745b0553570d3f9038fad36ab9ccfd0c8431d7780fcba34996fc6972955f1d16

Analysis

max time kernel
145s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d6367d4a0deb9d410be6b359c7f4dff.exe
Size

5.1MB
MD5

1d6367d4a0deb9d410be6b359c7f4dff
SHA1

a7d2e29de93120a8876760e16fcfa4894c04eb0a
SHA256

745b0553570d3f9038fad36ab9ccfd0c8431d7780fcba34996fc6972955f1d16
SHA512

fe9961f802f47017fe2170cadcd5e25b3ce54e7a688b2036f417d8f80a7ae5e6619038dc4df46cd0601f09488cb8cef087a07064d8c02414e9eaf33727891e2e
SSDEEP

98304:KdfZ9V8z3IavkoIaT14ZdhECN/VYrnIL7eyKYG4SC1Zto:KD96z4acoIaTGZdK+tPveyKs1Zt

Score

7^/10

themida

Malware Config

Signatures

Themida packer 7 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2372-2-0x0000000000400000-0x0000000001132000-memory.dmp	themida
behavioral1/memory/2372-29-0x0000000000400000-0x0000000001132000-memory.dmp	themida
behavioral1/memory/2372-31-0x0000000000400000-0x0000000001132000-memory.dmp	themida
behavioral1/memory/2372-32-0x0000000000400000-0x0000000001132000-memory.dmp	themida
behavioral1/memory/2372-34-0x0000000000400000-0x0000000001132000-memory.dmp	themida
behavioral1/memory/2372-35-0x0000000000400000-0x0000000001132000-memory.dmp	themida
behavioral1/memory/2372-36-0x0000000000400000-0x0000000001132000-memory.dmp	themida

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2372	1d6367d4a0deb9d410be6b359c7f4dff.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2372	1d6367d4a0deb9d410be6b359c7f4dff.exe

C:\Users\Admin\AppData\Local\Temp\1d6367d4a0deb9d410be6b359c7f4dff.exe
"C:\Users\Admin\AppData\Local\Temp\1d6367d4a0deb9d410be6b359c7f4dff.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2372-1-0x0000000002950000-0x0000000002A31000-memory.dmp

Filesize
900KB

Download
memory/2372-0-0x0000000001140000-0x0000000001141000-memory.dmp

Filesize
4KB

Download
memory/2372-25-0x00000000057D0000-0x00000000057D1000-memory.dmp

Filesize
4KB

Download
memory/2372-24-0x0000000005730000-0x0000000005731000-memory.dmp

Filesize
4KB

Download
memory/2372-23-0x00000000058A0000-0x00000000058A1000-memory.dmp

Filesize
4KB

Download
memory/2372-22-0x0000000005890000-0x0000000005891000-memory.dmp

Filesize
4KB

Download
memory/2372-21-0x0000000005810000-0x0000000005811000-memory.dmp

Filesize
4KB

Download
memory/2372-20-0x0000000004B60000-0x0000000004B61000-memory.dmp

Filesize
4KB

Download
memory/2372-19-0x00000000058B0000-0x00000000058B1000-memory.dmp

Filesize
4KB

Download
memory/2372-18-0x0000000005880000-0x0000000005881000-memory.dmp

Filesize
4KB

Download
memory/2372-17-0x0000000005840000-0x0000000005841000-memory.dmp

Filesize
4KB

Download
memory/2372-16-0x0000000005770000-0x0000000005771000-memory.dmp

Filesize
4KB

Download
memory/2372-15-0x0000000005870000-0x0000000005871000-memory.dmp

Filesize
4KB

Download
memory/2372-14-0x0000000005800000-0x0000000005802000-memory.dmp

Filesize
8KB

Download
memory/2372-13-0x0000000005780000-0x0000000005781000-memory.dmp

Filesize
4KB

Download
memory/2372-12-0x00000000058C0000-0x00000000058C1000-memory.dmp

Filesize
4KB

Download
memory/2372-11-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/2372-10-0x0000000005790000-0x0000000005791000-memory.dmp

Filesize
4KB

Download
memory/2372-9-0x00000000057F0000-0x00000000057F1000-memory.dmp

Filesize
4KB

Download
memory/2372-8-0x00000000057C0000-0x00000000057C1000-memory.dmp

Filesize
4KB

Download
memory/2372-7-0x0000000005750000-0x0000000005751000-memory.dmp

Filesize
4KB

Download
memory/2372-6-0x00000000056F0000-0x00000000056F1000-memory.dmp

Filesize
4KB

Download
memory/2372-5-0x0000000005700000-0x0000000005702000-memory.dmp

Filesize
8KB

Download
memory/2372-4-0x0000000005740000-0x0000000005741000-memory.dmp

Filesize
4KB

Download
memory/2372-3-0x0000000005760000-0x0000000005761000-memory.dmp

Filesize
4KB

Download
memory/2372-2-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-28-0x0000000005850000-0x0000000005851000-memory.dmp

Filesize
4KB

Download
memory/2372-27-0x0000000005A70000-0x0000000005A72000-memory.dmp

Filesize
8KB

Download
memory/2372-26-0x00000000057B0000-0x00000000057B1000-memory.dmp

Filesize
4KB

Download
memory/2372-29-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-30-0x0000000001140000-0x0000000001141000-memory.dmp

Filesize
4KB

Download
memory/2372-31-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-32-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-33-0x0000000004B60000-0x0000000004B61000-memory.dmp

Filesize
4KB

Download
memory/2372-34-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-35-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-36-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-37-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-38-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-39-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-40-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-41-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-42-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-43-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-44-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download
memory/2372-45-0x0000000000400000-0x0000000001132000-memory.dmp

Filesize
13.2MB

Download