Analysis
-
max time kernel
32s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
14-07-2022 05:17
Static task
static1
Behavioral task
behavioral1
Sample
b911f3ccc39031fc77b5b5dc15e8c4c10642edb961e5dd1799bbae80888d5471.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
b911f3ccc39031fc77b5b5dc15e8c4c10642edb961e5dd1799bbae80888d5471.dll
-
Size
648KB
-
MD5
47cf2312142053973478a73c2221eea6
-
SHA1
6b50b6c1bb38de64ab2835387043e70e7add744f
-
SHA256
b911f3ccc39031fc77b5b5dc15e8c4c10642edb961e5dd1799bbae80888d5471
-
SHA512
5a41a77798991958097616fa5959f4ea39ca370a7513179f96c9a03524252690084a4a50b290148327aa9b8b8af88d24d2ea218dbfac47ac5b1b7cd7584efcb3
Score
7/10
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
rundll32.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Wine rundll32.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
rundll32.exepid process 1740 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1732 wrote to memory of 1740 1732 rundll32.exe rundll32.exe PID 1732 wrote to memory of 1740 1732 rundll32.exe rundll32.exe PID 1732 wrote to memory of 1740 1732 rundll32.exe rundll32.exe PID 1732 wrote to memory of 1740 1732 rundll32.exe rundll32.exe PID 1732 wrote to memory of 1740 1732 rundll32.exe rundll32.exe PID 1732 wrote to memory of 1740 1732 rundll32.exe rundll32.exe PID 1732 wrote to memory of 1740 1732 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b911f3ccc39031fc77b5b5dc15e8c4c10642edb961e5dd1799bbae80888d5471.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b911f3ccc39031fc77b5b5dc15e8c4c10642edb961e5dd1799bbae80888d5471.dll,#12⤵
- Identifies Wine through registry keys
- Suspicious behavior: EnumeratesProcesses
PID:1740