Overview

overview

7

Static

static

7

tmp.exe

windows7-x64

7

tmp.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    111s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/02/2023, 16:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    13.0MB

  • MD5

    747993ff11324079472ac0810b4c21e7

  • SHA1

    1ab3909e6b07bd0d2c381e9d31031e9a3eaef45f

  • SHA256

    a17505621fb5552d486255ed81cb84c4f88b6021e5996a0edae1805b8f9b0b32

  • SHA512

    d0e0d4bd9561f893d5a6c40f5eaae98e0d6ac4a96385ddb0351235642c48f4561c4dca4700d375e17bc8fb8989d4888210987fee67541e700b137c4c4754f96e

  • SSDEEP

    196608:R5bVr6da8b4Ae6hPgJuHfRc86EPOulPvmc47aiLUkSG6AS4Af0WrDdEuGLGMNUII:dm9f1HfrO0PvmraiL+waNEu22I/nA

Score
7/10
themida

Malware Config

Signatures

  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2356

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2356-132-0x0000000000400000-0x0000000001972000-memory.dmp

          Filesize

          21.4MB

          Download

        • memory/2356-133-0x0000000000400000-0x0000000001972000-memory.dmp

          Filesize

          21.4MB

          Download