8fe1bdf894a348532ac867b19e75d8263bd655e5eba976d7ad7ec60597aedf6b

Analysis

max time kernel
186s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b078b766cf1daeefd687e26a6fc1b18.exe
Size

6.6MB
MD5

2b078b766cf1daeefd687e26a6fc1b18
SHA1

4140e587bbcf52fb88c6063bc0a1be810e40f131
SHA256

8fe1bdf894a348532ac867b19e75d8263bd655e5eba976d7ad7ec60597aedf6b
SHA512

07930864c121d056e878ad0da1801d46cc9cb8733364e1dda2432d5150f3a60ae913815a4012c5ab9e79898a5fa5e282bcdc45c6dd879390b7a98cb3c782fe42
SSDEEP

196608:N8Osp8bUVWUHHMi0EAdH0Jgz6oAJmM1e:uVtoUF0rdzKL1e

Score

7^/10

themida

Malware Config

Signatures

Themida packer 16 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2832-3-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-29-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-32-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-37-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-38-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-39-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-40-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-41-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-42-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-43-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-44-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-45-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-46-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-47-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-48-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida
behavioral1/memory/2832-49-0x0000000000400000-0x0000000000EE5000-memory.dmp	themida

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\driver.sys	2b078b766cf1daeefd687e26a6fc1b18.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\system\driver.temp	2b078b766cf1daeefd687e26a6fc1b18.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2832	2b078b766cf1daeefd687e26a6fc1b18.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2832	2b078b766cf1daeefd687e26a6fc1b18.exe

C:\Users\Admin\AppData\Local\Temp\2b078b766cf1daeefd687e26a6fc1b18.exe
"C:\Users\Admin\AppData\Local\Temp\2b078b766cf1daeefd687e26a6fc1b18.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2832-0-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2832-1-0x0000000002740000-0x0000000002822000-memory.dmp

Filesize
904KB

Download
memory/2832-3-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-25-0x0000000005410000-0x0000000005411000-memory.dmp

Filesize
4KB

Download
memory/2832-24-0x0000000005400000-0x0000000005401000-memory.dmp

Filesize
4KB

Download
memory/2832-23-0x0000000005680000-0x0000000005682000-memory.dmp

Filesize
8KB

Download
memory/2832-22-0x00000000056B0000-0x00000000056B2000-memory.dmp

Filesize
8KB

Download
memory/2832-21-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2832-20-0x0000000005420000-0x0000000005421000-memory.dmp

Filesize
4KB

Download
memory/2832-26-0x00000000053E0000-0x00000000053E1000-memory.dmp

Filesize
4KB

Download
memory/2832-19-0x00000000053F0000-0x00000000053F1000-memory.dmp

Filesize
4KB

Download
memory/2832-18-0x00000000053B0000-0x00000000053B1000-memory.dmp

Filesize
4KB

Download
memory/2832-17-0x00000000052E0000-0x00000000052E1000-memory.dmp

Filesize
4KB

Download
memory/2832-16-0x0000000005370000-0x0000000005372000-memory.dmp

Filesize
8KB

Download
memory/2832-15-0x0000000005440000-0x0000000005441000-memory.dmp

Filesize
4KB

Download
memory/2832-14-0x00000000052F0000-0x00000000052F1000-memory.dmp

Filesize
4KB

Download
memory/2832-13-0x0000000005430000-0x0000000005431000-memory.dmp

Filesize
4KB

Download
memory/2832-12-0x00000000053A0000-0x00000000053A1000-memory.dmp

Filesize
4KB

Download
memory/2832-11-0x0000000005300000-0x0000000005301000-memory.dmp

Filesize
4KB

Download
memory/2832-10-0x0000000005360000-0x0000000005361000-memory.dmp

Filesize
4KB

Download
memory/2832-9-0x0000000005350000-0x0000000005351000-memory.dmp

Filesize
4KB

Download
memory/2832-8-0x0000000005340000-0x0000000005341000-memory.dmp

Filesize
4KB

Download
memory/2832-7-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/2832-6-0x00000000028D0000-0x00000000028D2000-memory.dmp

Filesize
8KB

Download
memory/2832-5-0x00000000052C0000-0x00000000052C1000-memory.dmp

Filesize
4KB

Download
memory/2832-4-0x00000000052D0000-0x00000000052D1000-memory.dmp

Filesize
4KB

Download
memory/2832-27-0x0000000005380000-0x0000000005381000-memory.dmp

Filesize
4KB

Download
memory/2832-28-0x0000000005330000-0x0000000005331000-memory.dmp

Filesize
4KB

Download
memory/2832-29-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-30-0x0000000005320000-0x0000000005321000-memory.dmp

Filesize
4KB

Download
memory/2832-31-0x00000000052B0000-0x00000000052B1000-memory.dmp

Filesize
4KB

Download
memory/2832-32-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-33-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2832-35-0x00000000055D0000-0x00000000055D2000-memory.dmp

Filesize
8KB

Download
memory/2832-34-0x00000000053D0000-0x00000000053D1000-memory.dmp

Filesize
4KB

Download
memory/2832-36-0x00000000053C0000-0x00000000053C1000-memory.dmp

Filesize
4KB

Download
memory/2832-37-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-38-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-39-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-40-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-41-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-42-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-43-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-44-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-45-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-46-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-47-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-48-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download
memory/2832-49-0x0000000000400000-0x0000000000EE5000-memory.dmp

Filesize
10.9MB

Download