Malware Analysis Report

2024-10-16 06:46

Sample ID 240615-1l159avhrb
Target cd57e4c171d6e8f5ea8b8f824a6a7316.dll
SHA256 2099337afdfc49b325763e2e741253aac15c195e0010039a625459e8ea1ac526
Tags
themida
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

2099337afdfc49b325763e2e741253aac15c195e0010039a625459e8ea1ac526

Threat Level: Shows suspicious behavior

The file cd57e4c171d6e8f5ea8b8f824a6a7316.dll was found to be: Shows suspicious behavior.

Malicious Activity Summary

themida

Themida packer

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 21:45

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 21:45

Reported

2024-06-15 21:45

Platform

win10v2004-20240508-en

Max time kernel

2s

Max time network

3s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd57e4c171d6e8f5ea8b8f824a6a7316.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\cd57e4c171d6e8f5ea8b8f824a6a7316.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/2176-0-0x0000000180000000-0x0000000180AC0000-memory.dmp