Analysis
-
max time kernel
170s -
max time network
177s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
11/11/2023, 13:57
Static task
static1
Behavioral task
behavioral1
Sample
dc175b03ef86f6edf3e13423dffd044ec11563635129a31320f32dc592e2e791.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
dc175b03ef86f6edf3e13423dffd044ec11563635129a31320f32dc592e2e791.exe
Resource
win10v2004-20231023-en
General
-
Target
dc175b03ef86f6edf3e13423dffd044ec11563635129a31320f32dc592e2e791.exe
-
Size
316KB
-
MD5
002e08f6dfa79fb3330da8b0528430fe
-
SHA1
a8caf445e4f27bcb34b8a26aea0616aeee939747
-
SHA256
dc175b03ef86f6edf3e13423dffd044ec11563635129a31320f32dc592e2e791
-
SHA512
ad4ec10e242a54e26522e31f141cfe1afecb1573274a18bd8cc72d32b71932caf7aaddfa03fbc31c1d3c6701b5609816778398d873015769abb9194f89b7fa7b
-
SSDEEP
3072:tRZRdp0SUzDega9kMG9ro3lFsHj0X+Zdn2AJqP/MZpJrynt6B8PQR:vZRdp0SUzDegskMG+1SD0XYpkoBd
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Software\Wine\WineFile dc175b03ef86f6edf3e13423dffd044ec11563635129a31320f32dc592e2e791.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ dc175b03ef86f6edf3e13423dffd044ec11563635129a31320f32dc592e2e791.exe Key created \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ dc175b03ef86f6edf3e13423dffd044ec11563635129a31320f32dc592e2e791.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2216 dc175b03ef86f6edf3e13423dffd044ec11563635129a31320f32dc592e2e791.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\dc175b03ef86f6edf3e13423dffd044ec11563635129a31320f32dc592e2e791.exe"C:\Users\Admin\AppData\Local\Temp\dc175b03ef86f6edf3e13423dffd044ec11563635129a31320f32dc592e2e791.exe"1⤵
- Identifies Wine through registry keys
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2216