Overview

overview

9

Static

static

7

launcher (18).exe

windows7-x64

7

launcher (18).exe

windows10-2004-x64

9

Analysis

  • max time kernel
    80s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/09/2022, 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    launcher (18).exe

  • Size

    12.3MB

  • MD5

    1f2b01f1b19f99014203783908b60e90

  • SHA1

    ffa1cd057c490976007f84e5f408d6d242449b30

  • SHA256

    9cf8699c3b57588c8073d861e0e608c4447683225bd6dae7c63288e94d36f5dc

  • SHA512

    09d0e9dcea66e24863017690a58e36c7b258bd145c3e405e6531b6798a60808e74c5ef3c9c8f9ea113218f53661e3a2b7720a0c77d8d64986afc9570bfc7f517

  • SSDEEP

    98304:1zaYWTelH/kP5YK+SGBv1F+qz3ZJ9xr9+rqNqpTPiX7tZ2mz7mb:1zaYWTAYb+Fv19zJbj+rqNyPgv1g

Score
9/10
evasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 4 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\launcher (18).exe
    "C:\Users\Admin\AppData\Local\Temp\launcher (18).exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • NTFS ADS
    • Suspicious use of SetWindowsHookEx
    PID:4328

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4328-132-0x00007FF7CF8E0000-0x00007FF7D07D8000-memory.dmp

    Filesize

    15.0MB

    Download

  • memory/4328-133-0x00007FFAD6610000-0x00007FFAD6805000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4328-134-0x00007FF7CF8E0000-0x00007FF7D07D8000-memory.dmp

    Filesize

    15.0MB

    Download

  • memory/4328-135-0x00007FF7CF8E0000-0x00007FF7D07D8000-memory.dmp

    Filesize

    15.0MB

    Download

  • memory/4328-136-0x00007FFAD6610000-0x00007FFAD6805000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4328-137-0x00007FF7CF8E0000-0x00007FF7D07D8000-memory.dmp

    Filesize

    15.0MB

    Download

  • memory/4328-138-0x00007FFAD6610000-0x00007FFAD6805000-memory.dmp

    Filesize

    2.0MB

    Download