Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2024 21:00

General

  • Target

    wjtfxgq+9/ToyDefense.exe

  • Size

    123KB

  • MD5

    a546b4c7af02f0c4874e811f75f14f26

  • SHA1

    eccf45a601def958920e005a2786e98cfbba88e6

  • SHA256

    ce3df12d2208c6f4f2a759b149f212f0b5fb82e32dae90c2f86811e48c59feea

  • SHA512

    31dda827fdb2516131f30d680bf2fff1100ee5cfae0e6ae297ada15e9ea415608a10a18eb7cddaaf4055405c27f3d2095d531e7656badab5f377568279165a28

  • SSDEEP

    3072:et4tf/vSmzVsnEyI+Z8YtcJ5bL+FrtlzXeixfyLAnZ:eq7KEpCt7zDxfbZ

Score
7/10

Malware Config

Signatures

  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\wjtfxgq+9\ToyDefense.exe
    "C:\Users\Admin\AppData\Local\Temp\wjtfxgq+9\ToyDefense.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2520-0-0x0000000000400000-0x000000000043FEAF-memory.dmp

    Filesize

    255KB

  • memory/2520-1-0x0000000000401000-0x000000000041E000-memory.dmp

    Filesize

    116KB

  • memory/2520-2-0x0000000000400000-0x000000000043FEAF-memory.dmp

    Filesize

    255KB

  • memory/2520-3-0x0000000000400000-0x000000000043FEAF-memory.dmp

    Filesize

    255KB

  • memory/2520-4-0x0000000000400000-0x000000000043FEAF-memory.dmp

    Filesize

    255KB

  • memory/2520-5-0x0000000000401000-0x000000000041E000-memory.dmp

    Filesize

    116KB