Overview

overview

9

Static

static

7

16ee36210b...74.exe

windows7-x64

9

16ee36210b...74.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 10:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16ee36210b09645683f3c5ff4591cf74.exe

  • Size

    5.1MB

  • MD5

    16ee36210b09645683f3c5ff4591cf74

  • SHA1

    f28106b813f77bb0945996bd7f9d7557d99e0f85

  • SHA256

    2d3bdaa1b5e7d22c91d76a00462657e54dcb242a6bb42e21117a17949fe1c30a

  • SHA512

    760f6c1d2f6daa2cb6185df217606b7f2c3162b6def942102068e35ed6c14be96cd463a13c20b06480b192ce4b2cf3dad7df91778fddcb42a143d54ada4cc91c

  • SSDEEP

    98304:kKkdWJMaSmfy3XuJERysgxMS7K/9gmZrtfV9I9jdO:OWJMaSmfIuJAysYMGKBZZd9I

Score
7/10
evasionthemida

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida

Processes

  • C:\Users\Admin\AppData\Local\Temp\16ee36210b09645683f3c5ff4591cf74.exe
    "C:\Users\Admin\AppData\Local\Temp\16ee36210b09645683f3c5ff4591cf74.exe"
    1⤵
    • Identifies Wine through registry keys
    PID:3520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3520-0-0x0000000000400000-0x0000000000DDE000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/3520-1-0x0000000000400000-0x0000000000DDE000-memory.dmp

    Filesize

    9.9MB

    Download