Analysis

  • max time kernel
    12s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2023, 17:47

General

  • Target

    BO2Pluto.exe

  • Size

    3.6MB

  • MD5

    37d4826fd498fbd4627ef6dbec59b0fb

  • SHA1

    9a7d92e86d3b2f5f65acc0b013e80aa5274bb450

  • SHA256

    0abfed3f99a461acfe92801f6d00786391dc6278bfa4f8a7b12a6b888b93205f

  • SHA512

    2d5f8bf700501947373ef5a228607831d96aba9000b361473942ee77c891048abd792ac9f515f8d55eddc80c71d3262634e39459818676ccfe3df84155292a0c

  • SSDEEP

    98304:ezFF1vMh0GYNcGpadbhzDRHkoCvwijhoAb7RKylM:ezF3MZ4cRdbJDREjoijhoAxDM

Score
7/10

Malware Config

Signatures

  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\BO2Pluto.exe
    "C:\Users\Admin\AppData\Local\Temp\BO2Pluto.exe"
    1⤵
      PID:2312

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2312-54-0x0000000000FD0000-0x0000000001855000-memory.dmp

      Filesize

      8.5MB

    • memory/2312-55-0x0000000000FD0000-0x0000000001855000-memory.dmp

      Filesize

      8.5MB