e8bc99409ca504f4292f62395df0a28cffb4fe1768b5f2cfe50f8ed1e996f0d4

Analysis

max time kernel
19s
max time network
12s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/08/2024, 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rQuPlMBadLDa.exe
Size

17.0MB
MD5

4f65fbcb1bd6e3a5ee4fba9d17ac993e
SHA1

7c9eb87236238592dc75672ee8e9cddc7fcaf299
SHA256

e8bc99409ca504f4292f62395df0a28cffb4fe1768b5f2cfe50f8ed1e996f0d4
SHA512

7c455ea1deb3a6c3404527a8fd93566c14e6c2c521ba944a654d385886c2ae6e15460b066187e10da9ea42013f216b1deae9e34d526c60cfce1ca53c3de91461
SSDEEP

393216:v4Tr/lg+4jMC83Oxi8QYp29pazxeUaCkTN2FQcEO2nRL:v4TxaICZxiK290zxxeMFNE

Score

7^/10

themida

Malware Config

Signatures

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/4996-22-0x0000000140000000-0x000000014227D000-memory.dmp	themida
behavioral1/memory/4996-24-0x0000000140000000-0x000000014227D000-memory.dmp	themida

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4996	rQuPlMBadLDa.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4996	rQuPlMBadLDa.exe
4996	rQuPlMBadLDa.exe
4996	rQuPlMBadLDa.exe
4996	rQuPlMBadLDa.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4996	rQuPlMBadLDa.exe

C:\Users\Admin\AppData\Local\Temp\rQuPlMBadLDa.exe
"C:\Users\Admin\AppData\Local\Temp\rQuPlMBadLDa.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:4996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4996-0-0x0000000140ADD000-0x0000000141179000-memory.dmp

Filesize
6.6MB

Download
memory/4996-2-0x00007FFC29060000-0x00007FFC29062000-memory.dmp

Filesize
8KB

Download
memory/4996-1-0x00007FFC29050000-0x00007FFC29052000-memory.dmp

Filesize
8KB

Download
memory/4996-3-0x00007FFC29070000-0x00007FFC29072000-memory.dmp

Filesize
8KB

Download
memory/4996-4-0x00007FFC29080000-0x00007FFC29082000-memory.dmp

Filesize
8KB

Download
memory/4996-5-0x00007FFC29090000-0x00007FFC29092000-memory.dmp

Filesize
8KB

Download
memory/4996-6-0x00007FFC290A0000-0x00007FFC290A2000-memory.dmp

Filesize
8KB

Download
memory/4996-8-0x00007FFC290C0000-0x00007FFC290C2000-memory.dmp

Filesize
8KB

Download
memory/4996-7-0x00007FFC290B0000-0x00007FFC290B2000-memory.dmp

Filesize
8KB

Download
memory/4996-9-0x00007FFC290D0000-0x00007FFC290D2000-memory.dmp

Filesize
8KB

Download
memory/4996-10-0x00007FFC290E0000-0x00007FFC290E2000-memory.dmp

Filesize
8KB

Download
memory/4996-12-0x00007FFC29100000-0x00007FFC29102000-memory.dmp

Filesize
8KB

Download
memory/4996-11-0x00007FFC290F0000-0x00007FFC290F2000-memory.dmp

Filesize
8KB

Download
memory/4996-13-0x00007FFC29110000-0x00007FFC29112000-memory.dmp

Filesize
8KB

Download
memory/4996-14-0x00007FFC29120000-0x00007FFC29122000-memory.dmp

Filesize
8KB

Download
memory/4996-16-0x00007FFC29140000-0x00007FFC29142000-memory.dmp

Filesize
8KB

Download
memory/4996-15-0x00007FFC29130000-0x00007FFC29132000-memory.dmp

Filesize
8KB

Download
memory/4996-17-0x00007FFC29150000-0x00007FFC29152000-memory.dmp

Filesize
8KB

Download
memory/4996-22-0x0000000140000000-0x000000014227D000-memory.dmp

Filesize
34.5MB

Download
memory/4996-23-0x0000000140ADD000-0x0000000141179000-memory.dmp

Filesize
6.6MB

Download
memory/4996-24-0x0000000140000000-0x000000014227D000-memory.dmp

Filesize
34.5MB

Download