7108f07084ad9463edc01d5bed2745c1b9fb813d19e45aff033ed8f87720d5c0

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8db1df6544a46f0d6bbbb68deb281b61.exe
Size

2.8MB
MD5

8db1df6544a46f0d6bbbb68deb281b61
SHA1

fed1276cd88f7d7b42cdbc17b5aa055a20b787b0
SHA256

7108f07084ad9463edc01d5bed2745c1b9fb813d19e45aff033ed8f87720d5c0
SHA512

9b62efac793abe13ba3984944b978b1b0350f12427f1aac16c09dda694f8049809d3408500805d1649e1c0028d35ebf8de3a9482e18f2ab38e7a25567f9ee0ce
SSDEEP

49152:G7giBkyvYgVVc0RX60MpQ4IcBieSelGrmc+nppZFHRrLT95tVbOmq:egEaQXi3IeTcqppPxr/ztV6p

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	8db1df6544a46f0d6bbbb68deb281b61.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	8db1df6544a46f0d6bbbb68deb281b61.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	8db1df6544a46f0d6bbbb68deb281b61.exe

Themida packer 6 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2932-0-0x0000000000400000-0x0000000000B82000-memory.dmp	themida
behavioral1/memory/2932-1-0x0000000000400000-0x0000000000B82000-memory.dmp	themida
behavioral1/memory/2932-2-0x0000000000400000-0x0000000000B82000-memory.dmp	themida
behavioral1/memory/2932-3-0x0000000000400000-0x0000000000B82000-memory.dmp	themida
behavioral1/memory/2932-4-0x0000000000400000-0x0000000000B82000-memory.dmp	themida
behavioral1/memory/2932-7-0x0000000000400000-0x0000000000B82000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	8db1df6544a46f0d6bbbb68deb281b61.exe

C:\Users\Admin\AppData\Local\Temp\8db1df6544a46f0d6bbbb68deb281b61.exe
"C:\Users\Admin\AppData\Local\Temp\8db1df6544a46f0d6bbbb68deb281b61.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2932-0-0x0000000000400000-0x0000000000B82000-memory.dmp

Filesize
7.5MB

Download
memory/2932-1-0x0000000000400000-0x0000000000B82000-memory.dmp

Filesize
7.5MB

Download
memory/2932-2-0x0000000000400000-0x0000000000B82000-memory.dmp

Filesize
7.5MB

Download
memory/2932-3-0x0000000000400000-0x0000000000B82000-memory.dmp

Filesize
7.5MB

Download
memory/2932-4-0x0000000000400000-0x0000000000B82000-memory.dmp

Filesize
7.5MB

Download
memory/2932-7-0x0000000000400000-0x0000000000B82000-memory.dmp

Filesize
7.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads