Overview

overview

8

Static

static

7

dfcb6fc752...c6.exe

windows7-x64

8

dfcb6fc752...c6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    173s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2024, 18:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dfcb6fc752ebeaf4d53f75aea06299c6.exe

  • Size

    1.9MB

  • MD5

    dfcb6fc752ebeaf4d53f75aea06299c6

  • SHA1

    90cdb5c750f47d4d27dff52ffffae17f6fb9de64

  • SHA256

    bd42d3db5c5a13028bcac1958aff1ef3b2c4ba7bb7bb5719f8b521f97dd51a78

  • SHA512

    339b07f849e58e87ea1796b81cd456d725535c09e2dcb2d52a813eb35b2ca2c1ffb3bde651cef5b4b6f66f534fc01a905005c6e0691da5f885738460c7a28c20

  • SSDEEP

    49152:Yoq37gR46arvwL47Os6Cy3bbBumUiA6FxOvIfstcDn:/rRMrvZHnmUN6FxOv0st8n

Score
7/10
evasionupx

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 2 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • UPX packed file 17 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dfcb6fc752ebeaf4d53f75aea06299c6.exe
    "C:\Users\Admin\AppData\Local\Temp\dfcb6fc752ebeaf4d53f75aea06299c6.exe"
    1⤵
    • Identifies Wine through registry keys
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2652

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\uTorrent\settings.dat.old
          Filesize

          7KB

          MD5

          85666e6a0492cb23c41d641f19f5522e

          SHA1

          04e9d9b1a456fdafa572408269320f8203f003e7

          SHA256

          85b180c4e9a5b6750044ffa0e3bbd0524a38ac46c30fb8dab41907d288e68de8

          SHA512

          dc61c96e000ba03a7723aa0736c77427fcb6f60c96ff96850aff4e7c31748ba262bdd501e9690ba675c1b183ad769c45513110af40232c3e0c2c2d8faceb21f3

          Download Submit

        • C:\Users\Admin\AppData\Roaming\uTorrent\toolbar.benc.new
          Filesize

          170B

          MD5

          d2823ace28e6c8a98bd9539ae158e882

          SHA1

          86aa91039b0140c3cc253d3a99d61f0169d521ed

          SHA256

          1999839c286b493d6ae74a73061e3a35588af5a80e2af43c334ebc206a0b6b62

          SHA512

          6c4e8fbd04da5211bf43c3d8422c26762c568fbb0dcd331bb4de8af21ef6a4b7ad676b8a0b0825f2e6c906edf755795e96ecffd4ed5381222243b5498c4d716c

          Download Submit

        • memory/2652-33-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-36-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-29-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-30-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-31-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-32-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-0-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-34-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-35-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-14-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-37-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-38-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-39-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-40-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-41-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-42-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/2652-43-0x0000000000400000-0x000000000092E000-memory.dmp

          Filesize

          5.2MB

          Download