32c25f32973977f55948bcd9896964b98a948ff4a9af600fd0a3cb280993e307 | Triage

Analysis

max time kernel
92s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2022 18:59

Sharing

Report Analysis Logs

General

Target

六六辅助免费版1.0/六六辅助.exe
Size

1.2MB
MD5

fce4812edcfaccbc3bc8053ae2e8bc66
SHA1

3298b165d077c27d452ff50f4715b399acaa5af1
SHA256

318737f063c673871de810d81ed6818757d24f0b64e8b470bc571ce377ab64df
SHA512

5bd854fef0d09e7799e74b0267669d1a707c6db9eccc20eab546681aba842fa400ed94855f31f2925e22a8dbf12355df703822516aa01921f9558a560c894d16
SSDEEP

24576:O8ccmTY/Yoadge0GHKP+Zf/ErNc1y0s7L7CHk/xlq5B+:R8kgdgexqP8novZn+EZlu

Score

7^/10

themida

Malware Config

Signatures

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
behavioral6/memory/2816-132-0x0000000000400000-0x000000000065F000-memory.dmp	themida
behavioral6/memory/2816-134-0x0000000000400000-0x000000000065F000-memory.dmp	themida

C:\Users\Admin\AppData\Local\Temp\六六辅助免费版1.0\六六辅助.exe
"C:\Users\Admin\AppData\Local\Temp\六六辅助免费版1.0\六六辅助.exe"
1⤵
PID:2816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2816-132-0x0000000000400000-0x000000000065F000-memory.dmp

Filesize
2.4MB

Download
memory/2816-133-0x00000000022F0000-0x00000000023CF000-memory.dmp

Filesize
892KB

Download
memory/2816-134-0x0000000000400000-0x000000000065F000-memory.dmp

Filesize
2.4MB

Download