Overview

overview

7

Static

static

7

fb5b8381c8...a7.exe

windows7-x64

7

fb5b8381c8...a7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    111s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230824-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/08/2023, 06:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb5b8381c896aa6908b76900fa1e2f75f653a64ec4d00b3afbc8a81fcf07eba7.exe

  • Size

    8.7MB

  • MD5

    e8e8cf7821915da7b1f04ff6930b7e07

  • SHA1

    6fd4bb8a777cb4c732d319fc7b485e5a01037030

  • SHA256

    fb5b8381c896aa6908b76900fa1e2f75f653a64ec4d00b3afbc8a81fcf07eba7

  • SHA512

    54258afa73d1af5589a9f8db3d30a3db37c00c1d505bbf5fce3e93bb7e1ceb4b965cd9ddc8da596d5a6f8af472ba1426e2b216f8d00a22038f60f1ae290a25a6

  • SSDEEP

    196608:D6nmOG+MxcBD0kvbbVViXEoyxf+lHb6e6SQDi46eE7wUAwGDx0cJDR:D6nmOG+MSg6b6XEoN6SQDiRbw2KDR

Score
7/10
themida

Malware Config

Signatures

  • Themida packer 12 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p
    1⤵
    • Drops file in System32 directory
    PID:3540
  • C:\Users\Admin\AppData\Local\Temp\fb5b8381c896aa6908b76900fa1e2f75f653a64ec4d00b3afbc8a81fcf07eba7.exe
    "C:\Users\Admin\AppData\Local\Temp\fb5b8381c896aa6908b76900fa1e2f75f653a64ec4d00b3afbc8a81fcf07eba7.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:3784
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 764
      2⤵
      • Program crash
      PID:4340
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3784 -ip 3784
    1⤵
      PID:3204

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3784-1-0x0000000000CC0000-0x0000000001DF8000-memory.dmp

      Filesize

      17.2MB

      Download

    • memory/3784-2-0x0000000077674000-0x0000000077676000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3784-7-0x0000000000CC0000-0x0000000001DF8000-memory.dmp

      Filesize

      17.2MB

      Download

    • memory/3784-8-0x0000000000CC0000-0x0000000001DF8000-memory.dmp

      Filesize

      17.2MB

      Download

    • memory/3784-11-0x0000000000CC0000-0x0000000001DF8000-memory.dmp

      Filesize

      17.2MB

      Download

    • memory/3784-12-0x0000000000CC0000-0x0000000001DF8000-memory.dmp

      Filesize

      17.2MB

      Download

    • memory/3784-13-0x0000000000CC0000-0x0000000001DF8000-memory.dmp

      Filesize

      17.2MB

      Download

    • memory/3784-14-0x0000000000CC0000-0x0000000001DF8000-memory.dmp

      Filesize

      17.2MB

      Download

    • memory/3784-15-0x0000000000CC0000-0x0000000001DF8000-memory.dmp

      Filesize

      17.2MB

      Download

    • memory/3784-16-0x0000000000CC0000-0x0000000001DF8000-memory.dmp

      Filesize

      17.2MB

      Download

    • memory/3784-17-0x0000000000CC0000-0x0000000001DF8000-memory.dmp

      Filesize

      17.2MB

      Download

    • memory/3784-18-0x0000000000CC0000-0x0000000001DF8000-memory.dmp

      Filesize

      17.2MB

      Download

    • memory/3784-21-0x0000000000CC0000-0x0000000001DF8000-memory.dmp

      Filesize

      17.2MB

      Download