Overview

overview

10

Static

static

wotsuper2.exe

windows7_x64

10

wotsuper2.exe

windows10_x64

1

Analysis

  • max time kernel
    96s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v200217
  • submitted
    18-02-2020 15:12

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wotsuper2.exe

  • Size

    1.9MB

  • MD5

    864caa3b81740d39b069b9cbb2e67d31

  • SHA1

    bdbf23ef85d6f0ead1482f2c06ea9dcc9f9bda53

  • SHA256

    32f98310a458d19c44263eb456e19ee2d6d16a3d096d9416596c7f24eb0d3074

  • SHA512

    b7a297e4486e17f141fdd45922a74fa4939c3172c8fc54ff91c8489e02cd658f9ede3a98c65e33b9d48ab4e40a867372e6b7407134734160c56bfb172a98e462

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Delays execution with timeout.exe 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\wotsuper2.exe
    "C:\Users\Admin\AppData\Local\Temp\wotsuper2.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3732
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c TimeOut 1 & Del /F "C:\Users\Admin\AppData\Local\Temp\wotsuper2.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3120
      • C:\Windows\SysWOW64\timeout.exe
        TimeOut 1
        3⤵
        • Delays execution with timeout.exe
        PID:3096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads