Overview

overview

9

Static

static

3

Windows 10.exe

windows10-1703-x64

9

Resubmissions

14/06/2024, 23:03

240614-21q49stcrn 9

14/06/2024, 23:00

240614-2yyrbszcjg 9

Analysis

  • max time kernel
    37s
  • max time network
    21s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-es
  • resource tags

    arch:x64arch:x86image:win10-20240611-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    14/06/2024, 23:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Windows 10.exe

  • Size

    35.2MB

  • MD5

    668831eccb6ad2aaa9076ed15cff3307

  • SHA1

    55234ef348377f7526c4f2518cba51b210196269

  • SHA256

    492c786363043908fc1c1dc8ce79e0e1adbf35d37ff18f56c892245e3599de8a

  • SHA512

    b9c9f05d8724fcf941a464cde2da4a0b35d71d84d03e63e4a0462378e1e2f08704d3d30c2808c55628f1d7c6212160eb0467391c282b18a8aea2b0fda6ab8b17

  • SSDEEP

    786432:zzh1j9tqVR8PeTOyQTRNPS1+/4H96h+GCd8Qt+K8HAmScYOm0EwUKHANFYCuo:zl1R1eTXQTPqU/4d6hwdj8gmtdm0qp3

Score
9/10
evasion

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Windows 10.exe
    "C:\Users\Admin\AppData\Local\Temp\Windows 10.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Identifies Wine through registry keys
    PID:788
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 304
      2⤵
      • Program crash
      PID:3552
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3616
    • C:\Windows\System32\winver.exe
      "C:\Windows\System32\winver.exe"
      1⤵
        PID:5044

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/788-0-0x0000000000400000-0x0000000002ED9000-memory.dmp

              Filesize

              42.8MB

              Download

            • memory/788-1-0x0000000000400000-0x0000000002ED9000-memory.dmp

              Filesize

              42.8MB

              Download