77b550218ed54d9cfe295e61cf452dc51eb3431f739140338b7931f14fee7cb1

Analysis

max time kernel
152s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 07:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77b550218ed54d9cfe295e61cf452dc51eb3431f739140338b7931f14fee7cb1.exe
Size

2.1MB
MD5

7ed6c86c6884c5fdf5273341a5506743
SHA1

90e273c0f7ff99879af5f99764bb72dd43eff387
SHA256

77b550218ed54d9cfe295e61cf452dc51eb3431f739140338b7931f14fee7cb1
SHA512

9300f20e65053688b18d31fe830dfba5c329c45134c28ef1e9698cdaf184492b7dd084f506d594f6b75d9b4cc6eb8628802bfb1e3592e13c1e13dc8fef438646
SSDEEP

49152:tZSR6IlxL1IG16BRtDIvjL7Ada4CPBBfapqu2jodaya:WgIlxL1IC6Ptkvj/Ada4CPvaps

Score

7^/10

evasion themida

Malware Config

Signatures

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

77b550218ed54d9cfe295e61cf452dc51eb3431f739140338b7931f14fee7cb1.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Wine	77b550218ed54d9cfe295e61cf452dc51eb3431f739140338b7931f14fee7cb1.exe

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral2/memory/1388-132-0x0000000000400000-0x0000000000643000-memory.dmp	themida

C:\Users\Admin\AppData\Local\Temp\77b550218ed54d9cfe295e61cf452dc51eb3431f739140338b7931f14fee7cb1.exe
"C:\Users\Admin\AppData\Local\Temp\77b550218ed54d9cfe295e61cf452dc51eb3431f739140338b7931f14fee7cb1.exe"
1⤵
- Identifies Wine through registry keys
PID:1388

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1388-132-0x0000000000400000-0x0000000000643000-memory.dmp

Filesize
2.3MB

Download