Overview

overview

7

Static

static

7

7d68cf9aaa...da.exe

windows7-x64

7

7d68cf9aaa...da.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28-01-2024 16:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7d68cf9aaafca54d7ed1dfc114787cda.exe

  • Size

    1.2MB

  • MD5

    7d68cf9aaafca54d7ed1dfc114787cda

  • SHA1

    1353dcd76c24afc32532754011eba7f8a18edc25

  • SHA256

    2b02458d23349a94539ab53cc2bb8922bc6022a46d6351d7b93c510fcae1ba08

  • SHA512

    1709b741a32fba218c5cb190607f887f80955728f4306b415c1ad45e6f5120c83c0c9c8c1ac5abdd5affeef0f0d3ad28fb8900c9b2a13f3497240c83aa697f90

  • SSDEEP

    24576:HvcTUYMxqssWkH8VtA5ddGwb3/c8x2CPXGm5bHuS6gKZDzb:iU3qsstH88ddzE8vGSHuzD

Score
7/10
themida

Malware Config

Signatures

  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7d68cf9aaafca54d7ed1dfc114787cda.exe
    "C:\Users\Admin\AppData\Local\Temp\7d68cf9aaafca54d7ed1dfc114787cda.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.freetravelfriends.com/banners/index.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2648
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    440f08b3db373db6e0d5276aa7bd574f

    SHA1

    947971c9fa209c3bbf7be8df1073ebcf1e6c0108

    SHA256

    23120515da36a716e05797d9f234bd34ef7a73b71fd709257d73fa04dc5ac5a7

    SHA512

    51a582b479c7e30fe90094bfcee7e04557c68f2022be08f5203736664c7925d9754ca04182a6dd294e417aa2b11f143122446fa82c0a6f5830112e187e7ba686

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    60cd3c1fe8881333709eea418e9e2495

    SHA1

    21b213839c9bfe4ce18dc9f6212c70f9768d25e3

    SHA256

    0a1a049c568bfacaa2db252da31f5cd48eae193cc6242aae94f0ed51d77100af

    SHA512

    e6c974d589ad5496f31425725ebba4230f845fb492338f7a4a2229c0d6d7f4520a85fd891c2e4023f0122981bd6c221d2a96b9cc5e64e86b57863fab73cd02f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    911f1c47aad24714fc32576d6af05895

    SHA1

    688dac62a11922e6a69bb15d431b668f7efaab6c

    SHA256

    9c2daadf75f54f6df3cf9c2c697788e164e17ffb854c65a8011089e24d407b35

    SHA512

    e9d3bb4a22171d0fb88be66c1a305876ddecea968392c23c9f3f74651cf269b77c2b7897a73d920d9961bd76fefe93c800d285b7275e4aa187a1f95ab4a2af37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf606cf6a093f6ce2a5b0a8c1e37132c

    SHA1

    06aff271bc88c1090b4dcc924d8ac3a543b0c208

    SHA256

    1bd79852136dc965ffe9ffc9301b4da86970e1e13f09c3f0e8ab0de8fc2020de

    SHA512

    294c28ea09e3cc093d033126a207c6df95fc5aabeb6bb9057a55fe3796f161808308842e5494731d240b76506b7b28133b429ccfffae89e288a07a56b6279cef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2390ebe69847755b251de8f5ede67283

    SHA1

    7af668cc7094f4822cc49755282d3217575a997e

    SHA256

    783f73d7f88d587727d56bf7687858d59a0b480b3e22fed3ad4fc91ea470ece7

    SHA512

    35311683b5395e7dad058ec76431b64437da08ef6c742ae54630254d479c17b3843b2eb96193d453fae081f85fba117ccfa713d2f26e3869b18d1bbbee96a964

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    34f8163e337522b33ea294ca8ccd948b

    SHA1

    acf6575ae1bfb0c6bf2ed763fa304beac6d49fd1

    SHA256

    1b8f258ffad7a4bfb8324350a5172252934d7d6c5d460237a8c9be91aa99daed

    SHA512

    863de57ea7bfd7b1b0555364a1cb134d6dfa6bb35dfb38344510ad49ced28f554a0783e5a89797c00b9b09809b1b2209ccda05bc33465416e2cb7af422c90875

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5b5f01ff691ec11467170403b59e3dc7

    SHA1

    c72afe735a35e3e81585e5b88d0c4c3dfd6fd588

    SHA256

    aa8a0f8268b72b5396e23454de8ff2996aed8221dff156f49bf8ce743beae541

    SHA512

    78a44d2df46da22b43e7a4684b9d93f558c7e0a0ff6fef2a2029383c967338131b59bacb6dbda953c35b86eb901eb752da840086181df5e73e265642ffa84d50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b89e4db1a8794a0ceb468fb304deee56

    SHA1

    c3f4b6139819367e7d0dbadf49b661088bfd1d15

    SHA256

    aacf9f96b7e1d614f3276e3f4d89adcb68d1f0acd5d618143a7608866265a318

    SHA512

    bdc73273e622d4728b7213b7f29ece0958584821ea3d8a79547b156694bcd6f971c91ae53ee25291a4951dc7b98f4f75b528af05dc17967bea6ac111a020e5ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2e3b02b6d85fdc4c8a538f509e56cef9

    SHA1

    5f898e39475c6863ab64a23dee93fd85fc75e0c4

    SHA256

    6276074fa1826ac37b2fc241531b31d9b4a4cfba25d124f041fd811fb8913d0e

    SHA512

    95368d275598297ee09f7542f5fa2d11ddbd118034aa65511415922bed79a227b7a1c1856bb359e395de86fdf878202bed0f25838264dd54b597fafc79ef40c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    884258eeccbf561a520a3569faaa0bab

    SHA1

    122b5f0aeb1e83aad686addb2c3fcdec4b6b3b6a

    SHA256

    bd3c38916e223fb9977876f3d5b4dbdb515e2b5659a7811c2d53e99ad6eeaa1d

    SHA512

    73ab10614c1850f53cfd8ad498a202b2c304a6c4070178b72b555ac26fbc89b5bbdb8abaa290f3425546f4db90ccb433364e4275582fb72a7ff2833941e4eab8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8ac3bd810fc9ff676191bc4f643d7775

    SHA1

    3c8c93f80796df2e2d39f96ab187610965cdbcb4

    SHA256

    dc8f93cf8389e99be1e172263f315dbf50f68a8bdd40f952d45444d6d527673f

    SHA512

    6480627fddadf64bb284175ea9581dd85c20573153758a96fbb04febd871be04cccca9eb5a8391284652c8d92b7b34ac825a3bde66735a5a2612a2dab2146ace

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08e93e73147678ddfc994624a1389753

    SHA1

    a42e52652353b76cf38997e241bf4915cdf91c2e

    SHA256

    a8f62f20e3a00ec29c8d08967c6f2a96aa1f8e1ee44a7e835a7bb7eafc83fef7

    SHA512

    fe6fd229c740a2359eafa291de75bc1a8a43517d4b59cbde2177fb09b7ed1436e976c24a9e53dac9e2fe37442052eaf4dfee32439abbd12051176eb567d67357

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    45ecc6d512958dae4398be14e1dfa311

    SHA1

    198d40db4d6da8f2b029376890d0b6f5365f030c

    SHA256

    40272639f6c9133fbb6890238546e3779fab9e5b367384666eacb328fd543d88

    SHA512

    60169549678a6933f7df72dceec5ed78be673c001af67f63d688b0832207f58c8385d81ab4669422f6845fe36f5f93d5f2c49a14821335061cbeae97a9a12273

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    252c23489f38ddd12cb7cd4f19e8966c

    SHA1

    0753f42ab93d181a74192a16b3e77e26095e2130

    SHA256

    2c42594c6e16c80fa45d4bddd7e5a5d12824f12237e991f59b90338b225ac23e

    SHA512

    e97fb04067e59c978b4a8d120557bb52c300db8fc4d65e876f2c161105c2a1eabc6e494874d03caf7b6c4e51ed622f7696d4af04b1b6676e56eeb919a3c94ed5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ecf83b2293bfc055b6a15b7654ee37f5

    SHA1

    0c030527fbb4a1e03598a9c12c1acaad07e6da97

    SHA256

    033af45ee40f1206a770cdaab5efa2134259588eb87c535c1bc95360e33e75cd

    SHA512

    c62782cceb2306f54d1d9bd96fde3915a2c881a8c3704356b4ab8016c352c60ac00d8d257eb522e1ac6ca2a766ded9de714f46473f00204eef9266bcdafc4625

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5daf5ed9469525ce51a6d919c6877d25

    SHA1

    d6370f56a7621f3da0acc902f0a2dcce1a93a525

    SHA256

    6108a1319a8e46ad88f9b78bf08e59bb81dfdf8a7d41f9292bea3674ad94a12d

    SHA512

    1e260296884957908cadd04cff8d99711d9717738ea55afa749365910222d004b1d0948733967fcb9deffb64589d9e040dfd5d9b1b84f16728572ebe3f292715

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab875B.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar87FB.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/3016-7-0x0000000004190000-0x0000000004191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-2-0x0000000000400000-0x000000000065C000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3016-1-0x00000000002F0000-0x00000000003D8000-memory.dmp

    Filesize

    928KB

    Download

  • memory/3016-0-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-6-0x00000000046F0000-0x00000000046F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-8-0x0000000004700000-0x0000000004701000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-123-0x0000000000400000-0x000000000065C000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3016-9-0x00000000041D0000-0x00000000041D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-259-0x0000000000400000-0x000000000065C000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3016-5-0x00000000041A0000-0x00000000041A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-10-0x00000000041C0000-0x00000000041C1000-memory.dmp

    Filesize

    4KB

    Download