Analysis
-
max time kernel
91s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
03-07-2022 16:33
Static task
static1
Behavioral task
behavioral1
Sample
3b67d1cfacd4815601f5fefc3a08ab266202931eb8dbdfaf912a25a12eb70177.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
3b67d1cfacd4815601f5fefc3a08ab266202931eb8dbdfaf912a25a12eb70177.exe
-
Size
617KB
-
MD5
8786d0db0c3b7042461a41f76b765167
-
SHA1
a6cdac002e0e35141d168b0f5a0963e62a601913
-
SHA256
3b67d1cfacd4815601f5fefc3a08ab266202931eb8dbdfaf912a25a12eb70177
-
SHA512
83f4ad545ded82625a98930a7ca90235c4d70d9b5ca9c4d5703e157ef1c35be7d8ce0cb2740a155df87c15c165e0ea475bce7fe5a58fbd16094bb6d7069e9b42
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
3b67d1cfacd4815601f5fefc3a08ab266202931eb8dbdfaf912a25a12eb70177.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Wine 3b67d1cfacd4815601f5fefc3a08ab266202931eb8dbdfaf912a25a12eb70177.exe -
Processes:
resource yara_rule behavioral2/memory/3120-130-0x0000000000400000-0x000000000055A000-memory.dmp themida
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3120-130-0x0000000000400000-0x000000000055A000-memory.dmpFilesize
1.4MB