Analysis
-
max time kernel
186s -
max time network
194s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
14-07-2022 08:07
Static task
static1
Behavioral task
behavioral1
Sample
dd15a1cd937d4bf4562d91529d3af1ab717f71e75eec3546cfca8e1c10c8b3c3.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
dd15a1cd937d4bf4562d91529d3af1ab717f71e75eec3546cfca8e1c10c8b3c3.exe
-
Size
704KB
-
MD5
46fc7f8fe6baa4ad25bac4facbde8c8e
-
SHA1
38d7b64b07bad3afe68190329a243d89e41ae8db
-
SHA256
dd15a1cd937d4bf4562d91529d3af1ab717f71e75eec3546cfca8e1c10c8b3c3
-
SHA512
7c28b57ffaafc2a3b82282c236627ca4210d820ccd3df694047d0e3e3f1976b332a926a1ae459f9486109cdf75ee0f26e375700dcdebecf4156b97577fda0396
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
dd15a1cd937d4bf4562d91529d3af1ab717f71e75eec3546cfca8e1c10c8b3c3.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Wine dd15a1cd937d4bf4562d91529d3af1ab717f71e75eec3546cfca8e1c10c8b3c3.exe -
Processes:
resource yara_rule behavioral2/memory/1776-130-0x0000000010000000-0x000000001019D000-memory.dmp themida behavioral2/memory/1776-131-0x0000000010000000-0x000000001019D000-memory.dmp themida