Analysis Overview
SHA256
ed7200e808104a7f627f45492c43e8a51135278ed5e0a2a60e6fd88ba0cd3356
Threat Level: Shows suspicious behavior
The file 1.7z was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Themida packer
Unsigned PE
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-15 15:10
Signatures
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 15:10
Reported
2024-06-15 15:10
Platform
win11-20240611-en
Max time kernel
14s
Command Line
Signatures
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eac bypass.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eac bypass.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\eac bypass.exe
"C:\Users\Admin\AppData\Local\Temp\eac bypass.exe"
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
Network
Files
memory/4240-0-0x0000000140017000-0x00000001401CE000-memory.dmp
memory/4240-1-0x00007FF9836F0000-0x00007FF9836F2000-memory.dmp
memory/4240-2-0x0000000140000000-0x00000001404BD000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 15:10
Reported
2024-06-15 15:10
Platform
win11-20240611-en
Max time kernel
7s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\software.dll,#1