Overview

overview

7

Static

static

7

RVVNfAFuoPUg.exe

windows10-2004-x64

7

Resubmissions

20/07/2024, 17:01

240720-vjk4cswbkp 7

20/07/2024, 16:55

240720-ve8nvstgkb 7

20/07/2024, 16:53

240720-vedtgswamn 7

Analysis

  • max time kernel
    113s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/07/2024, 16:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RVVNfAFuoPUg.exe

  • Size

    20.5MB

  • MD5

    e5bb4ca071b4a7f32467d4260fef5610

  • SHA1

    7e950adae620544f07a3b455546e498a6ac2c4d0

  • SHA256

    f9cb65c4d208ba89805850d0ea1e2d9853236ac21ad1f93a4f263f377ddd614c

  • SHA512

    065cd30ca5bd18bc9d7be0c3700f1f6282b2525f59d741e3a0476d0572b4b0c90f077ecedc0aea4df7eded285948a9ebc54b8192fc2260862b9999c564ab7ca2

  • SSDEEP

    393216:HNZI9KZ5ikvL+rWGtlqSfBI5xX4LH4pYZv7ugs7G2pWCL6o+DhUOvNR:U9KZ4kvqrh/hfBI5xXoH4KZviTGDaOvf

Score
7/10
themida

Malware Config

Signatures

  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 30 IoCs
  • Suspicious use of SendNotifyMessage 30 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RVVNfAFuoPUg.exe
    "C:\Users\Admin\AppData\Local\Temp\RVVNfAFuoPUg.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:4960
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2348
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4708
    • C:\Users\Admin\AppData\Local\Temp\RVVNfAFuoPUg.exe
      "C:\Users\Admin\AppData\Local\Temp\RVVNfAFuoPUg.exe"
      1⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1952
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k SDRSVC
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1248

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1952-55-0x0000000140000000-0x000000014296B000-memory.dmp

      Filesize

      41.4MB

      Download

    • memory/2348-25-0x000001F727810000-0x000001F727811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2348-31-0x000001F727810000-0x000001F727811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2348-32-0x000001F727810000-0x000001F727811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2348-33-0x000001F727810000-0x000001F727811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2348-34-0x000001F727810000-0x000001F727811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2348-35-0x000001F727810000-0x000001F727811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2348-36-0x000001F727810000-0x000001F727811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2348-37-0x000001F727810000-0x000001F727811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2348-27-0x000001F727810000-0x000001F727811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2348-26-0x000001F727810000-0x000001F727811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4960-7-0x00007FFDF5CF0000-0x00007FFDF5CF2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-9-0x00007FFDF5D10000-0x00007FFDF5D12000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-13-0x00007FFDF5D50000-0x00007FFDF5D52000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-14-0x00007FFDF5D60000-0x00007FFDF5D62000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-16-0x00007FFDF5D80000-0x00007FFDF5D82000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-15-0x00007FFDF5D70000-0x00007FFDF5D72000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-17-0x00007FFDF5D90000-0x00007FFDF5D92000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-21-0x0000000140000000-0x000000014296B000-memory.dmp

      Filesize

      41.4MB

      Download

    • memory/4960-23-0x0000000140DB1000-0x00000001414F2000-memory.dmp

      Filesize

      7.3MB

      Download

    • memory/4960-24-0x0000000140000000-0x000000014296B000-memory.dmp

      Filesize

      41.4MB

      Download

    • memory/4960-12-0x00007FFDF5D40000-0x00007FFDF5D42000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-11-0x00007FFDF5D30000-0x00007FFDF5D32000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-10-0x00007FFDF5D20000-0x00007FFDF5D22000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-0-0x0000000140DB1000-0x00000001414F2000-memory.dmp

      Filesize

      7.3MB

      Download

    • memory/4960-8-0x00007FFDF5D00000-0x00007FFDF5D02000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-3-0x00007FFDF5CB0000-0x00007FFDF5CB2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-4-0x00007FFDF5CC0000-0x00007FFDF5CC2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-5-0x00007FFDF5CD0000-0x00007FFDF5CD2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-6-0x00007FFDF5CE0000-0x00007FFDF5CE2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-2-0x00007FFDF5CA0000-0x00007FFDF5CA2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4960-1-0x00007FFDF5C90000-0x00007FFDF5C92000-memory.dmp

      Filesize

      8KB

      Download