Malware Analysis Report

2024-10-10 07:51

Sample ID 240615-sj2d8svdpe
Target 1.7z
SHA256 ed7200e808104a7f627f45492c43e8a51135278ed5e0a2a60e6fd88ba0cd3356
Tags
themida spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ed7200e808104a7f627f45492c43e8a51135278ed5e0a2a60e6fd88ba0cd3356

Threat Level: Shows suspicious behavior

The file 1.7z was found to be: Shows suspicious behavior.

Malicious Activity Summary

themida spyware stealer

Reads user/profile data of web browsers

Themida packer

Unsigned PE

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-15 15:10

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 15:10

Reported

2024-06-15 15:10

Platform

win11-20240611-en

Max time kernel

14s

Command Line

"C:\Users\Admin\AppData\Local\Temp\eac bypass.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\eac bypass.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\eac bypass.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\eac bypass.exe

"C:\Users\Admin\AppData\Local\Temp\eac bypass.exe"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

N/A

Files

memory/4240-0-0x0000000140017000-0x00000001401CE000-memory.dmp

memory/4240-1-0x00007FF9836F0000-0x00007FF9836F2000-memory.dmp

memory/4240-2-0x0000000140000000-0x00000001404BD000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 15:10

Reported

2024-06-15 15:10

Platform

win11-20240611-en

Max time kernel

7s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\software.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\software.dll,#1

Network

N/A

Files

N/A