79a19760859ed5d753fd5a3690390773be75406b137eae99d072fde776ce4d74

Analysis

max time kernel
151s
max time network
76s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 08:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1324b2413dff467b690943c695a54852.exe
Size

2.1MB
MD5

1324b2413dff467b690943c695a54852
SHA1

4438365bb523a3d964b36596198197d0b2b2cb65
SHA256

79a19760859ed5d753fd5a3690390773be75406b137eae99d072fde776ce4d74
SHA512

2b404e8c5ce58648739eb02a3e8142575bff0c936ce58c4c352fdbcfdab1142fbd49f28e581d697bfc1c83eb0e79cdc35b16b03fe228a77445ace28f0b739eb6
SSDEEP

49152:qeMwVGCjidoB16EwMEgPq6AQ63RmndfaC9tCvja:qeMk6oBpwM5y6NndC

Score

7^/10

evasion themida

Malware Config

Signatures

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\Software\Wine	1324b2413dff467b690943c695a54852.exe

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/4580-0-0x0000000000400000-0x000000000061F000-memory.dmp	themida
behavioral2/memory/4580-3-0x0000000000400000-0x000000000061F000-memory.dmp	themida

Program crash 1 IoCs

pid	pid_target	Process	procid_target
528	4580	WerFault.exe	42

C:\Users\Admin\AppData\Local\Temp\1324b2413dff467b690943c695a54852.exe
"C:\Users\Admin\AppData\Local\Temp\1324b2413dff467b690943c695a54852.exe"
1⤵
- Identifies Wine through registry keys
PID:4580
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 276
  2⤵
  - Program crash
  PID:528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4580 -ip 4580
1⤵
PID:552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4580-0-0x0000000000400000-0x000000000061F000-memory.dmp

Filesize
2.1MB

Download
memory/4580-2-0x00000000022C0000-0x00000000023BD000-memory.dmp

Filesize
1012KB

Download
memory/4580-1-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/4580-3-0x0000000000400000-0x000000000061F000-memory.dmp

Filesize
2.1MB

Download
memory/4580-4-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads