f00e89ba893106ebaeb817dddcc20008cee78fed98615d03f6ef27bb0d9c52a2 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

4b43c14131...0N.exe

windows7-x64

7

4b43c14131...0N.exe

windows10-2004-x64

7

Sharing

General

Target

4b43c1413185ab650e6791a3d4f27fa0N.exe
Size

2.6MB
Sample

240726-yjdk3atfqa
MD5

4b43c1413185ab650e6791a3d4f27fa0
SHA1

6e7056615ab989ff6b188265b36a9d8deb0c6242
SHA256

f00e89ba893106ebaeb817dddcc20008cee78fed98615d03f6ef27bb0d9c52a2
SHA512

4668006cfe1bde3fdd5d684f622e3267845fd3220bb51598dffc54cf975a8928799273aafb10d324a5b1cc86c7bab4670babef87b0e6144e252b0171e9a624a8
SSDEEP

49152:vDGNWk7K9LH6zXVVABeFEsPcEzs2U0vmqO8aU5JNnw:qskO5azlVAMF5GrGNw

Score

7^/10

discovery evasion themida

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4b43c1413185ab650e6791a3d4f27fa0N.exe

Resource

win7-20240705-en

discovery evasion themida

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

4b43c1413185ab650e6791a3d4f27fa0N.exe

Resource

win10v2004-20240709-en

discovery evasion themida

windows10-2004-x64

3 signatures

120 seconds

Malware Config

Targets

- Target
  
  4b43c1413185ab650e6791a3d4f27fa0N.exe
- Size
  
  2.6MB
- MD5
  
  4b43c1413185ab650e6791a3d4f27fa0
- SHA1
  
  6e7056615ab989ff6b188265b36a9d8deb0c6242
- SHA256
  
  f00e89ba893106ebaeb817dddcc20008cee78fed98615d03f6ef27bb0d9c52a2
- SHA512
  
  4668006cfe1bde3fdd5d684f622e3267845fd3220bb51598dffc54cf975a8928799273aafb10d324a5b1cc86c7bab4670babef87b0e6144e252b0171e9a624a8
- SSDEEP
  
  49152:vDGNWk7K9LH6zXVVABeFEsPcEzs2U0vmqO8aU5JNnw:qskO5azlVAMF5GrGNw
Score

7^/10

discovery evasion themida
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionthemida

behavioral2

discoveryevasionthemida

© 2018-2024

Terms | Privacy