Analysis
-
max time kernel
90s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
28-11-2022 05:12
Behavioral task
behavioral1
Sample
d9211ff5636bce8a832e32d5c7a8b45ea5731e6581fc7b452e3b98eb0f3d3b3f.dll
Resource
win7-20221111-en
General
-
Target
d9211ff5636bce8a832e32d5c7a8b45ea5731e6581fc7b452e3b98eb0f3d3b3f.dll
-
Size
2.4MB
-
MD5
133bf51d031b101ac6f87f6e13c85d53
-
SHA1
6e09b96d9ab68d673a872d47efe0d2625c09e3da
-
SHA256
d9211ff5636bce8a832e32d5c7a8b45ea5731e6581fc7b452e3b98eb0f3d3b3f
-
SHA512
39e8d610605620bb78d85253af21021860086132ce963b9a53a5d4f41b2e4aafa89f5261bff779e4a165e1545656b9686a66e6e27478c8792ff2b044bff9f7d2
-
SSDEEP
24576:y3mIEaiSE7PEDjG6VVWiqFQypkI8KJaZi3kPTa3g9yEj7OD2AH6CPsW:ylwSE7PEDjG6TaQ9yo1AN
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
regsvr32.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Wine regsvr32.exe -
Processes:
resource yara_rule behavioral2/memory/4912-133-0x0000000000400000-0x00000000007FC000-memory.dmp themida behavioral2/memory/4912-135-0x0000000000400000-0x00000000007FC000-memory.dmp themida -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 4868 wrote to memory of 4912 4868 regsvr32.exe regsvr32.exe PID 4868 wrote to memory of 4912 4868 regsvr32.exe regsvr32.exe PID 4868 wrote to memory of 4912 4868 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\d9211ff5636bce8a832e32d5c7a8b45ea5731e6581fc7b452e3b98eb0f3d3b3f.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\d9211ff5636bce8a832e32d5c7a8b45ea5731e6581fc7b452e3b98eb0f3d3b3f.dll2⤵
- Identifies Wine through registry keys
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4912-132-0x0000000000000000-mapping.dmp
-
memory/4912-133-0x0000000000400000-0x00000000007FC000-memory.dmpFilesize
4.0MB
-
memory/4912-134-0x0000000000E50000-0x0000000000EED000-memory.dmpFilesize
628KB
-
memory/4912-135-0x0000000000400000-0x00000000007FC000-memory.dmpFilesize
4.0MB