Analysis
-
max time kernel
26s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
12-07-2022 16:52
Static task
static1
Behavioral task
behavioral1
Sample
63e0a965c53778faf5756e0e942f0723fb38b7ec6baf9f9447667ba80b5a0a8d.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
63e0a965c53778faf5756e0e942f0723fb38b7ec6baf9f9447667ba80b5a0a8d.exe
-
Size
2.9MB
-
MD5
496334838840d313341bb904378c0484
-
SHA1
3bf21a6b3c70861101810c1b695e6be30f41497a
-
SHA256
63e0a965c53778faf5756e0e942f0723fb38b7ec6baf9f9447667ba80b5a0a8d
-
SHA512
0c443798bdfd9e718c8ad5c04c6d835649b0304c34b8d52cbe34a3c008de11771360dd76b38f89737aed8b855efd232e8a3496f4db74ebbc73a3e44ad22e236d
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
63e0a965c53778faf5756e0e942f0723fb38b7ec6baf9f9447667ba80b5a0a8d.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Wine 63e0a965c53778faf5756e0e942f0723fb38b7ec6baf9f9447667ba80b5a0a8d.exe -
Processes:
resource yara_rule behavioral1/memory/884-54-0x0000000001000000-0x00000000012F1000-memory.dmp themida
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/884-54-0x0000000001000000-0x00000000012F1000-memory.dmpFilesize
2.9MB