Analysis Overview
SHA256
cc4ecbd650c1f59f00db2cf194bcdae022567c14c06e2d1f603559d73e62a8d9
Threat Level: Known bad
The file 3660-149-0x00000000004A0000-0x0000000000F55000-memory.dmp was found to be: Known bad.
Malicious Activity Summary
Bitrat family
BitRAT
Themida packer
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-12-05 07:45
Signatures
Bitrat family
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2022-12-05 07:45
Reported
2022-12-05 07:48
Platform
win7-20221111-en
Max time kernel
6s
Max time network
33s
Command Line
Signatures
BitRAT
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3660-149-0x00000000004A0000-0x0000000000F55000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\3660-149-0x00000000004A0000-0x0000000000F55000-memory.exe"
Network
Files
memory/1392-54-0x00000000004A0000-0x0000000000F55000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-12-05 07:45
Reported
2022-12-05 07:48
Platform
win10v2004-20220901-en
Max time kernel
61s
Max time network
153s
Command Line
Signatures
BitRAT
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3660-149-0x00000000004A0000-0x0000000000F55000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\3660-149-0x00000000004A0000-0x0000000000F55000-memory.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 8.238.110.126:80 | tcp |
Files
memory/2416-132-0x00000000004A0000-0x0000000000F55000-memory.dmp