Overview

overview

7

Static

static

7

fc3b1be125...83.exe

windows7-x64

7

fc3b1be125...83.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    39s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 13:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fc3b1be125e09efa6f74254124c3e81d322f8afde74ecc3fb290b532c6a47983.exe

  • Size

    3.5MB

  • MD5

    a8b2f6be72447b100fdf4fa2fe948da9

  • SHA1

    bf2f90e447f933784be96c9d88908be7e6496295

  • SHA256

    fc3b1be125e09efa6f74254124c3e81d322f8afde74ecc3fb290b532c6a47983

  • SHA512

    0f2734af61fbde4afa9031568cf11a30d5a9e79a1b38d3d7192d5f4528d5acd37640be685363b0ac80900b8f7790af6fdb5f2a95afa485b096e513d889968e85

  • SSDEEP

    98304:z4Y9FkCzT2boJkA7GQqT5br21vJcye6Z/Iij:htJaACQqNbrGBcyL/7j

Score
7/10
evasionthemida

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida

Processes

  • C:\Users\Admin\AppData\Local\Temp\fc3b1be125e09efa6f74254124c3e81d322f8afde74ecc3fb290b532c6a47983.exe
    "C:\Users\Admin\AppData\Local\Temp\fc3b1be125e09efa6f74254124c3e81d322f8afde74ecc3fb290b532c6a47983.exe"
    1⤵
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    PID:1972

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1972-54-0x0000000000400000-0x000000000057D000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1972-55-0x0000000000400000-0x000000000057D000-memory.dmp

          Filesize

          1.5MB

          Download