Analysis

  • max time kernel
    170s
  • max time network
    177s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/11/2023, 13:57

General

  • Target

    dc175b03ef86f6edf3e13423dffd044ec11563635129a31320f32dc592e2e791.exe

  • Size

    316KB

  • MD5

    002e08f6dfa79fb3330da8b0528430fe

  • SHA1

    a8caf445e4f27bcb34b8a26aea0616aeee939747

  • SHA256

    dc175b03ef86f6edf3e13423dffd044ec11563635129a31320f32dc592e2e791

  • SHA512

    ad4ec10e242a54e26522e31f141cfe1afecb1573274a18bd8cc72d32b71932caf7aaddfa03fbc31c1d3c6701b5609816778398d873015769abb9194f89b7fa7b

  • SSDEEP

    3072:tRZRdp0SUzDega9kMG9ro3lFsHj0X+Zdn2AJqP/MZpJrynt6B8PQR:vZRdp0SUzDegskMG+1SD0XYpkoBd

Score
7/10

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc175b03ef86f6edf3e13423dffd044ec11563635129a31320f32dc592e2e791.exe
    "C:\Users\Admin\AppData\Local\Temp\dc175b03ef86f6edf3e13423dffd044ec11563635129a31320f32dc592e2e791.exe"
    1⤵
    • Identifies Wine through registry keys
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2216-0-0x0000000000970000-0x00000000009C0000-memory.dmp

    Filesize

    320KB

  • memory/2216-1-0x0000000000970000-0x00000000009C0000-memory.dmp

    Filesize

    320KB