Analysis Overview
SHA256
53fd9b4d813c0d5a16a603a360324264df4dd60323aaf7ef068ef3e89fb461ce
Threat Level: Shows suspicious behavior
The file Loader.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Themida packer
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-09 17:56
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 17:56
Reported
2024-06-09 17:58
Platform
win7-20240221-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
Network
Files
memory/2752-0-0x0000000140000000-0x00000001434C0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-09 17:56
Reported
2024-06-09 17:58
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Loader.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/4784-0-0x00000001401F1000-0x0000000141B15000-memory.dmp
memory/4784-2-0x00007FFEF8E00000-0x00007FFEF8E02000-memory.dmp
memory/4784-1-0x00007FFEF8DF0000-0x00007FFEF8DF2000-memory.dmp
memory/4784-5-0x0000000140000000-0x00000001434C0000-memory.dmp
memory/4784-3-0x0000000140000000-0x00000001434C0000-memory.dmp
memory/4784-11-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-9-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-12-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-18-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-21-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-32-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-37-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-46-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-66-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-65-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-110-0x0000000140000000-0x00000001434C0000-memory.dmp
memory/4784-111-0x00000001401F1000-0x0000000141B15000-memory.dmp
memory/4784-112-0x0000000140000000-0x00000001434C0000-memory.dmp
memory/4784-63-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-61-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-60-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-59-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-58-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-57-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-55-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-53-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-52-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-51-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-50-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-49-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-45-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-43-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-42-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-64-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-62-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-56-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-54-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-41-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-48-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-47-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-44-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-39-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-38-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-36-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-35-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-34-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-40-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-33-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-31-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-30-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-29-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-27-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-26-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-22-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-20-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-19-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-28-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-25-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-24-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-23-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-17-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-16-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-10-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-15-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-14-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp
memory/4784-13-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp