Malware Analysis Report

2024-10-16 07:00

Sample ID 240609-fsmafsea5w
Target modest-menu_v1.0.0_[kiddionsmodmenu.com]_.zip_pw_infected.zip
SHA256 1ee4756c87be85864523eb712e35a6c50d8f35915d0d9971d948bc57fbbbd60a
Tags
themida
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1ee4756c87be85864523eb712e35a6c50d8f35915d0d9971d948bc57fbbbd60a

Threat Level: Shows suspicious behavior

The file modest-menu_v1.0.0_[kiddionsmodmenu.com]_.zip_pw_infected.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

themida

Themida packer

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-09 05:09

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 05:08

Reported

2024-06-09 05:13

Platform

win10v2004-20240426-en

Max time kernel

33s

Max time network

35s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\modest-menu_v1.0.0_[kiddionsmodmenu.com]_.zip_pw_infected.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\modest-menu_v1.0.0_[kiddionsmodmenu.com]_.zip_pw_infected.zip

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp

Files

N/A