Analysis
-
max time kernel
141s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
28/01/2024, 20:23
General
-
Target
7de99818c62f9caa2342700c6659d215.exe
-
Size
528KB
-
MD5
7de99818c62f9caa2342700c6659d215
-
SHA1
6d26cec0a22ebbd7db65bb2168490974869fd7c5
-
SHA256
14d561e07ac0746d38844098fb52618d8ee20484927bd2ad4ffd26dde3ef7ad3
-
SHA512
d169c97cbd505b42d2a7a47c684f16cfd26da3eb5bb3d49ca6fca644e94872914818af613d838555a7fc54f88d11628aa7de10bb21f769f86b399545a8e0fba0
-
SSDEEP
12288:AeQvT9K0yv0BvmSO1uyV0JrZk7veGyslP9vgVcyO1Hlmo+c:BQxju0pmX1utZIvj/x1Hoo+
Score
7/10
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of SetThreadContext 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7de99818c62f9caa2342700c6659d215.exe"C:\Users\Admin\AppData\Local\Temp\7de99818c62f9caa2342700c6659d215.exe"1⤵
- Identifies Wine through registry keys
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7de99818c62f9caa2342700c6659d215.exe"C:\Users\Admin\AppData\Local\Temp\7de99818c62f9caa2342700c6659d215.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 363⤵
- Program crash
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
568KB
-
Filesize
568KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
568KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
568KB
-
Filesize
4KB
-
Filesize
12KB
-
Filesize
12KB
-
Filesize
12KB
-
Filesize
12KB
-
Filesize
12KB
-
Filesize
12KB
-
Filesize
12KB
-
Filesize
8KB