Analysis
-
max time kernel
154s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
20/10/2022, 20:28
Static task
static1
Behavioral task
behavioral1
Sample
3444c223866508d0bd3e1ff4d5ebedb5455202e1ec4744291707bb92814f18fa.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3444c223866508d0bd3e1ff4d5ebedb5455202e1ec4744291707bb92814f18fa.exe
Resource
win10v2004-20220812-en
General
-
Target
3444c223866508d0bd3e1ff4d5ebedb5455202e1ec4744291707bb92814f18fa.exe
-
Size
120KB
-
MD5
5c3d6d88bbde637f300008527b3c87e0
-
SHA1
6f4aa6bf55c72e84bc39924d29e14842768d2ee3
-
SHA256
3444c223866508d0bd3e1ff4d5ebedb5455202e1ec4744291707bb92814f18fa
-
SHA512
56c2fad25ac9b25dc551eb0c736bf76e58fe1293ce143acffa6ee890f6d44504022c6b7166b6782d33d5010348e1d318121a0346facaf2bbe1fd5e7cc61f5fdd
-
SSDEEP
1536:IVeXBz803YBaB8TMEz8t8jWYCMNBvEKstOcnt3NrIOCFnToIfoth:dB/ft8CYCMNBMKstOqt3NdCtTBfoth
Malware Config
Signatures
-
Sets DLL path for service in the registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility\Parameters\ServiceDll = "C:\\Windows\\ime\\wmimachine2.dll" 3444c223866508d0bd3e1ff4d5ebedb5455202e1ec4744291707bb92814f18fa.exe -
Loads dropped DLL 1 IoCs
pid Process 5104 svchost.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\ime\wmimachine2.dll 3444c223866508d0bd3e1ff4d5ebedb5455202e1ec4744291707bb92814f18fa.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3444c223866508d0bd3e1ff4d5ebedb5455202e1ec4744291707bb92814f18fa.exe"C:\Users\Admin\AppData\Local\Temp\3444c223866508d0bd3e1ff4d5ebedb5455202e1ec4744291707bb92814f18fa.exe"1⤵
- Sets DLL path for service in the registry
- Drops file in Windows directory
PID:4364
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k netsvcs -s FastUserSwitchingCompatibility1⤵
- Loads dropped DLL
PID:5104
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
76KB
MD50eb198c23b3c0039673380b12025a788
SHA1851bf54eb673c601ce9cd3effff78b65eefd5d61
SHA256fbf076e629db5c1daee61fb6a9844e294f07d08e8bb53b8903d65dfdaa610efc
SHA512d2ad581d94726f6611a507dd34b24528d70e62e0224914f77d7ffe8407543712f99bf9bcc5feb29660aa6a7a8d067bdb2beab06c85b157c7f0e8c4320cfc2bb6
-
Filesize
76KB
MD50eb198c23b3c0039673380b12025a788
SHA1851bf54eb673c601ce9cd3effff78b65eefd5d61
SHA256fbf076e629db5c1daee61fb6a9844e294f07d08e8bb53b8903d65dfdaa610efc
SHA512d2ad581d94726f6611a507dd34b24528d70e62e0224914f77d7ffe8407543712f99bf9bcc5feb29660aa6a7a8d067bdb2beab06c85b157c7f0e8c4320cfc2bb6