d9eaa5384d098d940bb804add7889f165bac873900b8885550e99e637cc7c6fa

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-08-2022 22:15

Target

d9eaa5384d098d940bb804add7889f165bac873900b8885550e99e637cc7c6fa.exe
Size

7.0MB
MD5

3d9ebb673b51a07c63fb443971855740
SHA1

8d9c2dcd428c9230dfd98ff04af2e4548db5d8ff
SHA256

d9eaa5384d098d940bb804add7889f165bac873900b8885550e99e637cc7c6fa
SHA512

7c16644529887b135989c87537efe457556cdfc9f1d795fac19377ac63ebff0381a030a638a295691a3059be15aa4bf17c07e5c0b4c5d5e3db9def4b72e484eb

Score

7^/10

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

Processes:

resource	yara_rule
behavioral1/memory/1976-54-0x0000000000400000-0x000000000104E000-memory.dmp	themida
behavioral1/memory/1976-55-0x0000000000400000-0x000000000104E000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

Processes:

d9eaa5384d098d940bb804add7889f165bac873900b8885550e99e637cc7c6fa.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	d9eaa5384d098d940bb804add7889f165bac873900b8885550e99e637cc7c6fa.exe

C:\Users\Admin\AppData\Local\Temp\d9eaa5384d098d940bb804add7889f165bac873900b8885550e99e637cc7c6fa.exe
"C:\Users\Admin\AppData\Local\Temp\d9eaa5384d098d940bb804add7889f165bac873900b8885550e99e637cc7c6fa.exe"
1⤵
- Checks whether UAC is enabled
PID:1976

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1976-54-0x0000000000400000-0x000000000104E000-memory.dmp

Filesize
12.3MB

Download
memory/1976-55-0x0000000000400000-0x000000000104E000-memory.dmp

Filesize
12.3MB

Download