Overview

overview

7

Static

static

7

bc82d95372...6f.exe

windows7-x64

7

bc82d95372...6f.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2024, 18:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bc82d953727578be4399821119bf966f.exe

  • Size

    580KB

  • MD5

    bc82d953727578be4399821119bf966f

  • SHA1

    cf989ec5ea72e1394c889bae26943c4268a45518

  • SHA256

    edb03a8fe47a1c7f7a984d0bd57bfbe51e992d4d2f30ee66eb7a6d85975f612b

  • SHA512

    40d8c34f5b77c43e3e64055db275c33f1f26c26323cf674858cfda6a414d429511728c2717cdefc9393e8a85b77be2fec245936029c343b32c2f2a4f3e2942d6

  • SSDEEP

    12288:gCPDue9Y9SatUffreXKMmRbrdC74R3Pxg+lz8le:FPaemtUbcgRbxC7gPuYz8

Score
7/10
themida

Malware Config

Signatures

  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc82d953727578be4399821119bf966f.exe
    "C:\Users\Admin\AppData\Local\Temp\bc82d953727578be4399821119bf966f.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.orkut.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2724
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2956

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          46c84b884c189e91de3c7fc6b3384a52

          SHA1

          4b22af3e45348187c1bbd8af06760222bf6eb344

          SHA256

          3d015e9cdcd46524b9597b56149c23554eeab6de30050d80842ea41bf16729e7

          SHA512

          10f5413dff043de5e2fa9894d1f9e34b6b9ef254a4d0097c45048e8ffbee24c370a1e44dde3937d390bf7e930031a17b5857f4675595e0a976ded5ad78c628b1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d357fad64cfab6224c769f5f2877c56d

          SHA1

          f60353343bf403df873694f3e0222b7efbe14cb6

          SHA256

          1943e3f0aab0a5e550892195c7a412c4eb16b04478183b4bd2941b84d3e4c249

          SHA512

          e8f7b9690e9f6d512835e7ae6a53c31ccab2940e2aa71b129f00d1b5c68cc54c4cdabb65723e2cb67194ef2d13966845d9ff212789694e70ab248b4329ca6f9c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          7a9aeca76297ad2e5e05141116094fcf

          SHA1

          ad2434ba62dd9be533be455eb6e70736f1c34c49

          SHA256

          d089d3f91dc33a678dc5c37784c851516f54b0bca4c2e4cae287478f11cd4959

          SHA512

          4485084ecb1fb9a75c5b032c92edff11b410a7b9ab6705d3983d273148f0615b6f3fb988f6750ff119d80aa8df307602e831c563be4abd916a3d49d88cc35286

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          077909732fb206460cd90d2fda6334c8

          SHA1

          81c14a53d5e21eeba73abaa6b7b90dde3eba9a8d

          SHA256

          290418c675e179e6cd36d40964acca710696ebb721668027e27ac3a0164758b1

          SHA512

          475d4aa297dad5ba052805ff67fe32b68c0a5dd1e5df1a7bb93ec2634056dc9af3bdb7f1d6ce6ccd835e48994dd7a0632b1104f356ceb53d785345e498fce030

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a661509d62d85180f18ba07e23c2448d

          SHA1

          8c7dcef2fb2aac9a3dae12d6238a80003c8e46a4

          SHA256

          400d12458197f31e0781c54098fa5e769aa3208f3706f588d779bae26c56fd8b

          SHA512

          11bb7bd19d245b6d6c3ba8c2a9069b730c2c9b1401169e91ee3ba6928874fab3ca419c1d01eafe4a8de33ec9de06c0e8983929e62c49a7025bf61fe605788036

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6c2065e72a4b980fbdad167e12a93186

          SHA1

          5ad2367c6afbeaa743f4266519215913962be698

          SHA256

          c41186fc976eca8264fce289192a68b3dbf6a662373f015d92725cfa18ae4151

          SHA512

          cc2089ef084578dd6dae92708003f8f036195306746f080aab6fcc5c9e841e23b6a62b40848f225aa79b0c71244f19c7229d2b17abbcd9387055bf762fb4cb6d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ecb040d0516cf105cde7228206aa5197

          SHA1

          6841d7e94f19ea127ba8ab91e7fd0db8aecb1c50

          SHA256

          2f435fba4ad38c38bf9b331cc77c138714f8221d7004065f04461f8696912c09

          SHA512

          0890600db43ce100b7e7bc8a890c1ae51f841f6a76edb9af3efad35678b6f9f541339e86accd6e7d3affced7377b7f4df58f865cbedc23f89caf103dfc54d621

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          02b6963fb76804407ea2b7a9279e2d07

          SHA1

          891c21c4cf332b2285909e60725cac29546325ed

          SHA256

          ee6a34a35a6ba266c224229816e6e5fd91afa93dfef20f923aa8bac5f3422128

          SHA512

          c337cce67ad9d8f6e5e28a4054908f942ead67297155b4c6cdeae82e315c16c5cb8c1cede71a24addf32f6489d7c20890533a48d92b654a175cfe0c661b5384e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e22848cccd7655cf2e7939fc352e556f

          SHA1

          a5e38f8df946ffc8ccec1b968545c696a8cb32e3

          SHA256

          c8f5008ef56523c2a46d7a4b45c24a5c96b0724de6e163248442f89d9d6caf2f

          SHA512

          83746199f1c44629270e0e54117a73fec98473a2d4179ec47b8e306601bcb0672e3de37c2d93174867d94dbe85f316940a417021f647de6809b8387fdc2d93d1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          61b2b64f96282efa90e090cc2f990a0f

          SHA1

          466dd4114142d9c6d8f3a9320b70a351cf56dd25

          SHA256

          8fca14d5ac2213cd969a829d651f7cb265c5e377c5f70da4b3518c28d30091f6

          SHA512

          87adf7c3a3ebb8c86a3c18bb167d1084c3ba520c36def69da7f9c0de093e1c74eee384895bcb8a23b29b75b8e3d7dea22d91d576e704ff1b6e37a116d914333a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          379c14d0e698b07227304ed819b3dc7f

          SHA1

          e4c4ce8f4e10132d985d8e6027ea399b0c60cd10

          SHA256

          752a0f5a65507d6c20a9af79f29d2d855f9d1db33de167d1b724e9b76d95be80

          SHA512

          a1e4d3867a302dfa9b4f24375a820e95682e983345f96b6690e46d0a03a8adc15f47899a31423ff30c8c337a55ac7fb94ca3634d90759a54e59110c9d524f22e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          afce68f8e77c986090e8f22927ea710e

          SHA1

          177e341e4b3b00603fecd8ace5d12cec6b381db2

          SHA256

          3ac96a5cdee771093f284edc2c13f30ce02589e3eeb251b6fba32aeb52ef1a23

          SHA512

          be996bea754442678db725b742bc630240a7f4e22fa5e4e320083f5ba76fb4f9140e71a22cda3d416e265f104246348037f6fa52edc919dcb011854194b3030f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6936ae4b5117c0113a419a4a1969022c

          SHA1

          f6b4ec7a93bd1086e313ae649112c21eb033a2cc

          SHA256

          c762a52b6eefa885c2d2e174714dd5fed7348e4e640787c7e9577a24f57be339

          SHA512

          c3d6fcdeed598f2480eae39056bae94631feae351ad2818657edc249b8b9f1ee5fef1ce66f52b15fd272fea5ebabdc565093779adb7755de1a99f036e4d35797

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2b4b44d975d168e4a648fae5b165037f

          SHA1

          5939dcc94343197cb7904aa12c252bacacf61f7e

          SHA256

          fddc7786bf49b3cac0d3aec9b34a6bee7b9d59f77e86b5a483cf752a13a4786f

          SHA512

          e095c97d885c0100c87dec2512e60f52b264466e8b3bc2fde32d20c65e5eb685f0f76a7b0a4d7f3df37fc67dcb80bdde46db50bee4946ff3eeb90c4fb55f39c1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          aa385a9159a726f2c5acd253833e91dd

          SHA1

          cd846fe43b702cc943f09dab1b2d0b261555312a

          SHA256

          a7dd427fb97fc3ea27c3049eef3db1f8f2b95bcaa01163cfec30f4bedfb733b0

          SHA512

          16fef35abaedf3970cd30f4ba7d1aa8481aa73570826e92cb551f9bc0252ad26424bdee3bb68a4a6532d7a496bf156cebeda5a95c998b9ade95222ebb1c9f129

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          33e97060daeb3ddcbb353ece38902b7c

          SHA1

          fa82b9b0ca0ef9b6a42c9e43d611310644b61fb0

          SHA256

          ba0a49388f5c6eda3041d435f302c4046bacba481a41714f932098edfdddb2ae

          SHA512

          2bdc0614d7642327585f3a0d78346db1e88a755babb28fd807084efe61f01da26b5c6f5a395e23cd27e94f4fcb8960a0cb60c219be6bcee3ffcf436b60a527d8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8e566a3c7e78d5df65a244494ad71831

          SHA1

          086fad620136dc9c142c6d8dc075397ebfab42d8

          SHA256

          7e8fee0aba8b9d9867c3bac4da1a78585139699f1959d6dd187b3dd1dc19c978

          SHA512

          8dabd41d9f6ac84e17197e255d616a1cc66e039e778ec58ef190891b619211b74b98e79a4bd0ebae472d7456c84e3ce41c9c75e8c98ac82a94d70fa4c98ef0c4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a7ffd1d66dfd976c56b2e2c8777ca0ce

          SHA1

          68eebc07a8cd823e6d58f4e3278d977f25e4625a

          SHA256

          0b91d4c4b01ef2843d5b2eb8faf8695581fee4497b64251b566d43b6399ff90c

          SHA512

          85582f8114307337d22a20674c57a952ffa3d3a1453e3e30d627903477721044b80718033649514599b4ef633c5a3ad299183de4594028c66e2d00212c96b246

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          124e3a89b8dd4c96b33c76952141dfe4

          SHA1

          b12919fb28132e0711d3e477baf2f8751a33a973

          SHA256

          001da442265b893e526107ab5eee5de429db0becba67eb4bb8fddb509345a5d1

          SHA512

          32bf4ac5c6dfac9e2627e45c8c94642023b315d125e52a905a74e31dbfbeb5d9d42a2e86f4c84a683fa12c8745448d09e7fc5bc2d1cacd484d4a125cc4bdf408

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat
          Filesize

          99KB

          MD5

          6e86c79c58c3a0dc860d246aa1d2b096

          SHA1

          d4f5e927a643f2b14d1539df8569c1e9163a35dc

          SHA256

          699669369f59b13ffd01cb62aed8261718a50534176a150da01a980e88af2e67

          SHA512

          b17327809ae559c0ac6b061af9bb74991107f352be93a1dbd61255e242fdbfc9334b5bdf454d16183447f21752d54856f5304aec6b19559eae1fd297a4ef93c8

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\favicon[1].ico
          Filesize

          99KB

          MD5

          562fe6b5bc02c09537b054ba674740f3

          SHA1

          082f9d8d488f49c3085384009e9700b207dbd8c4

          SHA256

          29b906ce83796e0f46ff07dffbb9cd63278bace576d063fe3d888ab41c76e0d3

          SHA512

          c1a82e9104b03fc145aa8df7146b316e737d60cbacf6ec5221e0b7ccec4ef8f0bb9267f950363c84d3f67e916d728f36ca79f9d244400f8bcf3ff14a909a20ad

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab84BC.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab85D8.tmp
          Filesize

          67KB

          MD5

          753df6889fd7410a2e9fe333da83a429

          SHA1

          3c425f16e8267186061dd48ac1c77c122962456e

          SHA256

          b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

          SHA512

          9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar84BD.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar85EC.tmp
          Filesize

          175KB

          MD5

          dd73cead4b93366cf3465c8cd32e2796

          SHA1

          74546226dfe9ceb8184651e920d1dbfb432b314e

          SHA256

          a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

          SHA512

          ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

          Download Submit

        • memory/2124-13-0x00000000041D0000-0x00000000041D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-227-0x0000000004010000-0x0000000004011000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-27-0x0000000004100000-0x0000000004101000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-29-0x0000000004010000-0x0000000004011000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-28-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2124-2-0x0000000004060000-0x0000000004061000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-3-0x0000000004030000-0x0000000004032000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2124-4-0x0000000004020000-0x0000000004021000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-5-0x00000000040D0000-0x00000000040D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-6-0x0000000004090000-0x0000000004091000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-7-0x0000000004110000-0x0000000004111000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-8-0x0000000004190000-0x0000000004191000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-9-0x00000000041F0000-0x00000000041F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-10-0x00000000041A0000-0x00000000041A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-11-0x00000000040E0000-0x00000000040E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-1-0x0000000004070000-0x0000000004071000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-12-0x0000000004150000-0x0000000004151000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-0-0x0000000000400000-0x0000000000552000-memory.dmp

          Filesize

          1.3MB

          Download

        • memory/2124-14-0x0000000004080000-0x0000000004081000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-15-0x0000000004310000-0x0000000004312000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2124-16-0x0000000004160000-0x0000000004161000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-17-0x0000000004180000-0x0000000004181000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-18-0x00000000003E0000-0x00000000003E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-19-0x0000000004200000-0x0000000004201000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-20-0x00000000040F0000-0x00000000040F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-21-0x0000000004170000-0x0000000004171000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-22-0x00000000040C0000-0x00000000040C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-23-0x00000000041C0000-0x00000000041C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-24-0x0000000004120000-0x0000000004121000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-25-0x00000000041B0000-0x00000000041B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2124-26-0x0000000004210000-0x0000000004211000-memory.dmp

          Filesize

          4KB

          Download