Analysis

  • max time kernel
    141s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/10/2024, 18:51

General

  • Target

    d3a7209f9a7c89c8d9fbdc7b3a911951986cd9fef9d05969308eb6b639d625de.exe

  • Size

    567KB

  • MD5

    c2bcd5af2a6765baf63e04aacb55eddd

  • SHA1

    3dae1ad687519b757c4f90a8cd60b453e110bd9f

  • SHA256

    d3a7209f9a7c89c8d9fbdc7b3a911951986cd9fef9d05969308eb6b639d625de

  • SHA512

    bc69dead4b7618d801788ec96ebdbba89f39df033b4654aee3db071dd14758248c59d7934f1055094e05bc30849dd11b3b2e1991acdd1b3c09ebd98d3e0ef556

  • SSDEEP

    6144:KT0Ot6cbZYvYD0XYpkjLuQp1tKx4brje8x:KVz+vYAXYpkjD1fPje8x

Score
7/10

Malware Config

Signatures

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3a7209f9a7c89c8d9fbdc7b3a911951986cd9fef9d05969308eb6b639d625de.exe
    "C:\Users\Admin\AppData\Local\Temp\d3a7209f9a7c89c8d9fbdc7b3a911951986cd9fef9d05969308eb6b639d625de.exe"
    1⤵
    • Identifies Wine through registry keys
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3544

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3544-0-0x00007FF765660000-0x00007FF7656BF000-memory.dmp

          Filesize

          380KB