Analysis
-
max time kernel
94s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
24-05-2022 17:50
Static task
static1
Behavioral task
behavioral1
Sample
c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exe
Resource
win10v2004-20220414-en
General
-
Target
c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exe
-
Size
2.0MB
-
MD5
d567b5d48d8369cd09995c38d52b2452
-
SHA1
40cc824e7ea37f0eb1e086e9dc86349bb4323b71
-
SHA256
c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a
-
SHA512
dc73f317f8824e822cef7024fe4374d818372af1d15e03dc0e8cd5539a0398523dab8783fc6bb05e50e688b71dcbc96bb8cbbdbba2f2964e8bd60c9bf83fa938
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Wine c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exedescription ioc process File opened for modification \??\PhysicalDrive0 c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exepid process 2060 c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exepid process 2060 c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exe 2060 c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exepid process 2060 c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exe 2060 c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exe"C:\Users\Admin\AppData\Local\Temp\c94a9791aee317b9bf661bdec3a260f792dfd6e21c81f7b312cd2461e078769a.exe"1⤵
- Identifies Wine through registry keys
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2060-130-0x0000000000400000-0x000000000085B000-memory.dmpFilesize
4.4MB