Analysis
-
max time kernel
184s -
max time network
197s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
24-11-2022 04:09
Static task
static1
Behavioral task
behavioral1
Sample
62d6d7ba036231d8b68a406c6b2e4387010324a0df2d7d0ecfbcea84dac93d20.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
62d6d7ba036231d8b68a406c6b2e4387010324a0df2d7d0ecfbcea84dac93d20.exe
Resource
win10v2004-20221111-en
General
-
Target
62d6d7ba036231d8b68a406c6b2e4387010324a0df2d7d0ecfbcea84dac93d20.exe
-
Size
11.5MB
-
MD5
20d3798ecb1550c20edcf43b5acdd617
-
SHA1
9c37a74035df2552a6e65c3e218bd77d6b023578
-
SHA256
62d6d7ba036231d8b68a406c6b2e4387010324a0df2d7d0ecfbcea84dac93d20
-
SHA512
2c4a63263a2b14953f3d5ae3746d8c57453c1106e1ac438c0075d04b43a3662202752578334af537599a27a4d2445f919304d80c818e61a12848f0dcd045b04a
-
SSDEEP
98304:JCfGeIDV8p+K8ss+tRCwc68KlQTLbolGdlA/zHuD6Axt6x4+pDpkzIHTgDalZLCs:wee/p++opkHDiudHOmu/94fk6v
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
62d6d7ba036231d8b68a406c6b2e4387010324a0df2d7d0ecfbcea84dac93d20.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Wine 62d6d7ba036231d8b68a406c6b2e4387010324a0df2d7d0ecfbcea84dac93d20.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
62d6d7ba036231d8b68a406c6b2e4387010324a0df2d7d0ecfbcea84dac93d20.exepid process 1896 62d6d7ba036231d8b68a406c6b2e4387010324a0df2d7d0ecfbcea84dac93d20.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
62d6d7ba036231d8b68a406c6b2e4387010324a0df2d7d0ecfbcea84dac93d20.exepid process 1896 62d6d7ba036231d8b68a406c6b2e4387010324a0df2d7d0ecfbcea84dac93d20.exe 1896 62d6d7ba036231d8b68a406c6b2e4387010324a0df2d7d0ecfbcea84dac93d20.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\62d6d7ba036231d8b68a406c6b2e4387010324a0df2d7d0ecfbcea84dac93d20.exe"C:\Users\Admin\AppData\Local\Temp\62d6d7ba036231d8b68a406c6b2e4387010324a0df2d7d0ecfbcea84dac93d20.exe"1⤵
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1896-132-0x0000000000400000-0x0000000001287000-memory.dmpFilesize
14.5MB
-
memory/1896-133-0x0000000000400000-0x0000000001287000-memory.dmpFilesize
14.5MB
-
memory/1896-134-0x0000000000400000-0x0000000001287000-memory.dmpFilesize
14.5MB
-
memory/1896-135-0x0000000000400000-0x0000000001287000-memory.dmpFilesize
14.5MB