Analysis
-
max time kernel
39s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
-
submitted
25-07-2022 15:58
General
-
Target
5577b6af2967c973fe247348c7aba41cd505ff6bf8a6da201139c752b2407d71.exe
-
Size
585KB
-
MD5
ba9e0339088a770ab44ca3ee76926a52
-
SHA1
162c48be7d14d4ae5a32090f5d98f8893ab1f007
-
SHA256
5577b6af2967c973fe247348c7aba41cd505ff6bf8a6da201139c752b2407d71
-
SHA512
310c827af36e8f3870e38872929d8a8147444c525b44890ed758aaa27c02de13609f0412f6cbf3a37e75bdb50289495e0a4d4ba53025e276a6e9be78d17c971b
Score
7/10
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Themida packer 2 IoCs
Detects Themida, an advanced Windows software protection system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5577b6af2967c973fe247348c7aba41cd505ff6bf8a6da201139c752b2407d71.exe"C:\Users\Admin\AppData\Local\Temp\5577b6af2967c973fe247348c7aba41cd505ff6bf8a6da201139c752b2407d71.exe"1⤵
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/784-54-0x0000000000400000-0x0000000000554000-memory.dmpFilesize
1.3MB
-
memory/784-55-0x0000000000400000-0x0000000000554000-memory.dmpFilesize
1.3MB