Malware Analysis Report

2024-10-16 06:47

Sample ID 240615-2e9pgsxcjf
Target TOOL_HUB_3.0 (1).exe
SHA256 93bb39c2e489b2f8b8ca6622782da32fb909b78c59668f7960d620ddbb3afd78
Tags
themida
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

93bb39c2e489b2f8b8ca6622782da32fb909b78c59668f7960d620ddbb3afd78

Threat Level: Shows suspicious behavior

The file TOOL_HUB_3.0 (1).exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

themida

Themida packer

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 22:30

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 22:30

Reported

2024-06-15 22:35

Platform

win10-20240404-en

Max time kernel

195s

Max time network

261s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TOOL_HUB_3.0 (1).exe"

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\TOOL_HUB_3.0 (1).exe

"C:\Users\Admin\AppData\Local\Temp\TOOL_HUB_3.0 (1).exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

memory/3380-0-0x0000000140000000-0x0000000141923000-memory.dmp

memory/3380-1-0x0000000140000000-0x0000000141923000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 22:30

Reported

2024-06-15 22:33

Platform

win10-20240404-en

Max time kernel

134s

Max time network

136s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TOOL_HUB_3.0 (1).exe"

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\TOOL_HUB_3.0 (1).exe

"C:\Users\Admin\AppData\Local\Temp\TOOL_HUB_3.0 (1).exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp

Files

memory/4760-0-0x0000000140000000-0x0000000141923000-memory.dmp

memory/4760-1-0x0000000140000000-0x0000000141923000-memory.dmp