452d8b86f670b835aad15c6cfc8a318b3ea378de24040e95a917aef4674ccd9d

General

Target

a795587152419b35c1880ba782688016.exe
Size

1.3MB
MD5

a795587152419b35c1880ba782688016
SHA1

4701178e52fd1b14ae483dd69a89dd506b6cdfeb
SHA256

452d8b86f670b835aad15c6cfc8a318b3ea378de24040e95a917aef4674ccd9d
SHA512

1e63e14735f9af1dd94f67a9c0037d500008836f38742063e3e2fedd7fcbdab62447cc8178731d8c5380a45721a722da1697f15c62e082f1be54ab8894f4884e
SSDEEP

24576:iQg65nDiUy93pcpA/7ymBGDEIda6VXj4a2f9v4zmgQnkYag5Hom5pzvnenYEs:iQgMXy95uAToEIda6eag4zmIYaeHtpyi

Score

7^/10

evasion

Malware Config

Signatures

Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

a795587152419b35c1880ba782688016.exe

description ioc process

Key opened \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Wine a795587152419b35c1880ba782688016.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Software\Wine	a795587152419b35c1880ba782688016.exe

C:\Users\Admin\AppData\Local\Temp\a795587152419b35c1880ba782688016.exe
"C:\Users\Admin\AppData\Local\Temp\a795587152419b35c1880ba782688016.exe"
1⤵
- Identifies Wine through registry keys
PID:3116

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

1

T1012

Virtualization/Sandbox Evasion

1

T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3116-0-0x0000000000400000-0x00000000006C0000-memory.dmp

Filesize
2.8MB

Download
memory/3116-1-0x0000000002470000-0x00000000024CA000-memory.dmp

Filesize
360KB

Download
memory/3116-2-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/3116-4-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/3116-3-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/3116-5-0x0000000002700000-0x0000000002701000-memory.dmp

Filesize
4KB

Download
memory/3116-6-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/3116-8-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/3116-7-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/3116-9-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/3116-11-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-10-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/3116-12-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-13-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-15-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-14-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-19-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-20-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-18-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-21-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-17-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-16-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-23-0x0000000002730000-0x0000000002731000-memory.dmp

Filesize
4KB

Download
memory/3116-22-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/3116-24-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/3116-25-0x0000000000400000-0x00000000006C0000-memory.dmp

Filesize
2.8MB

Download
memory/3116-26-0x0000000002470000-0x00000000024CA000-memory.dmp

Filesize
360KB

Download
memory/3116-29-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/3116-28-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/3116-31-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-30-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-32-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-33-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-35-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-34-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-37-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-36-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-38-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-39-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-41-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-40-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-42-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-43-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-44-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-45-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/3116-47-0x0000000002730000-0x0000000002731000-memory.dmp

Filesize
4KB

Download
memory/3116-46-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing