Analysis
-
max time kernel
41s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
26-11-2022 12:00
Behavioral task
behavioral1
Sample
92cd3886fe74c9775fdec2864c80c658a4d494601d009c2726d5a7190eac248d.exe
Resource
win7-20220812-en
General
-
Target
92cd3886fe74c9775fdec2864c80c658a4d494601d009c2726d5a7190eac248d.exe
-
Size
1.3MB
-
MD5
461b828aded3c08b9661bf02f2290be4
-
SHA1
27b0c99af826e2ae3dad0025f558cc707ecc6a78
-
SHA256
92cd3886fe74c9775fdec2864c80c658a4d494601d009c2726d5a7190eac248d
-
SHA512
e230522f2eb38a1559b6a75d0569f54630ca7a56086a46b5c50954647e98b62a84fe0f8f03b35cd27f4b8eaa22c05a91b278ae9a3f12d3af7a81793b53788a7e
-
SSDEEP
24576:mOhnjPoH+ksuyVejBfn6WwAwXz+4CkfmNlkwX+mQBO8+HXRx8OjKt:mQAeksteFbdCCku1+mPX8
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
92cd3886fe74c9775fdec2864c80c658a4d494601d009c2726d5a7190eac248d.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Wine 92cd3886fe74c9775fdec2864c80c658a4d494601d009c2726d5a7190eac248d.exe -
Processes:
resource yara_rule behavioral1/memory/1920-54-0x0000000000400000-0x0000000000793000-memory.dmp themida behavioral1/memory/1920-56-0x0000000000400000-0x0000000000793000-memory.dmp themida behavioral1/memory/1920-57-0x0000000000400000-0x0000000000793000-memory.dmp themida behavioral1/memory/1920-58-0x0000000000400000-0x0000000000793000-memory.dmp themida -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
92cd3886fe74c9775fdec2864c80c658a4d494601d009c2726d5a7190eac248d.exepid process 1920 92cd3886fe74c9775fdec2864c80c658a4d494601d009c2726d5a7190eac248d.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
92cd3886fe74c9775fdec2864c80c658a4d494601d009c2726d5a7190eac248d.exepid process 1920 92cd3886fe74c9775fdec2864c80c658a4d494601d009c2726d5a7190eac248d.exe 1920 92cd3886fe74c9775fdec2864c80c658a4d494601d009c2726d5a7190eac248d.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\92cd3886fe74c9775fdec2864c80c658a4d494601d009c2726d5a7190eac248d.exe"C:\Users\Admin\AppData\Local\Temp\92cd3886fe74c9775fdec2864c80c658a4d494601d009c2726d5a7190eac248d.exe"1⤵
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1920-54-0x0000000000400000-0x0000000000793000-memory.dmpFilesize
3.6MB
-
memory/1920-55-0x00000000763F1000-0x00000000763F3000-memory.dmpFilesize
8KB
-
memory/1920-56-0x0000000000400000-0x0000000000793000-memory.dmpFilesize
3.6MB
-
memory/1920-57-0x0000000000400000-0x0000000000793000-memory.dmpFilesize
3.6MB
-
memory/1920-58-0x0000000000400000-0x0000000000793000-memory.dmpFilesize
3.6MB