Overview

overview

10

Static

static

3

b1e3fbbb88...30.exe

windows7-x64

10

b1e3fbbb88...30.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-03-2024 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b1e3fbbb8813acc2b9daeb1c78469f30.exe

  • Size

    837KB

  • MD5

    b1e3fbbb8813acc2b9daeb1c78469f30

  • SHA1

    258f626b93291317117c1959684e5930d3ad625f

  • SHA256

    713144aa689863bfb8a36e05933bc3e49283d2ec7a95063f304edde93d35e379

  • SHA512

    b7148e2c0c016510dce33b0284e76fa1b92de9bddfb409fbb35c6b86b3919a17a9436f03034ad6bc5fdc75f76a17c337ca2acd310809f06c9795e8eaac63fca3

  • SSDEEP

    24576:x/Jq49kTXVType+AvDsvmW/8rgIysIYkr55HR8:XncXVType+AvDs/1IZkr5j8

Score
10/10
evasiontrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\b1e3fbbb8813acc2b9daeb1c78469f30.exe
    "C:\Users\Admin\AppData\Local\Temp\b1e3fbbb8813acc2b9daeb1c78469f30.exe"
    1⤵
    • UAC bypass
    • Identifies Wine through registry keys
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • System policy modification
    PID:2368

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2368-0-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-1-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-2-0x0000000003FB0000-0x0000000003FB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-15-0x0000000004110000-0x0000000004111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-14-0x0000000004000000-0x0000000004001000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-13-0x0000000003FD0000-0x0000000003FD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-12-0x0000000004010000-0x0000000004011000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-16-0x00000000040E0000-0x00000000040E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-11-0x00000000042F0000-0x00000000042F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-10-0x0000000004100000-0x0000000004101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-9-0x0000000004020000-0x0000000004021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-8-0x0000000004130000-0x0000000004131000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-7-0x0000000004120000-0x0000000004121000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-6-0x0000000003FC0000-0x0000000003FC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-5-0x0000000004070000-0x0000000004072000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2368-4-0x00000000042D0000-0x00000000042D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-3-0x00000000042E0000-0x00000000042E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-17-0x00000000040B0000-0x00000000040B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2368-18-0x00000000040D0000-0x00000000040D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-19-0x00000000040A0000-0x00000000040A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-20-0x0000000004250000-0x0000000004251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-21-0x00000000040C0000-0x00000000040C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-23-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-24-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-25-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-26-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-27-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-28-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-29-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-30-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-31-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-32-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-33-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-34-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-35-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-36-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-37-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2368-38-0x0000000000400000-0x00000000005D7000-memory.dmp

    Filesize

    1.8MB

    Download