Overview

overview

7

Static

static

7

2723afd616...77.exe

windows7-x64

7

2723afd616...77.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    07-07-2024 02:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2723afd616f4c4d0e3558e449f846577.exe

  • Size

    1.5MB

  • MD5

    2723afd616f4c4d0e3558e449f846577

  • SHA1

    d4a0595bc73d96cb50c6a618c39ea0e106f4f328

  • SHA256

    365af944717c0b0e726c6c01d8ed882644cf84d940153fc8b56c38be388f4367

  • SHA512

    2b31924f0b5bc1f9000ce55e49cca0006d2292fb27e5a57aca104dda84e4e29d5a16c76385ccc9a28fce17f969d746cfc0778e03772c85af61741380bddc354b

  • SSDEEP

    24576:HHpfP4sz2QDGfo3xTAZkBingmtN3A79JMFJEzqiDV/yAaQlMfkc5O+JxfSbNf:pfP4MIkAZkcnx5Ez9D5bQf7fShf

Score
7/10
evasionthemida

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2723afd616f4c4d0e3558e449f846577.exe
    "C:\Users\Admin\AppData\Local\Temp\2723afd616f4c4d0e3558e449f846577.exe"
    1⤵
    • Identifies Wine through registry keys
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2872
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 384
      2⤵
      • Program crash
      PID:2572

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2872-0-0x0000000000400000-0x00000000006CDB00-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2872-1-0x0000000000880000-0x0000000000881000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2872-2-0x0000000001FA0000-0x000000000209F000-memory.dmp

    Filesize

    1020KB

    Download

  • memory/2872-3-0x0000000000400000-0x00000000006CDB00-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2872-5-0x0000000000401000-0x0000000000408000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2872-4-0x0000000005200000-0x0000000005202000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2872-6-0x0000000000400000-0x00000000006CDB00-memory.dmp

    Filesize

    2.8MB

    Download

  • memory/2872-8-0x0000000000880000-0x0000000000881000-memory.dmp

    Filesize

    4KB

    Download