e760d263cfe1c998cc4844fb98a9370b73ac398ff05bd72a79b6315548a503fc

Analysis

max time kernel
37s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 15:36

Target

e760d263cfe1c998cc4844fb98a9370b73ac398ff05bd72a79b6315548a503fc.exe
Size

1.5MB
MD5

b309e8fd719bfb016d2e26402a0c7d50
SHA1

9fa495595af8df196e5dcc5bb28d7f7f6374d433
SHA256

e760d263cfe1c998cc4844fb98a9370b73ac398ff05bd72a79b6315548a503fc
SHA512

a24fa7e169397ebbb96b6ff38947a992d7cf663a7a14a2786e235b2d5cb837db8d79e0bfa3e207833d074678e81a48b22ce1eeef216cb555f4b7175b58bad3a5
SSDEEP

24576:5X5Hutf1Avo75v4/Knjtu8480JFM7S8NjoRveTgf28G1QFpSER:5XFuio719nh48KEyeTySY

Score

7^/10

evasion

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

Query Registry

Virtualization/Sandbox Evasion

Processes:

e760d263cfe1c998cc4844fb98a9370b73ac398ff05bd72a79b6315548a503fc.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Wine	e760d263cfe1c998cc4844fb98a9370b73ac398ff05bd72a79b6315548a503fc.exe

C:\Users\Admin\AppData\Local\Temp\e760d263cfe1c998cc4844fb98a9370b73ac398ff05bd72a79b6315548a503fc.exe
"C:\Users\Admin\AppData\Local\Temp\e760d263cfe1c998cc4844fb98a9370b73ac398ff05bd72a79b6315548a503fc.exe"
1⤵
- Identifies Wine through registry keys
PID:1952

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1952-54-0x0000000075981000-0x0000000075983000-memory.dmp

Filesize
8KB

Download
memory/1952-55-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/1952-56-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download