Overview

overview

10

Static

static

3

dd5b3ed078...8N.exe

windows7-x64

10

dd5b3ed078...8N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    19-11-2024 14:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd5b3ed078d835b84ccce8dfb517d10125b9e0c4980095ae2ae9771853da24a8N.exe

  • Size

    403KB

  • MD5

    c86e53a844c2be0c4b4e9e9d092b54a0

  • SHA1

    cf5d3387f9eba2710ca643a3e24633e1f1140ab7

  • SHA256

    dd5b3ed078d835b84ccce8dfb517d10125b9e0c4980095ae2ae9771853da24a8

  • SHA512

    bdb6e0f79ad30dc0e784dcd1551e321e0b1b60a4203890a63cb7955e91ca58227378705a2b6a4e241c5ad0b90b44f518597339f485e8e23dcd5ce59ee9e42df1

  • SSDEEP

    6144:A7w/PZV2ercTNwDTnfXbnPymRg85RuP6uKGdgXWdVXnKZIv:A7iZEeSNaTnPzPs85RGndVXKKv

Score
10/10
healerdiscoverydropperevasiontrojan

Malware Config

Signatures

  • Detects Healer an antivirus disabler dropper 17 IoCs
  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer
  • Healer family
    healer
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dd5b3ed078d835b84ccce8dfb517d10125b9e0c4980095ae2ae9771853da24a8N.exe
    "C:\Users\Admin\AppData\Local\Temp\dd5b3ed078d835b84ccce8dfb517d10125b9e0c4980095ae2ae9771853da24a8N.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Windows security modification
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1504-1-0x00000000009C0000-0x0000000000AC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1504-2-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1504-3-0x0000000000400000-0x000000000080A000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1504-4-0x0000000000400000-0x000000000080A000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1504-5-0x00000000003E0000-0x00000000003FA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1504-6-0x0000000002350000-0x0000000002368000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1504-7-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-8-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-10-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-12-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-14-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-22-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-34-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-32-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-30-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-28-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-26-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-24-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-21-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-18-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-16-0x0000000002350000-0x0000000002362000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1504-35-0x00000000009C0000-0x0000000000AC0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1504-36-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1504-38-0x0000000000400000-0x000000000080A000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/1504-39-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download