910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f

Analysis

max time kernel
151s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 18:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
Size

2.1MB
MD5

8d6778ea8018219f6c1df63d85680788
SHA1

c953c58111daad0179b98c637fc8fe7420c8bf84
SHA256

910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f
SHA512

88bcd320132e020436692c0781fe57acaf691fd8516c966dad4b23b89852678af514a455e9235d811a8b3ace69e9f4bcef58471fffe0bc70dda221a8e3539e15
SSDEEP

24576:+SOxmsv28xqYEyTg+FXBl+bV4zyQj2WoVYc8G+wyaeX04fSq9uxLdkbe7teB5eAh:B/svx7EyZ+4jvoT8XU4apkCtemAR

Score

7^/10

persistence themida

Malware Config

Signatures

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/1504-55-0x0000000000400000-0x00000000008C4000-memory.dmp	themida
behavioral1/memory/1504-56-0x0000000000400000-0x00000000008C4000-memory.dmp	themida

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RUN\Windows live Messeger = "C:\\Users\\Admin\\AppData\\Local\\Temp\\910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe"	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\libeay32.dll	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
File created	C:\Windows\SysWOW64\ssleay32.dll	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
1504	910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe

C:\Users\Admin\AppData\Local\Temp\910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe
"C:\Users\Admin\AppData\Local\Temp\910e37ea79afbe59a047050b962071c7eea39ba3b1e0c8e5e1ac44c7efc81d7f.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1504

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1504-54-0x00000000021E0000-0x00000000022D6000-memory.dmp

Filesize
984KB

Download
memory/1504-55-0x0000000000400000-0x00000000008C4000-memory.dmp

Filesize
4.8MB

Download
memory/1504-56-0x0000000000400000-0x00000000008C4000-memory.dmp

Filesize
4.8MB

Download