Overview

overview

7

Static

static

7

3b67d1cfac...77.exe

windows7_x64

7

3b67d1cfac...77.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    91s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    03-07-2022 16:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b67d1cfacd4815601f5fefc3a08ab266202931eb8dbdfaf912a25a12eb70177.exe

  • Size

    617KB

  • MD5

    8786d0db0c3b7042461a41f76b765167

  • SHA1

    a6cdac002e0e35141d168b0f5a0963e62a601913

  • SHA256

    3b67d1cfacd4815601f5fefc3a08ab266202931eb8dbdfaf912a25a12eb70177

  • SHA512

    83f4ad545ded82625a98930a7ca90235c4d70d9b5ca9c4d5703e157ef1c35be7d8ce0cb2740a155df87c15c165e0ea475bce7fe5a58fbd16094bb6d7069e9b42

Score
7/10
evasionthemida

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b67d1cfacd4815601f5fefc3a08ab266202931eb8dbdfaf912a25a12eb70177.exe
    "C:\Users\Admin\AppData\Local\Temp\3b67d1cfacd4815601f5fefc3a08ab266202931eb8dbdfaf912a25a12eb70177.exe"
    1⤵
    • Identifies Wine through registry keys
    PID:3120

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3120-130-0x0000000000400000-0x000000000055A000-memory.dmp
    Filesize

    1.4MB

    Download