Overview

overview

7

Static

static

3

bf7aa0624c...3b.exe

windows7-x64

7

bf7aa0624c...3b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-03-2024 01:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf7aa0624c22cef01eea0407bce9ca3b.exe

  • Size

    456KB

  • MD5

    bf7aa0624c22cef01eea0407bce9ca3b

  • SHA1

    e7a37bd41122b08e9b86c9fdfb98dadb789b7f92

  • SHA256

    fa58dac3c6a7a4e3ba1c7a4bbad5682bef6a55b4ffcc47d8c020b541b5846fe6

  • SHA512

    144729449ab689d315bee23509c3152600812145ec41557e06e3ea95f5787c5ce82a4d425bd1bb44bc79ffe8b1f510b595cc863066aa23f2ae312ac378449890

  • SSDEEP

    12288:4chdEKXcL1BtjxV8h5SFsyY/idP8epE4lK:xS061BZx2LyEX4lK

Score
7/10
evasion

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Identifies Wine through registry keys 2 TTPs 6 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 12 IoCs
  • Drops file in System32 directory 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 48 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf7aa0624c22cef01eea0407bce9ca3b.exe
    "C:\Users\Admin\AppData\Local\Temp\bf7aa0624c22cef01eea0407bce9ca3b.exe"
    1⤵
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Windows\SysWOW64\fixweb.exe
      C:\Windows\system32\fixweb.exe -bai C:\Users\Admin\AppData\Local\Temp\bf7aa0624c22cef01eea0407bce9ca3b.exe
      2⤵
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Windows\SysWOW64\fixweb.exe
        C:\Windows\system32\fixweb.exe -bai C:\Windows\SysWOW64\fixweb.exe
        3⤵
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2708
        • C:\Windows\SysWOW64\fixweb.exe
          C:\Windows\system32\fixweb.exe -bai C:\Windows\SysWOW64\fixweb.exe
          4⤵
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Loads dropped DLL
          • Drops file in System32 directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1400
          • C:\Windows\SysWOW64\fixweb.exe
            C:\Windows\system32\fixweb.exe -bai C:\Windows\SysWOW64\fixweb.exe
            5⤵
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Loads dropped DLL
            • Drops file in System32 directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2348
            • C:\Windows\SysWOW64\fixweb.exe
              C:\Windows\system32\fixweb.exe -bai C:\Windows\SysWOW64\fixweb.exe
              6⤵
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Loads dropped DLL
              • Drops file in System32 directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:3068
              • C:\Windows\SysWOW64\fixweb.exe
                C:\Windows\system32\fixweb.exe -bai C:\Windows\SysWOW64\fixweb.exe
                7⤵
                • Executes dropped EXE
                PID:2992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\fixweb.exe
    Filesize

    456KB

    MD5

    bf7aa0624c22cef01eea0407bce9ca3b

    SHA1

    e7a37bd41122b08e9b86c9fdfb98dadb789b7f92

    SHA256

    fa58dac3c6a7a4e3ba1c7a4bbad5682bef6a55b4ffcc47d8c020b541b5846fe6

    SHA512

    144729449ab689d315bee23509c3152600812145ec41557e06e3ea95f5787c5ce82a4d425bd1bb44bc79ffe8b1f510b595cc863066aa23f2ae312ac378449890

    Download Submit

  • memory/1400-77-0x0000000003D60000-0x0000000003D61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-84-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1400-72-0x0000000003D30000-0x0000000003D31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-71-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-70-0x00000000020D0000-0x00000000020D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-69-0x0000000003D50000-0x0000000003D51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-68-0x00000000020C0000-0x00000000020C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1400-67-0x0000000003D00000-0x0000000003D01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-66-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1400-73-0x00000000020E0000-0x00000000020E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-74-0x0000000003D80000-0x0000000003D81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-76-0x0000000003D40000-0x0000000003D41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-75-0x00000000006D0000-0x00000000006D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-65-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1400-78-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1400-79-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1400-80-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1400-81-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2320-13-0x0000000004380000-0x000000000456B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2320-9-0x0000000003DA0000-0x0000000003DA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2320-5-0x0000000003CA0000-0x0000000003CA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2320-8-0x0000000003CB0000-0x0000000003CB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2320-3-0x0000000003C90000-0x0000000003C92000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2320-6-0x0000000003CD0000-0x0000000003CD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2320-4-0x0000000003D80000-0x0000000003D81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2320-2-0x0000000003D30000-0x0000000003D31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2320-0-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2320-1-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2320-12-0x0000000003C80000-0x0000000003C81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2320-21-0x0000000004380000-0x000000000456B000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2320-20-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2320-7-0x0000000003D60000-0x0000000003D61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-104-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2348-100-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2348-98-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2348-90-0x0000000003D80000-0x0000000003D81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-87-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2348-91-0x0000000000700000-0x0000000000701000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2348-86-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2348-89-0x00000000006F0000-0x00000000006F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2348-88-0x0000000003CF0000-0x0000000003CF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2592-24-0x0000000003D40000-0x0000000003D41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2592-42-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2592-22-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2592-28-0x0000000003DB0000-0x0000000003DB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2592-27-0x0000000003D20000-0x0000000003D21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2592-26-0x0000000003DD0000-0x0000000003DD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2592-25-0x0000000003CD0000-0x0000000003CD2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2592-23-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2592-29-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2592-30-0x0000000003CF0000-0x0000000003CF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2592-31-0x0000000003E00000-0x0000000003E01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2592-34-0x0000000003DC0000-0x0000000003DC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2592-33-0x0000000003CC0000-0x0000000003CC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2592-35-0x0000000003DE0000-0x0000000003DE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2592-36-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2592-37-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2592-38-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2592-39-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2708-52-0x00000000006C0000-0x00000000006C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-53-0x0000000003D50000-0x0000000003D51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-51-0x0000000003D10000-0x0000000003D11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-50-0x0000000000910000-0x0000000000912000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2708-49-0x00000000006B0000-0x00000000006B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-48-0x0000000003D20000-0x0000000003D21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-47-0x00000000003F0000-0x00000000003F2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2708-46-0x0000000000930000-0x0000000000931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-45-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2708-54-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-61-0x0000000003CF0000-0x0000000003CF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-44-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2708-63-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2708-59-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2708-58-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2708-57-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2708-56-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2708-55-0x0000000003D30000-0x0000000003D31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3068-120-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3068-122-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/3068-126-0x0000000000400000-0x00000000005EB000-memory.dmp

    Filesize

    1.9MB

    Download