Overview

overview

7

Static

static

3

067ba28842...29.exe

windows7-x64

7

067ba28842...29.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 23:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    067ba288422ed06e7bbfe92d7bceb129.exe

  • Size

    427KB

  • MD5

    067ba288422ed06e7bbfe92d7bceb129

  • SHA1

    711669a6c3bb5e2daac6ea996aaba6ea26d91210

  • SHA256

    9e96468ff41f5fcb81f7a5f39d86ab8162d35262f480a2c248cb2e31e87dfeef

  • SHA512

    d3533d842d9dbf16ca8c1d67f8711c7edf4e24411bb61cfb5db269208f5caa78a9cf0b6a3da0607163be1503fa7ddc73a48295ad75064582d515a74f9018b5fb

  • SSDEEP

    12288:oVpY1/9nodor6yO4vJ958ShthAT6GlUQLt66:oS/9ncx47DohlUQQ6

Score
7/10
evasion

Malware Config

Signatures

  • Executes dropped EXE 10 IoCs
  • Identifies Wine through registry keys 2 TTPs 11 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 20 IoCs
  • Drops file in System32 directory 22 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\067ba288422ed06e7bbfe92d7bceb129.exe
    "C:\Users\Admin\AppData\Local\Temp\067ba288422ed06e7bbfe92d7bceb129.exe"
    1⤵
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Windows\SysWOW64\wins.exe
      C:\Windows\system32\wins.exe 652 "C:\Users\Admin\AppData\Local\Temp\067ba288422ed06e7bbfe92d7bceb129.exe"
      2⤵
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2604
      • C:\Windows\SysWOW64\wins.exe
        C:\Windows\system32\wins.exe 696 "C:\Windows\SysWOW64\wins.exe"
        3⤵
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious use of WriteProcessMemory
        PID:2664
        • C:\Windows\SysWOW64\wins.exe
          C:\Windows\system32\wins.exe 692 "C:\Windows\SysWOW64\wins.exe"
          4⤵
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Loads dropped DLL
          • Drops file in System32 directory
          • Suspicious use of WriteProcessMemory
          PID:2252
          • C:\Windows\SysWOW64\wins.exe
            C:\Windows\system32\wins.exe 704 "C:\Windows\SysWOW64\wins.exe"
            5⤵
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Loads dropped DLL
            • Drops file in System32 directory
            • Suspicious use of WriteProcessMemory
            PID:2672
            • C:\Windows\SysWOW64\wins.exe
              C:\Windows\system32\wins.exe 700 "C:\Windows\SysWOW64\wins.exe"
              6⤵
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Loads dropped DLL
              • Drops file in System32 directory
              • Suspicious use of WriteProcessMemory
              PID:876
              • C:\Windows\SysWOW64\wins.exe
                C:\Windows\system32\wins.exe 688 "C:\Windows\SysWOW64\wins.exe"
                7⤵
                • Executes dropped EXE
                • Identifies Wine through registry keys
                • Loads dropped DLL
                • Drops file in System32 directory
                • Suspicious use of WriteProcessMemory
                PID:2736
                • C:\Windows\SysWOW64\wins.exe
                  C:\Windows\system32\wins.exe 708 "C:\Windows\SysWOW64\wins.exe"
                  8⤵
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Loads dropped DLL
                  • Drops file in System32 directory
                  • Suspicious use of WriteProcessMemory
                  PID:2984
                  • C:\Windows\SysWOW64\wins.exe
                    C:\Windows\system32\wins.exe 712 "C:\Windows\SysWOW64\wins.exe"
                    9⤵
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Loads dropped DLL
                    • Drops file in System32 directory
                    • Suspicious use of WriteProcessMemory
                    PID:1212
                    • C:\Windows\SysWOW64\wins.exe
                      C:\Windows\system32\wins.exe 716 "C:\Windows\SysWOW64\wins.exe"
                      10⤵
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      • Loads dropped DLL
                      • Drops file in System32 directory
                      • Suspicious use of WriteProcessMemory
                      PID:580
                      • C:\Windows\SysWOW64\wins.exe
                        C:\Windows\system32\wins.exe 724 "C:\Windows\SysWOW64\wins.exe"
                        11⤵
                        • Executes dropped EXE
                        • Identifies Wine through registry keys
                        • Drops file in System32 directory
                        PID:2072

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\wins.exe
    Filesize

    102KB

    MD5

    4a4ef513e3f59157811e8a2334354bf5

    SHA1

    30e926d8981ca11715cad32622908721f77e25ad

    SHA256

    cd7ab81d715f2f0b13ff9e0b9bf2af95e4c3e6f4edd7025401d83f99b936f7f6

    SHA512

    65f3cbb0c8c965ffdb0a678c37ddb72e2871e565d85580e798d24b1ec5d0820735d8f254e69ab3166757e4c1c644d0195f4d99c4aa91385a29fac0147da79691

    Download Submit

  • C:\Windows\SysWOW64\wins.exe
    Filesize

    318KB

    MD5

    63b5451c174a54d9cf6d7bb5a90882b0

    SHA1

    a04e7e8a5280e94bb7989d6cf703541e1f0cec69

    SHA256

    44f5c8e19a2b51ec234c0964c15da9312d7af3f1618e527e41ace8cf059c7723

    SHA512

    ca2d7aaa62de14615ba25a84e8bf340aac59ecb1d52072766a5b817c1c1914c48593b3d35d81d22091de37c39f0d75f9fb5129c5a6ea95422dfc46df4a579b57

    Download Submit

  • \Windows\SysWOW64\wins.exe
    Filesize

    427KB

    MD5

    067ba288422ed06e7bbfe92d7bceb129

    SHA1

    711669a6c3bb5e2daac6ea996aaba6ea26d91210

    SHA256

    9e96468ff41f5fcb81f7a5f39d86ab8162d35262f480a2c248cb2e31e87dfeef

    SHA512

    d3533d842d9dbf16ca8c1d67f8711c7edf4e24411bb61cfb5db269208f5caa78a9cf0b6a3da0607163be1503fa7ddc73a48295ad75064582d515a74f9018b5fb

    Download Submit

  • \Windows\SysWOW64\wins.exe
    Filesize

    384KB

    MD5

    50d13f17fc273afca86038fb1bbb0279

    SHA1

    a94c615c51f9408d3b98f2c09960242521ec43ec

    SHA256

    d89e164384dcd3a4dc82c946d785adec22c335e8f1b3cd16472eff3ddd6ce1b4

    SHA512

    5cd2f6bf721b51a6e2c6e023f11406d386d0bf59360da186e4936ecc41e3a84f4a364a0a4342b1c1db6c49ec1bbdf71f319a59b0de6a869dda4f7794db2dee7f

    Download Submit

  • \Windows\SysWOW64\wins.exe
    Filesize

    382KB

    MD5

    98411063c3a7ae6f55df42780561d090

    SHA1

    7521f15f607dbd4b24e7fb90bee6a5244ee2709b

    SHA256

    481e31a15451c763f7f3b377536ab8d2ffcad10d38efc09e5193b31b0ba6a040

    SHA512

    989ccef33928fd94bc6bee18d3c2ceb64f4ee15fb52b6c323100114b74fc73a900c987f1bbab816085810a20ebea421af078b8a586a6365eceec3e07cdec5d28

    Download Submit

  • \Windows\SysWOW64\wins.exe
    Filesize

    320KB

    MD5

    f877a28d7635d1f2f5f636cd0c662ae8

    SHA1

    d33ce69c7ebdd888549fe40f824cb0ec0db81d7b

    SHA256

    3c69f76bca6060a06e6d713c3ef5f129b692762856720404788e9d548d0ef8f6

    SHA512

    6c035ba1b9fbe977282648833c18fcdfb2cda8fc4c035f9234e6b30242ebd4ee6e9203b196753c96f596a877e2c74106c50f45e2343c0ad54126408d0a051a49

    Download Submit

  • memory/580-226-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/876-138-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1212-203-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2072-248-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2252-79-0x0000000003C70000-0x0000000003C71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2252-80-0x0000000003D00000-0x0000000003D01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2252-81-0x0000000003D40000-0x0000000003D41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2252-82-0x0000000003D30000-0x0000000003D31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2252-83-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2252-84-0x0000000003C10000-0x0000000003C11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2252-78-0x0000000003D10000-0x0000000003D12000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2252-77-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2252-76-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2252-93-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2604-30-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2604-47-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2604-41-0x0000000003C30000-0x0000000003C32000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2604-52-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2604-45-0x0000000003C40000-0x0000000003C41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-46-0x0000000003C60000-0x0000000003C61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-40-0x0000000003C20000-0x0000000003C21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-39-0x0000000003BE0000-0x0000000003BE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-38-0x0000000003C00000-0x0000000003C01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-37-0x0000000003C10000-0x0000000003C11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-36-0x0000000003BF0000-0x0000000003BF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-35-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-34-0x0000000003CD0000-0x0000000003CD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-33-0x0000000003CA0000-0x0000000003CA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-32-0x0000000003C50000-0x0000000003C51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2604-31-0x0000000003CB0000-0x0000000003CB2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2604-29-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2604-42-0x0000000003C90000-0x0000000003C92000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2664-60-0x0000000000620000-0x0000000000621000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-62-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-70-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2664-75-0x0000000004660000-0x00000000047AA000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2664-51-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2664-66-0x0000000003CA0000-0x0000000003CA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-65-0x0000000003C30000-0x0000000003C31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-64-0x0000000003C50000-0x0000000003C51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-69-0x0000000003C60000-0x0000000003C61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-68-0x0000000003C90000-0x0000000003C92000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2664-63-0x0000000000630000-0x0000000000631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-73-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2664-61-0x0000000000610000-0x0000000000611000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-53-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2664-59-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-58-0x0000000003CF0000-0x0000000003CF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-57-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-56-0x0000000003CB0000-0x0000000003CB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-55-0x0000000003C70000-0x0000000003C71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2664-54-0x0000000003CC0000-0x0000000003CC2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2672-115-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2736-160-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2984-182-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3016-44-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3016-21-0x0000000004640000-0x000000000478A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3016-19-0x0000000003C70000-0x0000000003C71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-20-0x0000000003C90000-0x0000000003C91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-1-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3016-2-0x0000000003CF0000-0x0000000003CF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3016-3-0x0000000003C80000-0x0000000003C81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-4-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-5-0x0000000003D10000-0x0000000003D11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-6-0x0000000003D20000-0x0000000003D21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-7-0x0000000000860000-0x0000000000861000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-8-0x0000000003C20000-0x0000000003C21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-28-0x0000000004640000-0x000000000478A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3016-9-0x0000000000870000-0x0000000000871000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-18-0x0000000003CD0000-0x0000000003CD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-0-0x0000000000400000-0x000000000054A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3016-13-0x0000000003C40000-0x0000000003C41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-10-0x00000000005B0000-0x00000000005B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-11-0x0000000003C30000-0x0000000003C31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3016-12-0x0000000003C60000-0x0000000003C61000-memory.dmp

    Filesize

    4KB

    Download