dfe572f261e3281191058d73e1f7139dfa1250f8e4ad72c302335124f0533289 | Triage

Analysis

max time kernel
90s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2022 05:19

Sharing

Report Analysis Logs

General

Target

dfe572f261e3281191058d73e1f7139dfa1250f8e4ad72c302335124f0533289.exe
Size

6.9MB
MD5

f39696e72a7736c3cb5594e03c267003
SHA1

39ca19d79de9c3f47562f536900cabc94dced288
SHA256

dfe572f261e3281191058d73e1f7139dfa1250f8e4ad72c302335124f0533289
SHA512

27bd0fbdb7bd50c335be86ab14380707fca965a8cca1651fea5261164a1eb32cce6d65f1bc8312e6f6a8f4353b2c6750d3525492cd4163aa10a898c63911a98f

Score

7^/10

themida

Malware Config

Signatures

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

Processes:

resource	yara_rule
behavioral2/memory/1664-130-0x00000000000F0000-0x00000000007D8000-memory.dmp	themida
behavioral2/memory/1664-131-0x00000000000F0000-0x00000000007D8000-memory.dmp	themida

Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2488	1664	WerFault.exe	dfe572f261e3281191058d73e1f7139dfa1250f8e4ad72c302335124f0533289.exe
1208	1664	WerFault.exe	dfe572f261e3281191058d73e1f7139dfa1250f8e4ad72c302335124f0533289.exe
1400	1664	WerFault.exe	dfe572f261e3281191058d73e1f7139dfa1250f8e4ad72c302335124f0533289.exe

C:\Users\Admin\AppData\Local\Temp\dfe572f261e3281191058d73e1f7139dfa1250f8e4ad72c302335124f0533289.exe
"C:\Users\Admin\AppData\Local\Temp\dfe572f261e3281191058d73e1f7139dfa1250f8e4ad72c302335124f0533289.exe"
1⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 440
2⤵
- Program crash
PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 440
2⤵
- Program crash
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 436
2⤵
- Program crash
PID:1400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1664 -ip 1664
1⤵
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1664 -ip 1664
1⤵
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 1664 -ip 1664
1⤵
PID:4256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1664-130-0x00000000000F0000-0x00000000007D8000-memory.dmp

Filesize
6.9MB

Download
memory/1664-131-0x00000000000F0000-0x00000000007D8000-memory.dmp

Filesize
6.9MB

Download