Analysis

  • max time kernel
    113s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2022, 05:41

General

  • Target

    ccd2d553756500706427b4847803c618b8673aa21267057117dab60796fac8af.exe

  • Size

    873KB

  • MD5

    75829f633e07a0321d13248a1b6d44b0

  • SHA1

    39755b13b7377dafa84418233d80a705da282802

  • SHA256

    ccd2d553756500706427b4847803c618b8673aa21267057117dab60796fac8af

  • SHA512

    a31380f9eb6a319ca08d24bbf8a8b80c17d45380dd5b4431e1bf38d8e320b864d7a7a318332a4b5e8e74a650c27ca2c1c73145ce9e1b7d719fe916676cedb220

  • SSDEEP

    24576:JhQ2DLmDkJY80lSM1D5NcnpFZRvHQ9HJDNC:JhxDaQJ70lS2kNRo5b

Score
7/10

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ccd2d553756500706427b4847803c618b8673aa21267057117dab60796fac8af.exe
    "C:\Users\Admin\AppData\Local\Temp\ccd2d553756500706427b4847803c618b8673aa21267057117dab60796fac8af.exe"
    1⤵
    • Identifies Wine through registry keys
    PID:1496

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1496-132-0x0000000013140000-0x0000000013339000-memory.dmp

          Filesize

          2.0MB

        • memory/1496-133-0x0000000013140000-0x0000000013339000-memory.dmp

          Filesize

          2.0MB