Overview

overview

9

Static

static

7

3c25d45a33...59.exe

windows7-x64

9

3c25d45a33...59.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    142s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2025, 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559.exe

  • Size

    5.2MB

  • MD5

    228c840e73206cf6e00666c83bc0dda1

  • SHA1

    d2738e67e98c07e9ae43015364f74f0f68f40316

  • SHA256

    3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559

  • SHA512

    280f4849abd2a1d2348a05d9d2131d576a668b7d63638cabab69d26783a54a29b4937e3e9d76e40c6720e383737f969fb1cae71107766b1f7913535e121bbae1

  • SSDEEP

    98304:WF4C6Z+1AWh44x0fIsRy+9SGX3XYuZIEmFWLIAUchvIDHeU7kTTpLz:w641e4xkK+9hnXNnjAiU7STpLz

Score
9/10
defense_evasiondiscoverythemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    defense_evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559.exe
    "C:\Users\Admin\AppData\Local\Temp\3c25d45a330f1dadac0527f9ddbd526e830b1515bf6e9b7302dd228576185559.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://pc.weixin.qq.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2500
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C1B8D87CA29E93F2FEEB2834BE22FBB2
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9de897d35d2ff8157b37837db74c6578

    SHA1

    8e62860ecf2c4149dcaf313e3915a25c6e8b1613

    SHA256

    2b8ef3ae90e3a6b8c2111998e29d85b039e16026a213c2007a1dabc3e742f512

    SHA512

    1204852ace954ddcc16c5b03403132d760719184c76395d13acb4d0d29f64acc9c3897a7aae73773dcebc56758698020ac6d134eb4e9e028b67520e9f269c6bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e84eb653aa421f516c5289ed461f9fc

    SHA1

    6cfcf699f022406243b57095de32ad8d76062e51

    SHA256

    02065c7e9ee42e4b1ec669f746c996655902ea44390e86a0ad1101b86401e52a

    SHA512

    51b7461dda9ee4afd673f016f6fba0224034d974f1fd1c2b04f7c8f966418fbf9d7e9743925d9e67c063edeb3966f500c60c4f435a3e839f24a807406a98b84a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d0e75b497925d8cc6fdc33bed6dd32f9

    SHA1

    76eb3b0750194af943e93aeec459fb5f3d7c79eb

    SHA256

    d4602d02135796289172c893d3c1f7d7fdeee02ae7c65f283d92d2023e109778

    SHA512

    6ef54fe55a3f1f0451373373992ff4fc05a767b561e95fe2a51e6e99f95402c81f53ab718de388166acebd1b2307a0e9c000269af365edc32734afb7719e5097

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5807397aaad3ed6569491b66229753e4

    SHA1

    ad1ea877d5d0a7efcb670d0f048d8587fd6e0ca2

    SHA256

    17cd9b96bff3af8a30e1dcdb106ff0f1e7d0dcf1219ffb42899da1d7d75edc0d

    SHA512

    39ded637ca3c57202a6febac69df475d103af81352509cea71cdf82f21a134d5bcf6ea706504c2e7ccc2be91349ea572a534cc3029699727912381ef1e8ee6d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d2b07fa76e952ddfd16a7b16178939ca

    SHA1

    cf7dd2a851cf219f28c24deaaaf4136bc97ead01

    SHA256

    378e46bf0c1c28dda17e13abefb4799e04edf5cbee4ed045add3909cb87cfc08

    SHA512

    d4f5b26b4fd4724bf0786a64500c5354ef9f54c375f55fba01e5ebcfd054d3deb508090006e30c875275184855fcbec7c50d3302e3b158f9d29d39a41d302c21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e6e64c554a0a52515d46b4ee2f0981eb

    SHA1

    7a2ce18bd2127cb94acc35f0e6c273fc8b04c13e

    SHA256

    ce38f8fc96468e35cc494501b9fefbbbe20ebe25ef9eff50fcdce0210bcc2030

    SHA512

    3c1b0295b9a49023b69bfd06ff1096c4f3eb37f3427d9404508e438a89e01884a8634d3952afd44341a4f79c578ca6131a68cb23953e59ef069f57a22b54e199

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c1acf8b71e8400213616759817aeca9d

    SHA1

    843575c204eb53533363277bbd42b60e6a05e97e

    SHA256

    d69f805be5f8fdbae8a0a2357f814bd9ccfa5621414a9c695310ff85850b7244

    SHA512

    595c0b3dcfb3cba8fb5fffb10014ef67c121caef56b224ec0297be5a00656fd7a65b570b8b2785ef2033d6778c45da660712c8ec9020cd19376858effcb73fbb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad09a79d1c617aaa91547de84a69dba0

    SHA1

    e29c9f977bdf9f386accd064715f610a378c92f4

    SHA256

    eeb9e116951950be5fb002cade1dd7580627a82bca6bbd2cf4285ff5b5258cec

    SHA512

    d22ed13b1a7dbc79374e83d40c40430c0ff928885939c84d561a9d4cedd8b72dcc29a8dc60686790eac708011cf03db7e3bf5a8528063ef331385c0b38b1374c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c06cc2e96ec2cfd07e6c69d16329f09e

    SHA1

    810dc6e064edec6995a3c259c765eade83f68fe1

    SHA256

    11d2ab5e6edce01a1db51406210e3735cafbde8e39185b87bec19f76eb3df6e6

    SHA512

    b19abd14de3330546ec3d029d88c65fae5289524edb3f21f123ee0769f5bb6b3843dd8f5b3c3deee25185cda98d6454a2c04ec967f168dea8667e4b12ddb7371

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    346dcb75a1661ccd6272536c7805bef5

    SHA1

    476ef95b7a1fe41fe8597da8cd72c74261d42450

    SHA256

    60960a6629b8b05059d3d66db1c2093b16a7dbf948c29fb35d5026190608e54e

    SHA512

    893513d51c1c0fa7d08273c44c83072e7806f5dbe9ffecb30b668196dc6fc8488813a49026956741990c770358401d6d365ceacf3bb151e27dde6393c4a0a7c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e7a64c92707070222905f2d3176e1053

    SHA1

    87f76933cd2449950458e1acaa83df67f30bf795

    SHA256

    28a5c5ff2e241f37d6118ad951d6e41bc1819aaf3716adbd81128518097f930b

    SHA512

    345224c03d268a85d19242a6c2fc96dafceb15568596ee1e942e7bc424814a65cd352ea87563cf4fa405ecbf305d777af22574ea92a84c9e67c7d952b7d1471a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    466a4f1b46c8f4ec621b8b3af6241e28

    SHA1

    78f1f89017df2703fe47abe74d80e331cec843db

    SHA256

    52f4dc46fd5ccc9146030e1fbeffd58ba754d0e28043607c2ee1f0b7ec0ff996

    SHA512

    708e5368b8370d383f0915ade1fea4955444e5e86910ecdaaf312026fad050e807dc153045921e6737b985acae5d26c4557823b03399d1ba42b0985fd4a30fec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    10c3127550b7ffe4cfb56d013fa2cf96

    SHA1

    8f7cc1884899028938dd0972239c1ddbdeff7a75

    SHA256

    df3d132b3358ecc1f5e6ad297b80e65362a4df9e73700b70d77296add0a6109a

    SHA512

    9780c9a7015f6dd57d5457623e76c55f2c6d490cb44e699bf5b446989aa2c9b67c51e57eba8c08e2ed70cb9be669f0baa4a973246c461d453383f18eb00b0921

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a7b1a820c0bf895f499a93f8fe19a375

    SHA1

    8d0f177f4bec1c25f53d3c7d553d077289eb0df4

    SHA256

    31d5db2e615bafff1962fd4d5f844c0948b5ce58a24decd0a19e17a023264002

    SHA512

    a9ff36f9f33c2a434d3567a02aab5bb7adebd34bcf7206c9e9a651cdb56b2010175037b02728361b5559b4c467733028b85c7ee4c52e9f82a3f1b1bc22621a69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    521b45adbfe2927da34bf325f371a50a

    SHA1

    0390abb975ba7f598381f3bdc0aeb502d689d685

    SHA256

    05248951bb13646a5273c2f4bf2df1246032a71e622d1c3f0232069cc8a7690a

    SHA512

    c56626cb43e49abe1bc7afa777f141e25e19c1a5e29658fbbb1dba1eb1942150bb3f8a0436a4a56117dae19b327805d9c97b01f4499cc3132296254c4cd7fd43

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7826845afca672ebede11d65332e06e6

    SHA1

    6fc8ea0869b8c74399e9bef72f520c607131ce10

    SHA256

    3a2730fcfed0fe0bcb0c6d4d6dd2d5b00b8d51d5a29d61f2ef16c1ddc259ecca

    SHA512

    0aa1b6273aee10aec0385b675065f7071b3a8e119bef62d509b3b9f704384b885445b70a1ec644138c46a0db24059d5c9f2e9406502f118ab108c02950632cfa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    571bb54997fb89bb5e596acae8162012

    SHA1

    1aa249bab213107b10cc14c956204f697eff63a3

    SHA256

    eec7657f6eab760decf180ebdb96a3a82943cd5108b142df9b645968ae4e712a

    SHA512

    8c5fd7c7059e6c2b069d287a0857ae83b15d0a80030a9637cba812672f31ce58656e32d141ab527326060ca4d55b1fa963aa37fba916033498e4b07161b770ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b7d04381e1655bea4f1db8ffb6a88ae5

    SHA1

    de5c20c8e7b87c8527f0878058d8974466a6a9ba

    SHA256

    37dec456d3dfaf60fed2b06c866bc3655bf58daf8b612186d1325a29027e50b7

    SHA512

    83dc4ec84eee98e79b46ead3e5b3b4708d666db83bd3499db533457f09025b93d4c3485b6ee1a8187c538f7e5eea959a8485efee68124f001b534db4c0a1f9b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    99ebb58cff75abb4edef3b006f49cea1

    SHA1

    6baaacb022e3eb4317f8ab3428c326b8b588a0d9

    SHA256

    813cea2bbab79ba606d1957c9890da49d240e38645222b74f76b5a0d3dc32484

    SHA512

    7778b93a50adefe962b2b81eddf0c6b19f107deea599fbdfa04bdf1eb81e086d0dbc495b43d820c6117cc6916100b943b1316552d2b6f1c3539408b5d86bff79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be547f4e9739b0338d1b73c39876d9e1

    SHA1

    1dc1e84107d7867e37c3708024de5727f19d0c84

    SHA256

    339a1b4aabc06b8c27dbd4a87c553c280f0b7bfa0d05727196c78aaec0bae3f5

    SHA512

    e8e70d2b96a11106d0c945e279cf6ab69c678cbaabc4b0adc6285b369fa369a0a40aaa6ab65e53fa6734ab34f4d9e9a97340e6aee48946902cc08196983cc1d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    93a936585359ca3de3384e65ff6ad065

    SHA1

    63b6fafeb7f9cea24b840d3f645dd42e3e8f6914

    SHA256

    bfce6ab50bf3ad3b2b7d3ad75ab4ef174242c38e81c3e6e4d70b4f495f260b53

    SHA512

    8853ae062bdd7ff025e054e77a5bdc8691bfb339211020ac0314c4b927a045bc20e4581062179343d4c2a8e8d4ec3a755e9c4dbe5fb68eef71d9d59b4dc573e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C1B8D87CA29E93F2FEEB2834BE22FBB2
    Filesize

    250B

    MD5

    9605c355c9b47a3366e86f30ec31a93a

    SHA1

    582ea420cd6ec961b8a764f0fa4337067eb0e85d

    SHA256

    8794999806e8135c29acb3666ad4161764fac1ae1806d510c08fb0854415a84a

    SHA512

    e87a0f6a1c264194d951801cbfbbdfbf5c7ad37eb456728857609f1a2ac2df52842b5c4b7642dd26b2fb34d8cb0f0526232abbfd4fb294b6cc3000f9ee443e2e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCBFD.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • memory/2516-0-0x000000013FA30000-0x000000014073E000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2516-12-0x000000013FA30000-0x000000014073E000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2516-10-0x000000013FA30000-0x000000014073E000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2516-1-0x00000000773A0000-0x00000000773A2000-memory.dmp

    Filesize

    8KB

    Download