Overview

overview

9

Static

static

7

3c25d45a33...59.exe

windows7-x64

9

3c25d45a33...59.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    143s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2025, 10:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559.exe

  • Size

    5.2MB

  • MD5

    228c840e73206cf6e00666c83bc0dda1

  • SHA1

    d2738e67e98c07e9ae43015364f74f0f68f40316

  • SHA256

    3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559

  • SHA512

    280f4849abd2a1d2348a05d9d2131d576a668b7d63638cabab69d26783a54a29b4937e3e9d76e40c6720e383737f969fb1cae71107766b1f7913535e121bbae1

  • SSDEEP

    98304:WF4C6Z+1AWh44x0fIsRy+9SGX3XYuZIEmFWLIAUchvIDHeU7kTTpLz:w641e4xkK+9hnXNnjAiU7STpLz

Score
9/10
defense_evasiondiscoverythemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    defense_evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559.exe
    "C:\Users\Admin\AppData\Local\Temp\3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://pc.weixin.qq.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C1B8D87CA29E93F2FEEB2834BE22FBB2
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    79a82d03f17049e5cdb14625193fb0c9

    SHA1

    50ea216ba1bd9857624b96b08a67bf76cef82c53

    SHA256

    5fcc651f6b86dc653ac474940074f757c839bda4321f1d3d66fcaf299b7e6382

    SHA512

    d4dd3eba4c47176a1cc096cc4a64cc247084ebc557562ec40ca79c620c10b43d05470c1999eb0600754d4dee677d94c6df68cbdf77d1dcb5ec4297eb388c97f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    23411c539b461b0635e822923ea326e7

    SHA1

    c00840f5f989ea2b49d5d3a8cc4e29326e8bc3d7

    SHA256

    005a0e411204357a4adb816587de7d8573b2596f54a674c6bfb9b86d66a9750a

    SHA512

    9ae43a89a4a704ae5abad6844fbc4e623ef2a723a5b636a4f11ce4e1a4886f8d195bef047c1194b71bb5e6c022aca972e9edf5af0dde4d5fb9c136b3a9a6e264

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    20baeb6b5ff8c5c70835a7d4502450f3

    SHA1

    e3370e54e87042c2a7598c5e2f12df247b922a65

    SHA256

    2c4ee691bd31c3f64d3d734bebef48f5d93b6b38e5f2efc9a060b43d5cfc9718

    SHA512

    c3d2f43c0a3f48af35af0591159ee44a7f87a01167fc2975169148339a57151cd146b14ef59c630e98dddcf3c10c1885f5fb90c201ec285344effaf99fb997fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    24b4de82b522a04c72a3959520283595

    SHA1

    cbde88d914b0f2c426c3332acfdd20984f20f7e6

    SHA256

    b53753d837828abb7e910e34bf700e09844ec7e1887d3a9b48128948c0897aff

    SHA512

    01fd542f4b363f98217f9e4f063233a281be55703a3ecaa4a27566554436955c33e0ab9f1290dc92c5f9e0b9e55f6ced362e995a4d15a80d39c21e458178d28b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    68d033e6d33f0fc9aa478d17cdd4e5fa

    SHA1

    16238274eb212ef9f0a4c79312840fb0c960bcfd

    SHA256

    b65c47e7a5ed6adeacb861c2ddba2b8371f3d22f80ad5b784bfd847c95154c52

    SHA512

    fb73966dce8a36c540e28ea1b07aee78629edf962f7a33f273accd5c53fdf5f4ff96f726a6ef46f12ee78eca1e78f0b8e2e446c0982d9ca21a073849212e2d41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be79f51ecfc8b2df0d7263e165dbe4f2

    SHA1

    3fe9757360baf8c3865bf947bd3d220e5a7f9d08

    SHA256

    a7ce1651683fa63e94cdaa53515357942b0370ae9fef04839f880c3194c31fc6

    SHA512

    dd502dc48987c4af530e4cfed4ccabbb4b36cd18e8ccf3c7b74fdd32e526524b8e7370abff64229bd7340b9e567f09754087267ededc672e89e11cbebb6b0ae0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    542064d5b69e603d2fb8f8ecd03553eb

    SHA1

    d712e55d062328c5349874b84b841017ef0366ed

    SHA256

    c7b2705f72c7bb3d751fc6e92e157143b0fe76a3627f4365f15b2242a88ef285

    SHA512

    3e545a1277b0800301371bd4cc70b8e9e213943b8c8f3f0f100cc5967a76c32673bd98b7582c741ef4f54dee0a77549e965923c405406a4b2a321e0ffe42d853

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    363ba85c1e3e815ec47b88128cfca27c

    SHA1

    6adf6572aa457485c6eeac5af9b0b2023def5bd8

    SHA256

    79e963684d1c0ce713d45b41327ecfb87c040dfe574f4fee1b75cc7691c2402d

    SHA512

    1f7e204b91a708cb0d6439f3254dab9d88d54dac52a4ae345817836a27979007fd67eb4a0a879682c1bfc4bfcaa00a36d968fb081432f7becf5440762f5f7c8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1d585176cf1b98e92e970b96abb0e9ff

    SHA1

    ddbd3600a94a856dc6853fc2fc1109af63d506dd

    SHA256

    3ceb7cc851f3b6e1b4f7effbb85c03559a75662f1c710f16a63d2e79ab1fc28d

    SHA512

    72f3c592322ece9cc419e3eb05e803c5fbc54a84e2b74731c0727a26acbd94c3f95440c09e708f0e7f59258c49f4c79f809d9a384e76fc548e8f9fa34563717e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5a3c055cfeb9e1922b06adf5f3020052

    SHA1

    4b0087d1e59a2dc2f3359e79d786951824a94a6a

    SHA256

    e1d8e70830c46fae864cfbd4ea6d16a52dbba0f134947567eaa1effac0838fcf

    SHA512

    e100e3209ebcabca588fcbf51187aabec63c05a2660f3314c54f3861420eb362193499ce61d9b01bc0faff1853b499a73a41af22b690960d4c61455b77432ba7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3582ad0540a4f89f0668674e0785d328

    SHA1

    cc331e5595887f95ee95eba9f9d3771d1b0b234b

    SHA256

    a3cb5cee41c311093eb4ff5b5ec5699e184f0ed27a2db4865ca0c75761567cba

    SHA512

    7436187de13999e2f18e3dfeac08bf47852c0215464a4caca704d4c0ec4d70750bd223af3eee23ff978ad92cdf130dc9aed72197d632b2c322e84bbb60457a51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    78da56abc09b1bd4c05dfe999a434ec2

    SHA1

    028f90503930da85efa23f49a9005f5c1625d6db

    SHA256

    2d90593f96ae61876103aaa8ed479f77ac6f032239b395b091825992976ef223

    SHA512

    a1e166fdb761454aa897285602dc010497b8e7fdd487a7ea826910b18af0d612ea277d651f1ab557f01fffe4bf26b3365fe50f8aa8492a39bf6062399af53c2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3dd002ccf8b74189102fdb4ed9e1977

    SHA1

    c367d3ab1dd5c77aa1bb1a7e81347126202ba478

    SHA256

    dd859ddf625c4593588ebc871c8d40d98f4aca359d92c4658da1a592eb8abba9

    SHA512

    de3aba6b5b4fd00ca631c189c29c5460c88d980b7eb961877662567b57cdd3aed183359d057f52751f34bfefc63096638f16559dcd77db3a0a80c2871672c5fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c598bd9820fa83a5070d54f7f6769fc

    SHA1

    a64b08a9c46b962190091322b1d09ad5f462c775

    SHA256

    05469c4cc750649dcc79d2e16fb35c40b83faf99d62e5fa5c14ab7d840ebe476

    SHA512

    0a5408ee23866401c0c148f8f4e6b8e2ac8c7ec05f1262513714522997deb5f047af89a27fd43966dcde477a569b5c26ceb3e8d8f3956aac8568a2da522c4dba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a8838f109d39530d218dc508025bae9b

    SHA1

    36e4fef065f89e39364afd96e54e70d9d65d658c

    SHA256

    4e3e9d3846af71d8cbe147fcbde9f3776e1119f486e8d7256d764655ddacf905

    SHA512

    ffb755a0404644d149a232bed3eb2aba964acb98258e4a654ef09a526bd2d609698cccb7bb95dbdb7577e3901cd35e43b8dc5fa416a06ba9cbd74b24c4cfb2a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d9c0280d1c566cfca8ed7b74e48ac461

    SHA1

    245ef5c7b2aae682f8affcdc79dac90403f3cef4

    SHA256

    4a0960083f6569dc5818da1ceb14875798e3ecbad3c6f73a6df4036ce01974cb

    SHA512

    0a695dff437229b883c518e011ffc7f4ba1d189ea3ebd7213e38633de881509473f13486ace0fcd8bbdd96e339e6eb460da553bf0553543c8f64934ffabe5419

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fc46cc00fcebf9d45987686842cf5d65

    SHA1

    7809b9f5c47fc13090e2be0cf5279e2b2b7f398f

    SHA256

    961dcb7461f365f779ad0f3d76b2fb1cb4b4da9d6c6fbb60372c4d05be99b7f9

    SHA512

    f84127671c5c7fc2b45f0bdc9ace79b4f5f2879f83c90eccadfef93be03a60f5d6c889107ae333ff51e24d0c1566b299e8fdafed748c98001fd4bb7867c68feb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c593bdc553566b883481a5bd25f0ddc

    SHA1

    0447d3ad7d2013b2f781ed6ed7ffd66423b9974a

    SHA256

    3e492149275b5180e0ef8d1273a386ea0dbb3bf4af6a144e42aae63989b9494e

    SHA512

    e3f8ebf9f0fb2ac56c194897ced86c09cc77c33dd91a41e6f5d4d9dc6f308b1bd1b79d240373a4b4157e7c8a7fe1653bfea54381a8f0167066669ae98dde45ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a08c761fd6b61a508ea3dccb4a82323a

    SHA1

    0e9dfa805f6b16f2a513bea543c63174e304f4c2

    SHA256

    e89a26cc25fc266be36a9cf56c2860d53190f180c10d8932273675eb956a2333

    SHA512

    aa53a23283e664a708be032a93a00365810b79b4eec7fc1604be4a1fded917dc112f06001a1079992a3a40d2ce8132c74de405435e023b20eb23e2558b5bd06e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9b1849444fd0aa3158a3153a4f8b2761

    SHA1

    85013c50a25eb68355b5f6274f800ea41226d525

    SHA256

    236ccda05704c18b42204284abf76aebebc8fd79624bbd971c4ac4a8dd0dca65

    SHA512

    dc3238af8f923bead9a504315c335970e8c497770cb7ff23995cacba8d89e0f0d3bf84f4b501080e2e84ec442d0c85ee9a92ea66b4edaf521c9572ac2c5cf124

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ee532ceabf425713a58fc41f54047307

    SHA1

    76201f4c203df261ada3c87d4451e9a3d1189c1f

    SHA256

    995b4d71c5682adfe8b6a598aaa50b571d67da7261162d45d9549e7166583d43

    SHA512

    0e38520871b7da630c9bf76df69b2c851f80af17c953d1546479862a5eebe0c1b4dfb353ac512ac74ba792cb609a7ba17b84386db0bb1ef35bdb792ef894d7b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3574f08a7f270246fdc3bdc89dc8ccde

    SHA1

    4b0e51ac545dfbaf1766b2f2ba0f5981edbc610e

    SHA256

    2c5b964926bc42fd70ba9a2ba995503968ca969ba0e9db8a4397c4158966bf12

    SHA512

    3657dd65dd9799a5880b22b0c6c6fd09c86738f70f6ced13a8c9f147280971a224e21c80800f8d270080caf1045a818e3ab7b181658d78dbbccebe1b5e73e7c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C1B8D87CA29E93F2FEEB2834BE22FBB2
    Filesize

    250B

    MD5

    f4086d1e9aec952cba23d13fbff8a209

    SHA1

    72c7d281ff3392a6c9a8e09fea554937ad6e8fb8

    SHA256

    86e5d72ab017e3a9d1308eb6ae095e684228501d71b61d23cd4cb944b9fa54d4

    SHA512

    e303db80cbffd53284f063f746d75ecf3f9967ecd984ad3f9f56031a92ff563c4e66123c25a56cd04634561020175f5d93246b583c93dcec2cad090eab428923

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1E13.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • memory/2324-1-0x0000000077400000-0x0000000077402000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2324-12-0x000000013FE80000-0x0000000140B8E000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2324-10-0x000000013FE80000-0x0000000140B8E000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2324-0-0x000000013FE80000-0x0000000140B8E000-memory.dmp

    Filesize

    13.1MB

    Download