Overview

overview

7

Static

static

7

8aa2be1702...1f.exe

windows7-x64

7

8aa2be1702...1f.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2024, 21:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8aa2be1702176bd5ddd7fa48503e6c1f.exe

  • Size

    1.7MB

  • MD5

    8aa2be1702176bd5ddd7fa48503e6c1f

  • SHA1

    7d540aef91d02f9c8391c656208f7658e28ebc8b

  • SHA256

    b69fdab376426ff009dffda7795db30a06ef5fe81f556dd4bd74fe772eecca64

  • SHA512

    fcd2f147a02ac49a9c3bbb37b943eb3a18862a3e3a44595e7ab5a3ff2ac6f3ee886d9ec86f7db7571f6bc0b9e7bb28e48d90a68130d320588ba0e89307e1a164

  • SSDEEP

    49152:uovru772Q8hn7hUmMHl/tdm+6MaIRYeHJp39DV:uarE7f8hFs9to+FaqztR

Score
7/10
themida

Malware Config

Signatures

  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1384
      • C:\Users\Admin\AppData\Local\Temp\8aa2be1702176bd5ddd7fa48503e6c1f.exe
        "C:\Users\Admin\AppData\Local\Temp\8aa2be1702176bd5ddd7fa48503e6c1f.exe"
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2360

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1384-5-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1384-12-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

            Filesize

            24KB

            Download

          • memory/2360-1-0x0000000004280000-0x0000000004281000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2360-0-0x0000000004270000-0x0000000004272000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2360-2-0x0000000004260000-0x0000000004261000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2360-7-0x0000000000400000-0x00000000007AF000-memory.dmp

            Filesize

            3.7MB

            Download

          • memory/2360-3-0x0000000010000000-0x0000000010011000-memory.dmp

            Filesize

            68KB

            Download

          • memory/2360-25-0x0000000010000000-0x0000000010011000-memory.dmp

            Filesize

            68KB

            Download