13b3d796bd35d3077a23f67d202276b9a7524cd7e306cf046ccd580d21b266e4 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

v1.01.2.zip

windows11-21h2-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

v1.01.2.zip
Size

64.3MB
Sample

240903-mn3j7svhre
MD5

e08cff2ff2d17b135c8e043b220f058d
SHA1

aad67bb0a845650fb648ae0224ecc5ee70968a1d
SHA256

13b3d796bd35d3077a23f67d202276b9a7524cd7e306cf046ccd580d21b266e4
SHA512

a4e4dbf71e74d1cd03fd50627911f58bfe95b6964f898a7807b7873378175bb0020e266c8f201317af185733256929b95bce5e8dc71fb293ea4acd285f36e7ae
SSDEEP

1572864:KoXjwG9Vb2ktQ0Y7VbgjZK8CJml7d9gFYTn2vMLa5:KAjwGf5QD7V8jAVJml7g35

Score

9^/10

defense_evasion discovery evasion themida

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

v1.01.2.zip

Resource

win11-20240802-en

defense_evasion discovery evasion themida

windows11-21h2-x64

27 signatures

150 seconds

Malware Config

Targets

- Target
  
  v1.01.2.zip
- Size
  
  64.3MB
- MD5
  
  e08cff2ff2d17b135c8e043b220f058d
- SHA1
  
  aad67bb0a845650fb648ae0224ecc5ee70968a1d
- SHA256
  
  13b3d796bd35d3077a23f67d202276b9a7524cd7e306cf046ccd580d21b266e4
- SHA512
  
  a4e4dbf71e74d1cd03fd50627911f58bfe95b6964f898a7807b7873378175bb0020e266c8f201317af185733256929b95bce5e8dc71fb293ea4acd285f36e7ae
- SSDEEP
  
  1572864:KoXjwG9Vb2ktQ0Y7VbgjZK8CJml7d9gFYTn2vMLa5:KAjwGf5QD7V8jAVJml7g35
Score

9^/10

defense_evasion discovery evasion themida
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionthemida

© 2018-2025

Terms | Privacy