635c82a8b327a9c2c3

  • SHA512

    c61447e7e0b620da890340263811a356b4173978560b72fb7cd9d520360eba4fffc8fd1fe2323afdacf91fb834dc025a18d3e73d5a193dead62bc68b1cd245a6

  • SSDEEP

    12288:uy90ftLJPef/cbfCgMAboIdRJN1sreGdO:uyUtLJPen9gqAfxGdO

Score
10/10
healerdiscoverydropperevasionpersistencetrojan

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 34 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Healer family
    healer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 11 IoCs
    evasiontrojan
  • Executes dropped EXE 2 IoCs
  • Windows security modification 2 TTPs 3 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d1ab88c142d74d9773d3f040faeb56827a7f8324a71ac635c82a8b327a9c2c3N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1ab88c142d74d9773d3f040faeb56827a7f8324a71ac635c82a8b327a9c2c3N.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4752
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\186127212.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\186127212.exe
      2⤵
      • Modifies Windows Defender Real-time Protection settings
      • Executes dropped EXE
      • Windows security modification
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2296
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\298211359.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\298211359.exe
      2⤵
      • Modifies Windows Defender Real-time Protection settings
      • Executes dropped EXE
      • Windows security modification
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1084
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 1084
        3⤵
        • Program crash
        PID:4632
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1084 -ip 1084
    1⤵
      PID:1924

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\186127212.exe
      Filesize

      176KB

      MD5

      1961de8005293372ef065337715b49e3

      SHA1

      c4c4f869a66f4c173ecde374db1df30752b6de1d

      SHA256

      f85bd9845e59c591e90363ab6170456122e213e4bc5ca7f9ad976c2b68951ccb

      SHA512

      74ce76066fa56a4ca9818cd5fbbf4241f63bd982378c5f46909330e9c979af303b2a70f049c342fd54450a1e2a4b99131051031509efae589182c095c0277155

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\298211359.exe
      Filesize

      377KB

      MD5

      81be911edfff00fe91967c45f80fa86b

      SHA1

      39319ebb19b09b46b5825f4d27436640957be112

      SHA256

      6e7439841be72fe0401d1866629b15fe3598b24dc54362c695afd527a3c940f2

      SHA512

      9f8baed9088c84c4bfaad6a87a810325c29aa457259a65efbd5604ff6b02d63903c3cca5aaeec7151f87137aaee00605c0ad5fd92f07046624ed89b985c6acbb

      Download Submit

    • memory/1084-71-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-65-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-89-0x0000000000400000-0x0000000000802000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1084-51-0x0000000000A00000-0x0000000000A2D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/1084-86-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/1084-85-0x0000000000A00000-0x0000000000A2D000-memory.dmp

      Filesize

      180KB

      Download

    • memory/1084-50-0x0000000000900000-0x0000000000A00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1084-84-0x0000000000900000-0x0000000000A00000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1084-56-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-57-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-59-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-61-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-63-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-90-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/1084-67-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-69-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-73-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-75-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-77-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-79-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-81-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-83-0x0000000002990000-0x00000000029A2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/1084-55-0x0000000000400000-0x0000000000802000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1084-54-0x0000000002990000-0x00000000029A8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/1084-53-0x0000000002560000-0x000000000257A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/1084-52-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2296-28-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-40-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-22-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-45-0x0000000074430000-0x0000000074BE0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2296-43-0x0000000074430000-0x0000000074BE0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2296-42-0x000000007443E000-0x000000007443F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2296-18-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-20-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-8-0x00000000022B0000-0x00000000022CA000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2296-13-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-14-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-7-0x000000007443E000-0x000000007443F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2296-16-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-27-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-10-0x0000000004A70000-0x0000000005014000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2296-30-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-32-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-34-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-36-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-41-0x0000000074430000-0x0000000074BE0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2296-38-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-24-0x0000000004980000-0x0000000004993000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2296-12-0x0000000074430000-0x0000000074BE0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2296-11-0x0000000004980000-0x0000000004998000-memory.dmp

      Filesize

      96KB

      Download

    • memory/2296-9-0x0000000074430000-0x0000000074BE0000-memory.dmp

      Filesize

      7.7MB

      Download