66e2e36ec7879446d5be949cdc6048822081c051603f6ff7c76307e7fbc25fa5

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b45c6dde8792bfebf1d4152ba172fdfd.exe
Size

4.5MB
MD5

b45c6dde8792bfebf1d4152ba172fdfd
SHA1

9751b7f6b0566dc80a1b9ba37a87269759e5e0ee
SHA256

66e2e36ec7879446d5be949cdc6048822081c051603f6ff7c76307e7fbc25fa5
SHA512

60654af398aa1f552266d0651f294f1f76a0fe7c42dfb438289b9f1c5c001340a25f626a7dcc5c1b9873ac87cdbfa0b58f80f20d4a390d9b9c7f65dc69480fa3
SSDEEP

98304:LO2vk8aBmNfy3Xl5TvhnwqQORFnMvWMd8sn5bFQWhFPb:K2vk8aUfI7T5nwqQOW3dRnVF5hd

Score

7^/10

themida

Malware Config

Signatures

Themida packer 16 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2328-3-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-31-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-33-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-34-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-36-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-37-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-38-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-39-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-40-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-41-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-42-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-43-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-44-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-45-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-46-0x0000000000400000-0x00000000011E2000-memory.dmp	themida
behavioral1/memory/2328-47-0x0000000000400000-0x00000000011E2000-memory.dmp	themida

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\PLUG.SYS	b45c6dde8792bfebf1d4152ba172fdfd.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2328	b45c6dde8792bfebf1d4152ba172fdfd.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2328	b45c6dde8792bfebf1d4152ba172fdfd.exe

C:\Users\Admin\AppData\Local\Temp\b45c6dde8792bfebf1d4152ba172fdfd.exe
"C:\Users\Admin\AppData\Local\Temp\b45c6dde8792bfebf1d4152ba172fdfd.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2328-0-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2328-1-0x0000000002B30000-0x0000000002C1A000-memory.dmp

Filesize
936KB

Download
memory/2328-3-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-4-0x0000000005900000-0x0000000005901000-memory.dmp

Filesize
4KB

Download
memory/2328-9-0x0000000005980000-0x0000000005981000-memory.dmp

Filesize
4KB

Download
memory/2328-15-0x0000000005A30000-0x0000000005A31000-memory.dmp

Filesize
4KB

Download
memory/2328-21-0x0000000005990000-0x0000000005991000-memory.dmp

Filesize
4KB

Download
memory/2328-25-0x00000000059D0000-0x00000000059D1000-memory.dmp

Filesize
4KB

Download
memory/2328-26-0x0000000005910000-0x0000000005911000-memory.dmp

Filesize
4KB

Download
memory/2328-28-0x00000000058D0000-0x00000000058D1000-memory.dmp

Filesize
4KB

Download
memory/2328-27-0x00000000058E0000-0x00000000058E1000-memory.dmp

Filesize
4KB

Download
memory/2328-29-0x0000000005CF0000-0x0000000005CF2000-memory.dmp

Filesize
8KB

Download
memory/2328-24-0x0000000005A10000-0x0000000005A11000-memory.dmp

Filesize
4KB

Download
memory/2328-23-0x0000000005A60000-0x0000000005A61000-memory.dmp

Filesize
4KB

Download
memory/2328-22-0x0000000005970000-0x0000000005971000-memory.dmp

Filesize
4KB

Download
memory/2328-20-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2328-19-0x0000000005A70000-0x0000000005A71000-memory.dmp

Filesize
4KB

Download
memory/2328-18-0x0000000005A40000-0x0000000005A41000-memory.dmp

Filesize
4KB

Download
memory/2328-17-0x0000000005A00000-0x0000000005A01000-memory.dmp

Filesize
4KB

Download
memory/2328-16-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download
memory/2328-14-0x00000000059C0000-0x00000000059C2000-memory.dmp

Filesize
8KB

Download
memory/2328-13-0x0000000005930000-0x0000000005931000-memory.dmp

Filesize
4KB

Download
memory/2328-12-0x00000000059F0000-0x00000000059F1000-memory.dmp

Filesize
4KB

Download
memory/2328-11-0x0000000005940000-0x0000000005941000-memory.dmp

Filesize
4KB

Download
memory/2328-10-0x00000000059B0000-0x00000000059B1000-memory.dmp

Filesize
4KB

Download
memory/2328-8-0x0000000001300000-0x0000000001301000-memory.dmp

Filesize
4KB

Download
memory/2328-7-0x0000000004CF0000-0x0000000004CF1000-memory.dmp

Filesize
4KB

Download
memory/2328-6-0x0000000004D00000-0x0000000004D02000-memory.dmp

Filesize
8KB

Download
memory/2328-5-0x00000000058F0000-0x00000000058F1000-memory.dmp

Filesize
4KB

Download
memory/2328-30-0x0000000005C20000-0x0000000005C22000-memory.dmp

Filesize
8KB

Download
memory/2328-31-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-32-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2328-33-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-34-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-35-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2328-36-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-37-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-38-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-39-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-40-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-41-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-42-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-43-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-44-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-45-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-46-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download
memory/2328-47-0x0000000000400000-0x00000000011E2000-memory.dmp

Filesize
13.9MB

Download