Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-06-2024 17:56

General

  • Target

    Loader.exe

  • Size

    25.7MB

  • MD5

    be83d304a33f55c1155bc6358e22ed47

  • SHA1

    557f4cf3f604ed8120d42b04e1be1aeff05890de

  • SHA256

    53fd9b4d813c0d5a16a603a360324264df4dd60323aaf7ef068ef3e89fb461ce

  • SHA512

    b1113e41942f70517ab47059608c2acc7a54faf06945b822311549e009edcea5bc78f159ebdf3b4026f03d68b34efb7b2820ea36bc1b877d6afeb0f1b23fded8

  • SSDEEP

    786432:cC9veAdCeM8Di3eaIB14+apjM2fkMANV35Coy/1yr36ZF:H9vvvM8u3eZ1C9M2fkJd5tytF

Score
7/10

Malware Config

Signatures

  • Themida packer 4 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4784-0-0x00000001401F1000-0x0000000141B15000-memory.dmp

    Filesize

    25.1MB

  • memory/4784-2-0x00007FFEF8E00000-0x00007FFEF8E02000-memory.dmp

    Filesize

    8KB

  • memory/4784-1-0x00007FFEF8DF0000-0x00007FFEF8DF2000-memory.dmp

    Filesize

    8KB

  • memory/4784-5-0x0000000140000000-0x00000001434C0000-memory.dmp

    Filesize

    52.8MB

  • memory/4784-3-0x0000000140000000-0x00000001434C0000-memory.dmp

    Filesize

    52.8MB

  • memory/4784-11-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-9-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-12-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-18-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-21-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-32-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-37-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-46-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-66-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-65-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-110-0x0000000140000000-0x00000001434C0000-memory.dmp

    Filesize

    52.8MB

  • memory/4784-111-0x00000001401F1000-0x0000000141B15000-memory.dmp

    Filesize

    25.1MB

  • memory/4784-112-0x0000000140000000-0x00000001434C0000-memory.dmp

    Filesize

    52.8MB

  • memory/4784-63-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-61-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-60-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-59-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-58-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-57-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-55-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-53-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-52-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-51-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-50-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-49-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-45-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-43-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-42-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-64-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-62-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-56-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-54-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-41-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-48-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-47-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-44-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-39-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-38-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-36-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-35-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-34-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-40-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-33-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-31-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-30-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-29-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-27-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-26-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-22-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-20-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-19-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-28-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-25-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-24-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-23-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-17-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-16-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-10-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-15-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-14-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB

  • memory/4784-13-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

    Filesize

    2.0MB