Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 10:18
Behavioral task
behavioral1
Sample
301d3a3cb2decffad3f3e850e0cb8907d690859fd091fe7c1c067e3e113376f0.dll
Resource
win7-20221111-en
windows7-x64
6 signatures
150 seconds
General
-
Target
301d3a3cb2decffad3f3e850e0cb8907d690859fd091fe7c1c067e3e113376f0.dll
-
Size
783KB
-
MD5
1bae4df56f24a52942b126eb420126a1
-
SHA1
434401c158bd65e907b8babf3f6df0130ab6c7cc
-
SHA256
301d3a3cb2decffad3f3e850e0cb8907d690859fd091fe7c1c067e3e113376f0
-
SHA512
a025b9691f5032eaba396524d46f5674df8eda08a10f193307dae7ffbb837e47d8e9a2842b5cbe627e6b5b2f3e06ff5675cf8079bb7f377b456c12d91ecfaabb
-
SSDEEP
24576:yOPEZOLsZdFEsAMjjnthhEMxJu7ez1Q7:n4Eep8YuGQ
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
rundll32.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Wine rundll32.exe -
Processes:
resource yara_rule behavioral2/memory/612-133-0x0000000000400000-0x00000000005BB000-memory.dmp themida behavioral2/memory/612-135-0x0000000000400000-0x00000000005BB000-memory.dmp themida -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3440 wrote to memory of 612 3440 rundll32.exe rundll32.exe PID 3440 wrote to memory of 612 3440 rundll32.exe rundll32.exe PID 3440 wrote to memory of 612 3440 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\301d3a3cb2decffad3f3e850e0cb8907d690859fd091fe7c1c067e3e113376f0.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\301d3a3cb2decffad3f3e850e0cb8907d690859fd091fe7c1c067e3e113376f0.dll,#12⤵
- Identifies Wine through registry keys
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/612-132-0x0000000000000000-mapping.dmp
-
memory/612-133-0x0000000000400000-0x00000000005BB000-memory.dmpFilesize
1.7MB
-
memory/612-134-0x0000000002590000-0x000000000262D000-memory.dmpFilesize
628KB
-
memory/612-135-0x0000000000400000-0x00000000005BB000-memory.dmpFilesize
1.7MB