Analysis
-
max time kernel
144s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
27-11-2022 04:27
Behavioral task
behavioral1
Sample
bcec9b6176d1d01198623ebbf89a87eb8ad2e8157e7cf2e84eb14d2d68b55e9a.dll
Resource
win7-20221111-en
General
-
Target
bcec9b6176d1d01198623ebbf89a87eb8ad2e8157e7cf2e84eb14d2d68b55e9a.dll
-
Size
1.9MB
-
MD5
2154df36029b74258b328d7e448f8f37
-
SHA1
b04a56d7ee7978cf7e3eb132c9efff8dcf38a6c9
-
SHA256
bcec9b6176d1d01198623ebbf89a87eb8ad2e8157e7cf2e84eb14d2d68b55e9a
-
SHA512
8e479d0243683bfbf2b03bc02a8ecfbee501cb3f1467bcbd210ee492656379826093ea16317712e448bd8f9547c325257d28b1317f479a2990e902487c8a855b
-
SSDEEP
24576:ELeMBrg2O9r0MwAZqU7SuTm987+W5pzvKaN8+yg851AIilofd/b+cb8cn+ivFrf:EePwAZqU7SukO+0pj8ng8fAKKcwfOZf
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
rundll32.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Wine rundll32.exe -
Processes:
resource yara_rule behavioral2/memory/440-133-0x0000000000400000-0x00000000005F1000-memory.dmp themida behavioral2/memory/440-136-0x0000000000400000-0x00000000005F1000-memory.dmp themida -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4396 wrote to memory of 440 4396 rundll32.exe rundll32.exe PID 4396 wrote to memory of 440 4396 rundll32.exe rundll32.exe PID 4396 wrote to memory of 440 4396 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bcec9b6176d1d01198623ebbf89a87eb8ad2e8157e7cf2e84eb14d2d68b55e9a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bcec9b6176d1d01198623ebbf89a87eb8ad2e8157e7cf2e84eb14d2d68b55e9a.dll,#12⤵
- Identifies Wine through registry keys
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/440-132-0x0000000000000000-mapping.dmp
-
memory/440-133-0x0000000000400000-0x00000000005F1000-memory.dmpFilesize
1.9MB
-
memory/440-134-0x0000000002890000-0x000000000292D000-memory.dmpFilesize
628KB
-
memory/440-135-0x0000000002A70000-0x0000000002C0E000-memory.dmpFilesize
1.6MB
-
memory/440-136-0x0000000000400000-0x00000000005F1000-memory.dmpFilesize
1.9MB