Malware Analysis Report

2024-10-16 07:01

Sample ID 240609-wh1cbsdh48
Target Loader.exe
SHA256 53fd9b4d813c0d5a16a603a360324264df4dd60323aaf7ef068ef3e89fb461ce
Tags
themida
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

53fd9b4d813c0d5a16a603a360324264df4dd60323aaf7ef068ef3e89fb461ce

Threat Level: Shows suspicious behavior

The file Loader.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

themida

Themida packer

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-09 17:56

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 17:56

Reported

2024-06-09 17:58

Platform

win7-20240221-en

Max time kernel

119s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Loader.exe"

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Loader.exe"

Network

N/A

Files

memory/2752-0-0x0000000140000000-0x00000001434C0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 17:56

Reported

2024-06-09 17:58

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Loader.exe"

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Loader.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Loader.exe

"C:\Users\Admin\AppData\Local\Temp\Loader.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/4784-0-0x00000001401F1000-0x0000000141B15000-memory.dmp

memory/4784-2-0x00007FFEF8E00000-0x00007FFEF8E02000-memory.dmp

memory/4784-1-0x00007FFEF8DF0000-0x00007FFEF8DF2000-memory.dmp

memory/4784-5-0x0000000140000000-0x00000001434C0000-memory.dmp

memory/4784-3-0x0000000140000000-0x00000001434C0000-memory.dmp

memory/4784-11-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-9-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-12-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-18-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-21-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-32-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-37-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-46-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-66-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-65-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-110-0x0000000140000000-0x00000001434C0000-memory.dmp

memory/4784-111-0x00000001401F1000-0x0000000141B15000-memory.dmp

memory/4784-112-0x0000000140000000-0x00000001434C0000-memory.dmp

memory/4784-63-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-61-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-60-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-59-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-58-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-57-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-55-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-53-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-52-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-51-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-50-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-49-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-45-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-43-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-42-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-64-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-62-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-56-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-54-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-41-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-48-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-47-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-44-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-39-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-38-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-36-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-35-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-34-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-40-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-33-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-31-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-30-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-29-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-27-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-26-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-22-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-20-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-19-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-28-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-25-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-24-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-23-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-17-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-16-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-10-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-15-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-14-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp

memory/4784-13-0x00007FFEF8BF0000-0x00007FFEF8DE5000-memory.dmp