Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 03:34
Behavioral task
behavioral1
Sample
mingxiaozi/Domain.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
mingxiaozi/Domain.exe
-
Size
2.5MB
-
MD5
81f0fb11bd80498a62818f74c86ba118
-
SHA1
df02e26206e40b662940d19b1e44af92d70c823f
-
SHA256
b9a656ceca29c9b7460f890571d4dce3852d37bdc2d9303364ccb7f2762c59a6
-
SHA512
11f5bc9cab461ecddf6ca6c40a2971d0c46da045c207ac05a9ec34f607d5dede4b39318d63c4cfaafb13f65b9fb9380272556475a83578ed794b7e77641ff2f9
-
SSDEEP
49152:ksU8lg7GGuaKtyTw5uZmKm8VonOISYOlFKM8rj13PDz2:XUX7HsYTtZmUon3S/qH1fDz2
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Wine Domain.exe -
resource yara_rule behavioral2/memory/5532-0-0x0000000000400000-0x0000000000952000-memory.dmp themida behavioral2/memory/5532-3-0x0000000000400000-0x0000000000952000-memory.dmp themida