Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/03/2024, 15:41
Static task
static1
Behavioral task
behavioral1
Sample
b7c423fb8e86cdf4be05af2550c602c9.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b7c423fb8e86cdf4be05af2550c602c9.exe
Resource
win10v2004-20240226-en
General
-
Target
b7c423fb8e86cdf4be05af2550c602c9.exe
-
Size
937KB
-
MD5
b7c423fb8e86cdf4be05af2550c602c9
-
SHA1
ba9edf8942935d9a8ba1f4b17057043f745b0b72
-
SHA256
e46d7d8193a7dd2e0cf6191973631e085d0762e4d7c48cc0bebfbaf64fa2fcdc
-
SHA512
2dde4b26cdf6ca85d0aec5197aba93a407c7b0299f2de297b720ab2af905f98e7d9406bdd3590da5845cc0753ad88712ffe2899f37f3c830722cde5710dc0e9f
-
SSDEEP
24576:YmegShTwRC2c0iqoXez7/cYz0ODLPOwSYFH8RuR3qCr:degSRw3cbez7EY9DLGwhH3qC
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Wine b7c423fb8e86cdf4be05af2550c602c9.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 2692 b7c423fb8e86cdf4be05af2550c602c9.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2692 b7c423fb8e86cdf4be05af2550c602c9.exe