Analysis
-
max time kernel
278s -
max time network
403s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 12:04
Behavioral task
behavioral1
Sample
833077d7c6d65b379aa64a0118b30d6769407df0797cb9f22dd9407157174dda.exe
Resource
win7-20220812-en
windows7-x64
9 signatures
150 seconds
General
-
Target
833077d7c6d65b379aa64a0118b30d6769407df0797cb9f22dd9407157174dda.exe
-
Size
1012KB
-
MD5
a0262a3772f119d1184f19984f5e59fe
-
SHA1
e6d056dd7071d31a325d82eb432b0dc4d949d64a
-
SHA256
833077d7c6d65b379aa64a0118b30d6769407df0797cb9f22dd9407157174dda
-
SHA512
e9e0cce5b5f1282727970af83178cb970bcbc7cf02ffe12e2ea2d349caeb5102787ba1ff858873edc2d1ea7cce54b4d3efd2df629958756ebc264c1b935ecc73
-
SSDEEP
24576:m/QShfODWVBg7GHOw9TMQ0Tp2Xqw9f0E7uKM+zK0kPl:m/QSRvYGHRTMtd2XqO0E7uKM+zK5
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
833077d7c6d65b379aa64a0118b30d6769407df0797cb9f22dd9407157174dda.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Wine 833077d7c6d65b379aa64a0118b30d6769407df0797cb9f22dd9407157174dda.exe -
Processes:
resource yara_rule behavioral2/memory/1452-132-0x0000000000400000-0x0000000000614000-memory.dmp themida
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1452-132-0x0000000000400000-0x0000000000614000-memory.dmpFilesize
2.1MB