Overview

overview

10

Static

static

7

063822ca79...ir.exe

windows10_x64

7

063822ca79...ir.exe

windows10-2004_x64

10

063822ca79...ir.exe

windows11_x64

Resubmissions

15-01-2022 17:03

220115-vks6cseha4 10

15-01-2022 17:02

220115-vj9fysfbgj 7

15-01-2022 16:58

220115-vg7jksegh8 7

Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    15-01-2022 17:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    063822ca7966327be6a3dadb06e16d6c.exe.vir.exe

  • Size

    5.6MB

  • MD5

    063822ca7966327be6a3dadb06e16d6c

  • SHA1

    68f61f2bcf3c325adbb190b892297d78a4f75254

  • SHA256

    515f555c06db60243a892bbdf57704792956569387482f6a7a001a782bb6bcd1

  • SHA512

    8c6e0963f3d8c4510426e8cf7511e62cd65eb6873037e235f9b27ac52736f4535ccc1cf499e2c689285c4bc76a9e3cb276c6dc5144bf1bd1222714333e698be5

Score
7/10
themida

Malware Config

Signatures

  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\063822ca7966327be6a3dadb06e16d6c.exe.vir.exe
    "C:\Users\Admin\AppData\Local\Temp\063822ca7966327be6a3dadb06e16d6c.exe.vir.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3828
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C://Windows//spoofer.exe
      2⤵
        PID:3020
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c cls
        2⤵
          PID:1252

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1252-120-0x0000000000000000-mapping.dmp
        Download
      • memory/3020-119-0x0000000000000000-mapping.dmp
        Download
      • memory/3828-115-0x00000000008C0000-0x00000000008C1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3828-116-0x0000000000A60000-0x0000000000A61000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3828-117-0x0000000000AC0000-0x00000000013C6000-memory.dmp
        Filesize

        9.0MB

        Download
      • memory/3828-118-0x00000000008B0000-0x00000000008C3000-memory.dmp
        Filesize

        76KB

        Download