Static

static

winserv.exe

windows7_x64

7

winserv.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    winserv

  • Size

    2.7MB

  • Sample

    201203-vhn6pa2qge

  • MD5

    cf2ab077a46219b6ce4a53517dd489ea

  • SHA1

    651b8d1377910e4728e85dcd231e269313ab9e1d

  • SHA256

    609b0a416f9b16a6df9b967dc32cd739402af31566e019a8fb8abdf3cb573e30

  • SHA512

    53fb1ac822467168ea8e7abdd72c78cdd90070b10773ce8c700c6784ab4cc3a03eb53887d158ce3a27779a5fbcf3300d2ccbedab79a34bfd42ddc91f68dbdad7

Score
10/10

Malware Config

Targets

    • Target

      winserv

    • Size

      2.7MB

    • MD5

      cf2ab077a46219b6ce4a53517dd489ea

    • SHA1

      651b8d1377910e4728e85dcd231e269313ab9e1d

    • SHA256

      609b0a416f9b16a6df9b967dc32cd739402af31566e019a8fb8abdf3cb573e30

    • SHA512

      53fb1ac822467168ea8e7abdd72c78cdd90070b10773ce8c700c6784ab4cc3a03eb53887d158ce3a27779a5fbcf3300d2ccbedab79a34bfd42ddc91f68dbdad7

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks