Analysis
-
max time kernel
141s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
17/10/2024, 18:51
Static task
static1
Behavioral task
behavioral1
Sample
d3a7209f9a7c89c8d9fbdc7b3a911951986cd9fef9d05969308eb6b639d625de.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
d3a7209f9a7c89c8d9fbdc7b3a911951986cd9fef9d05969308eb6b639d625de.exe
Resource
win10v2004-20241007-en
General
-
Target
d3a7209f9a7c89c8d9fbdc7b3a911951986cd9fef9d05969308eb6b639d625de.exe
-
Size
567KB
-
MD5
c2bcd5af2a6765baf63e04aacb55eddd
-
SHA1
3dae1ad687519b757c4f90a8cd60b453e110bd9f
-
SHA256
d3a7209f9a7c89c8d9fbdc7b3a911951986cd9fef9d05969308eb6b639d625de
-
SHA512
bc69dead4b7618d801788ec96ebdbba89f39df033b4654aee3db071dd14758248c59d7934f1055094e05bc30849dd11b3b2e1991acdd1b3c09ebd98d3e0ef556
-
SSDEEP
6144:KT0Ot6cbZYvYD0XYpkjLuQp1tKx4brje8x:KVz+vYAXYpkjD1fPje8x
Malware Config
Signatures
-
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Wine\WineFile d3a7209f9a7c89c8d9fbdc7b3a911951986cd9fef9d05969308eb6b639d625de.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ d3a7209f9a7c89c8d9fbdc7b3a911951986cd9fef9d05969308eb6b639d625de.exe Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ d3a7209f9a7c89c8d9fbdc7b3a911951986cd9fef9d05969308eb6b639d625de.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3544 d3a7209f9a7c89c8d9fbdc7b3a911951986cd9fef9d05969308eb6b639d625de.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d3a7209f9a7c89c8d9fbdc7b3a911951986cd9fef9d05969308eb6b639d625de.exe"C:\Users\Admin\AppData\Local\Temp\d3a7209f9a7c89c8d9fbdc7b3a911951986cd9fef9d05969308eb6b639d625de.exe"1⤵
- Identifies Wine through registry keys
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3544