cb3b270b7bb265618fefb258265427655eda4330669612bf9f9df1bd3eac012b

Analysis

max time kernel
88s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 04:53

Target

cb3b270b7bb265618fefb258265427655eda4330669612bf9f9df1bd3eac012b.exe
Size

841KB
MD5

5725decdb18c79f27a032e279cd984bc
SHA1

01154e4dadad43d5112c37bd609bdc58acc4f6c6
SHA256

cb3b270b7bb265618fefb258265427655eda4330669612bf9f9df1bd3eac012b
SHA512

a47d042c7731be8f43598fdf22ebff9df1f5db791bd2ebd423f1e532d2291ef472e57b7d883c78d23cc089ec73035150a43978ce828376b548d6846da059c969
SSDEEP

24576:5O/JS1kUo4A4dv0djeIfO7oNUcpeqqZmudmg:5CBUo14V8jhUCBqZmuwg

Score

7^/10

evasion

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

Query Registry

Virtualization/Sandbox Evasion

Processes:

cb3b270b7bb265618fefb258265427655eda4330669612bf9f9df1bd3eac012b.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Wine	cb3b270b7bb265618fefb258265427655eda4330669612bf9f9df1bd3eac012b.exe

C:\Users\Admin\AppData\Local\Temp\cb3b270b7bb265618fefb258265427655eda4330669612bf9f9df1bd3eac012b.exe
"C:\Users\Admin\AppData\Local\Temp\cb3b270b7bb265618fefb258265427655eda4330669612bf9f9df1bd3eac012b.exe"
1⤵
- Identifies Wine through registry keys
PID:1772

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

memory/1772-132-0x0000000000400000-0x000000000065A000-memory.dmp

Filesize
2.4MB

Download