Overview

overview

10

Static

static

3

74fa49f60a...12.exe

windows7-x64

7

74fa49f60a...12.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 16:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74fa49f60a92b46d4a75f63167e62a12.exe

  • Size

    431KB

  • MD5

    74fa49f60a92b46d4a75f63167e62a12

  • SHA1

    f2bb1d660002e095e8026981ea31f872f1535bc9

  • SHA256

    f687f07fb4757f2a43560c7e02e5aaa12f8e50c7ecb4d38a27307d87b8167f8d

  • SHA512

    3fd3b151671cd51cb522f2afbbdb5137525905a85169576abfbf0c8b5880326afa57f51ee272a281474911b593b8e360c62652c30c48942099485fe6b15bb31b

  • SSDEEP

    12288:hN1ASkD/alY8pAEoknoa8KOIT/QBD7Hv6dtb3Uj1:lASEC9pAEoA58BD+dtm1

Score
7/10
evasion

Malware Config

Signatures

  • Executes dropped EXE 9 IoCs
  • Identifies Wine through registry keys 2 TTPs 10 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 18 IoCs
  • Drops file in System32 directory 18 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74fa49f60a92b46d4a75f63167e62a12.exe
    "C:\Users\Admin\AppData\Local\Temp\74fa49f60a92b46d4a75f63167e62a12.exe"
    1⤵
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Windows\SysWOW64\tcpip.exe
      C:\Windows\system32\tcpip.exe 652 "C:\Users\Admin\AppData\Local\Temp\74fa49f60a92b46d4a75f63167e62a12.exe"
      2⤵
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Windows\SysWOW64\tcpip.exe
        C:\Windows\system32\tcpip.exe 704 "C:\Windows\SysWOW64\tcpip.exe"
        3⤵
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious use of WriteProcessMemory
        PID:1704
        • C:\Windows\SysWOW64\tcpip.exe
          C:\Windows\system32\tcpip.exe 696 "C:\Windows\SysWOW64\tcpip.exe"
          4⤵
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Loads dropped DLL
          • Drops file in System32 directory
          • Suspicious use of WriteProcessMemory
          PID:2012
          • C:\Windows\SysWOW64\tcpip.exe
            C:\Windows\system32\tcpip.exe 700 "C:\Windows\SysWOW64\tcpip.exe"
            5⤵
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Loads dropped DLL
            • Drops file in System32 directory
            • Suspicious use of WriteProcessMemory
            PID:1396
            • C:\Windows\SysWOW64\tcpip.exe
              C:\Windows\system32\tcpip.exe 692 "C:\Windows\SysWOW64\tcpip.exe"
              6⤵
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Loads dropped DLL
              • Drops file in System32 directory
              • Suspicious use of WriteProcessMemory
              PID:2068
              • C:\Windows\SysWOW64\tcpip.exe
                C:\Windows\system32\tcpip.exe 720 "C:\Windows\SysWOW64\tcpip.exe"
                7⤵
                • Executes dropped EXE
                • Identifies Wine through registry keys
                • Loads dropped DLL
                • Drops file in System32 directory
                • Suspicious use of WriteProcessMemory
                PID:2632
                • C:\Windows\SysWOW64\tcpip.exe
                  C:\Windows\system32\tcpip.exe 712 "C:\Windows\SysWOW64\tcpip.exe"
                  8⤵
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Loads dropped DLL
                  • Drops file in System32 directory
                  • Suspicious use of WriteProcessMemory
                  PID:2212
                  • C:\Windows\SysWOW64\tcpip.exe
                    C:\Windows\system32\tcpip.exe 716 "C:\Windows\SysWOW64\tcpip.exe"
                    9⤵
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Loads dropped DLL
                    • Drops file in System32 directory
                    • Suspicious use of WriteProcessMemory
                    PID:1540
                    • C:\Windows\SysWOW64\tcpip.exe
                      C:\Windows\system32\tcpip.exe 708 "C:\Windows\SysWOW64\tcpip.exe"
                      10⤵
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      PID:1980
                      • C:\Windows\SysWOW64\tcpip.exe
                        C:\Windows\system32\tcpip.exe 724 "C:\Windows\SysWOW64\tcpip.exe"
                        11⤵
                          PID:976

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\tcpip.exe
      Filesize

      67KB

      MD5

      84514f42d6bf0535a9866d8d986df5be

      SHA1

      97db297835bc65b96014a2d6e060572543c6588b

      SHA256

      5e61722bcb97241a213ad360e24d765b547c555763029d90d8a57d6a486e7ee9

      SHA512

      c87e2dc72e521fa9704e90cebae1776eb450fee58ea67e5ac3442800d2b2724ba015de10ed00f6358dca0e4c4bf018151d89379d4db2dfe489f028ade97f0323

      Download Submit
    • C:\Windows\SysWOW64\tcpip.exe
      Filesize

      168KB

      MD5

      7146727055d2904e0973775be0871b35

      SHA1

      f46fa308244aa15369a25e2d02ce7e32cd711ae7

      SHA256

      a574319af94966b237a0d5cb76d199524bc404474f47d48fb91f0c66897cf426

      SHA512

      8a49749ca67cf413e24f9c99329c1707395f4263b6ee0cf2e1654f3a748bcde91d14557eb138d1c0a57afd57af562327aea368d06f27231b4c351d7ed4737de2

      Download Submit
    • C:\Windows\SysWOW64\tcpip.exe
      Filesize

      347KB

      MD5

      1e3103b5f8a584b1ea0c0595d7d5d877

      SHA1

      2845de8cab566a00d3929c0dfeda1aed71bfb182

      SHA256

      9cd20abbb462bc1092c9e5fe8b14d6dadc1dd01f4ef189ae0b65caa0a52af440

      SHA512

      ab6c8924191aa50f2a727d4a05ec73a48595a966064b175f25ff4eae27ebb0226980558e21452f49e1e8b1ed9d2b87678d650fe498146939c4d06099778d1235

      Download Submit
    • C:\Windows\SysWOW64\tcpip.exe
      Filesize

      431KB

      MD5

      74fa49f60a92b46d4a75f63167e62a12

      SHA1

      f2bb1d660002e095e8026981ea31f872f1535bc9

      SHA256

      f687f07fb4757f2a43560c7e02e5aaa12f8e50c7ecb4d38a27307d87b8167f8d

      SHA512

      3fd3b151671cd51cb522f2afbbdb5137525905a85169576abfbf0c8b5880326afa57f51ee272a281474911b593b8e360c62652c30c48942099485fe6b15bb31b

      Download Submit
    • \Windows\SysWOW64\tcpip.exe
      Filesize

      99KB

      MD5

      60ad12795161ffdbd4be8192f92cb1b5

      SHA1

      c15d3a6dd57ea599210605e10923b2445bab90ec

      SHA256

      ac600706bff61c99955ffec5a2d4e9f55bd429e7a89dc2a6fdb2c690abb1f5f9

      SHA512

      c6181477b9bb46e26100f726980cdcd489d2f9b4b8d78b30a3d3f066d9a7985a5f134cb1de3b17583eb435dbbb59deee273415a47bf6a752760427e6e9263ddc

      Download Submit
    • \Windows\SysWOW64\tcpip.exe
      Filesize

      100KB

      MD5

      2db34b5063dcae5ba28ac0cd20e63c96

      SHA1

      00754e66265284e8e943752955940a4018b214e7

      SHA256

      e87656a5395c20f612c3aca0ad1977ba7aa005ae382117a748dcf0ebd8643d6b

      SHA512

      01f5345515b9940afea7213506c84bf5d4deb27fddc35cfa5a0f047baea5e1836fc1d7daea543b9082bc50a275e83b58797aa890458d5938679804e34fcf30af

      Download Submit
    • \Windows\SysWOW64\tcpip.exe
      Filesize

      179KB

      MD5

      e5dc35d860870eee45ce10ea8fdb6c55

      SHA1

      e0a504b6112367f62edd4d897d015d172c2610cb

      SHA256

      7612b7bfb5e4bde08aabb7ee78cfeb03e5810309148f49e9db9016a5a9a7ca81

      SHA512

      a65a7632ef273d4f0263e52a8d5ea89b84b62a51f9a93e8fcc8ea697d71a20cf26a3156c7ced14401ff6e1e6edf25a6a2a8dc92cdbc6bd6015030d2b6cf582a6

      Download Submit
    • \Windows\SysWOW64\tcpip.exe
      Filesize

      172KB

      MD5

      6045faa855eaa0d7790dd6b6f95fafef

      SHA1

      d8da0ba0d096eafd50005fd9e4f36b77753095dc

      SHA256

      d51b0aeb0923b644985692ddea1e7ce10d7b708deaff3a2234aaa8e0d6da59f6

      SHA512

      c41d49bf600ca7fb28749df13bddd958d468b366fbc27531fe8b251867daded12db4576eceb2bf85a72b74d0918df03d1b4aa20fde0ca807df7788655b25d744

      Download Submit
    • \Windows\SysWOW64\tcpip.exe
      Filesize

      45KB

      MD5

      b83c5da3613a566ec7cd04e5899893c4

      SHA1

      110852b058995ba9ea48b3704d2cd2f712426132

      SHA256

      7d0982d3afe4bcdf5e0a8c0d0dd5aaac5913bc72f5f262437785997d066a9f87

      SHA512

      618fcc561b65a315c1b09f3028efaa3d99bd052f41fe8e061f53c0e185c4d1feb1650a4dd638f712512f2dbbd74161f76d0eb7cb063d790e5a08eac2a6e89aa1

      Download Submit
    • \Windows\SysWOW64\tcpip.exe
      Filesize

      409KB

      MD5

      7d7da71f7c40acc9363edc3cebdeb0c0

      SHA1

      fa0a48c2e0425be4c6a57d9fe6e48f3e2597cc55

      SHA256

      703b212a8ebb06300cee98c6a014f20dec0b0cadcc1e32e86118c2acbb46a9dc

      SHA512

      fc313ae287b88a18802fb2da2dc2b4d8c9d08747018f17e198d6845005b76bedf6393104a8209cb341d7638637dfd7117d7f35a7f5a139505cac4ae76e529474

      Download Submit
    • \Windows\SysWOW64\tcpip.exe
      Filesize

      309KB

      MD5

      00ed0131f17079b953ea5405946ab683

      SHA1

      88aa01065d2a4dce55ffbb3c507bdad1bb68e8d2

      SHA256

      9e64cb1aaab650a39000f0f7a8d9055d6f97951a3d2d5bfa3836764558a6ecbc

      SHA512

      13fc1a224e06d8f563d7cfb1027a5a71a1b448192fcf1eee92b2a4876b97a130a2c087dc6d4dc699968f5b2267402969807f2552e7da30b5c0ae69828209a96c

      Download Submit
    • memory/976-249-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/1396-114-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/1540-205-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/1704-73-0x0000000004660000-0x00000000047AD000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/1704-66-0x0000000003C50000-0x0000000003C51000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1704-50-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/1704-72-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/1704-68-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/1704-52-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/1704-53-0x0000000003D00000-0x0000000003D02000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1704-54-0x0000000003C60000-0x0000000003C61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1704-67-0x0000000003C70000-0x0000000003C71000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1704-64-0x0000000003CA0000-0x0000000003CA2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1704-55-0x0000000003CF0000-0x0000000003CF1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1704-56-0x0000000003D20000-0x0000000003D21000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1704-57-0x0000000003D30000-0x0000000003D31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1704-58-0x0000000003BF0000-0x0000000003BF1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1704-59-0x0000000003C10000-0x0000000003C11000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1704-60-0x0000000003C00000-0x0000000003C01000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1704-61-0x0000000001F90000-0x0000000001F91000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1704-62-0x0000000003C40000-0x0000000003C41000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1704-63-0x0000000003C20000-0x0000000003C21000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1980-228-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2012-80-0x0000000003D40000-0x0000000003D41000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2012-77-0x0000000003C70000-0x0000000003C71000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2012-84-0x0000000003BE0000-0x0000000003BE1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2012-83-0x0000000003C10000-0x0000000003C11000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2012-91-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2012-75-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2012-76-0x0000000003D20000-0x0000000003D22000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2012-74-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2012-78-0x0000000003D10000-0x0000000003D11000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2012-79-0x0000000003D50000-0x0000000003D51000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2012-81-0x0000000003C00000-0x0000000003C01000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2012-82-0x0000000003C20000-0x0000000003C21000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2068-137-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2212-183-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2584-30-0x0000000003C70000-0x0000000003C71000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2584-39-0x0000000003C50000-0x0000000003C51000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2584-33-0x0000000003D40000-0x0000000003D41000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2584-34-0x00000000003F0000-0x00000000003F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2584-35-0x00000000005E0000-0x00000000005E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2584-36-0x00000000005D0000-0x00000000005D1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2584-51-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2584-37-0x00000000003E0000-0x00000000003E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2584-38-0x00000000005F0000-0x00000000005F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2584-46-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2584-31-0x0000000003CC0000-0x0000000003CC1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2584-28-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2584-29-0x0000000003CD0000-0x0000000003CD2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2584-27-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2584-41-0x0000000003CB0000-0x0000000003CB2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2584-40-0x0000000003C30000-0x0000000003C31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2584-45-0x0000000003C80000-0x0000000003C81000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2584-44-0x0000000003C60000-0x0000000003C61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2584-32-0x0000000003D30000-0x0000000003D31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2632-160-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2932-6-0x0000000003D20000-0x0000000003D21000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2932-4-0x0000000003CA0000-0x0000000003CA1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2932-43-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2932-5-0x0000000003D10000-0x0000000003D11000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2932-7-0x0000000003BF0000-0x0000000003BF1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2932-8-0x0000000003C10000-0x0000000003C11000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2932-9-0x0000000003C00000-0x0000000003C01000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2932-0-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2932-2-0x0000000003CF0000-0x0000000003CF2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2932-10-0x0000000003BE0000-0x0000000003BE1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2932-3-0x0000000003C50000-0x0000000003C51000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2932-26-0x0000000004600000-0x000000000474D000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/2932-11-0x0000000003C20000-0x0000000003C21000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2932-16-0x0000000003C90000-0x0000000003C92000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2932-17-0x0000000003C40000-0x0000000003C41000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2932-18-0x0000000003C60000-0x0000000003C61000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2932-12-0x0000000003C30000-0x0000000003C32000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2932-1-0x0000000000400000-0x000000000054D000-memory.dmp
      Filesize

      1.3MB

      Download