Analysis

  • max time kernel
    232s
  • max time network
    260s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2022 07:39

General

  • Target

    3660-144-0x00000000004A0000-0x0000000000F55000-memory.exe

  • Size

    10.7MB

  • MD5

    473ca62fcae1c9dded4be15c8524d7c6

  • SHA1

    71c2795e16968076c2d75208c0ee88adebe10dbe

  • SHA256

    0dbaf32d4049d7382c4dc63e106d6147afce076058a05ee67229d6658c34dfbd

  • SHA512

    0c8f80181d0844e63a7d74fc1fd99c34282c1a5261c9e9acae80bb1e6ed34dda7e9ce91bc32fdb6d45c7a1719e83870c063305a0d5180e910a832c16c48e2439

  • SSDEEP

    196608:O+R/eZADUXRqexxlLgc+gvhw+IArguUU/F5hjcah1FO:1R/eBX0exnccNbg8fYaX0

Score
10/10

Malware Config

Signatures

  • BitRAT

    BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3660-144-0x00000000004A0000-0x0000000000F55000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\3660-144-0x00000000004A0000-0x0000000000F55000-memory.exe"
    1⤵
      PID:3788

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3788-132-0x00000000004A0000-0x0000000000F55000-memory.dmp

      Filesize

      10.7MB