Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 15:41

General

  • Target

    b7c423fb8e86cdf4be05af2550c602c9.exe

  • Size

    937KB

  • MD5

    b7c423fb8e86cdf4be05af2550c602c9

  • SHA1

    ba9edf8942935d9a8ba1f4b17057043f745b0b72

  • SHA256

    e46d7d8193a7dd2e0cf6191973631e085d0762e4d7c48cc0bebfbaf64fa2fcdc

  • SHA512

    2dde4b26cdf6ca85d0aec5197aba93a407c7b0299f2de297b720ab2af905f98e7d9406bdd3590da5845cc0753ad88712ffe2899f37f3c830722cde5710dc0e9f

  • SSDEEP

    24576:YmegShTwRC2c0iqoXez7/cYz0ODLPOwSYFH8RuR3qCr:degSRw3cbez7EY9DLGwhH3qC

Score
7/10

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7c423fb8e86cdf4be05af2550c602c9.exe
    "C:\Users\Admin\AppData\Local\Temp\b7c423fb8e86cdf4be05af2550c602c9.exe"
    1⤵
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2692

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2692-0-0x0000000000400000-0x00000000005C5000-memory.dmp

          Filesize

          1.8MB

        • memory/2692-1-0x0000000000400000-0x00000000005C5000-memory.dmp

          Filesize

          1.8MB