50fded2736695e70c637cf95ee15d24bc26ce08ba0eeafbcb90aa812df79f311

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 14:30

Target

50d05186b37f46bd5f3c24c7e6f51c7b.exe
Size

966KB
MD5

50d05186b37f46bd5f3c24c7e6f51c7b
SHA1

4142fe4101366b15e0dde93737d14f59891075a5
SHA256

50fded2736695e70c637cf95ee15d24bc26ce08ba0eeafbcb90aa812df79f311
SHA512

2b0a6a8db258b19c15c0f11dacd2f594bba3e5d36ca998de30e41190d92b1512b14865aeba4690c9139458e9308e5f2b2a2dc4d521759f70579a83f9c910d883
SSDEEP

24576:b+SFyBB9MIPrOUzi1mvIoou6qJd6j1I4AHf0cNSMiz1b:E+w9vIoou5bwatSMs9

Score

7^/10

themida

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
behavioral1/memory/2816-0-0x0000000000400000-0x00000000004EF000-memory.dmp	themida
behavioral1/memory/2816-23-0x0000000000400000-0x00000000004EF000-memory.dmp	themida

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2816	50d05186b37f46bd5f3c24c7e6f51c7b.exe
2816	50d05186b37f46bd5f3c24c7e6f51c7b.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 1376	2816	50d05186b37f46bd5f3c24c7e6f51c7b.exe	7
PID 2816 wrote to memory of 1376	2816	50d05186b37f46bd5f3c24c7e6f51c7b.exe	7
PID 2816 wrote to memory of 1376	2816	50d05186b37f46bd5f3c24c7e6f51c7b.exe	7
PID 2816 wrote to memory of 1376	2816	50d05186b37f46bd5f3c24c7e6f51c7b.exe	7
PID 2816 wrote to memory of 1376	2816	50d05186b37f46bd5f3c24c7e6f51c7b.exe	7
PID 2816 wrote to memory of 1376	2816	50d05186b37f46bd5f3c24c7e6f51c7b.exe	7

memory/1376-3-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

Filesize
4KB

Download
memory/1376-9-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

Filesize
24KB

Download
memory/2816-0-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2816-1-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2816-21-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2816-23-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download