Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
31-07-2022 21:22
Behavioral task
behavioral1
Sample
d38347d12101e57b4e97bf41bf33cc3803596b1d3b26e12257d29994e5756ca0.exe
Resource
win7-20220715-en
windows7-x64
7 signatures
150 seconds
General
-
Target
d38347d12101e57b4e97bf41bf33cc3803596b1d3b26e12257d29994e5756ca0.exe
-
Size
942KB
-
MD5
5e1e009e6d4276b63cbce7dc50f6f41c
-
SHA1
3fba19da9c47d7d2e54a52349ab4b6529ca23b23
-
SHA256
d38347d12101e57b4e97bf41bf33cc3803596b1d3b26e12257d29994e5756ca0
-
SHA512
743d1ff0d8364d6ae2476707689b1da8a69976ddcd4505d21f798b63881269c1b651dcc0bc85ce13f4d5b058e8b982142847c17e4785aaa34fd14e418ee4d67c
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
d38347d12101e57b4e97bf41bf33cc3803596b1d3b26e12257d29994e5756ca0.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-1101907861-274115917-2188613224-1000\Software\Wine d38347d12101e57b4e97bf41bf33cc3803596b1d3b26e12257d29994e5756ca0.exe -
Processes:
resource yara_rule behavioral2/memory/620-130-0x0000000000400000-0x00000000005BEB00-memory.dmp themida behavioral2/memory/620-131-0x0000000000400000-0x00000000005BEB00-memory.dmp themida