399101cfcd75d49d0025832274d295bbd6df5bf86aca060705036d4f85ce104d

Analysis

max time kernel
125s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 19:01

Target

Dipnig.exe
Size

5.4MB
MD5

4e71245e4efe50b537953a48ceb2b915
SHA1

224d47598f92fde3b51fc0046261f037e11aa2d7
SHA256

399101cfcd75d49d0025832274d295bbd6df5bf86aca060705036d4f85ce104d
SHA512

a09a473c221bf71abc97444c8d04f3c4665acc1253bcdcf40231c411a34b4222abead6cba0dad6d7c0ee14ff20e6b67c859d9b90fc065d8a1fe0c9aa48b48ccd
SSDEEP

98304:/kMxWW6wQXV7iwee/zR6OKnHA0tYCsbPsHIZ7HLt/q3qSDONQTX1Rx7eCA:/vxj4dD/9DUHPtdqCIZ7rt8qdijRA

Score

7^/10

themida

Themida packer 3 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
behavioral1/memory/2244-0-0x00007FF7DAAB0000-0x00007FF7DB416000-memory.dmp	themida
behavioral1/memory/2244-4-0x00007FF7DAAB0000-0x00007FF7DB416000-memory.dmp	themida
behavioral1/memory/2244-7-0x00007FF7DAAB0000-0x00007FF7DB416000-memory.dmp	themida

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2244	Dipnig.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2244	Dipnig.exe
2244	Dipnig.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

memory/2244-0-0x00007FF7DAAB0000-0x00007FF7DB416000-memory.dmp

Filesize
9.4MB

Download
memory/2244-2-0x00007FFBDBF90000-0x00007FFBDBF92000-memory.dmp

Filesize
8KB

Download
memory/2244-3-0x00007FFBDBFA0000-0x00007FFBDBFA2000-memory.dmp

Filesize
8KB

Download
memory/2244-4-0x00007FF7DAAB0000-0x00007FF7DB416000-memory.dmp

Filesize
9.4MB

Download
memory/2244-7-0x00007FF7DAAB0000-0x00007FF7DB416000-memory.dmp

Filesize
9.4MB

Download