Analysis

  • max time kernel
    154s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 20:28

General

  • Target

    3444c223866508d0bd3e1ff4d5ebedb5455202e1ec4744291707bb92814f18fa.exe

  • Size

    120KB

  • MD5

    5c3d6d88bbde637f300008527b3c87e0

  • SHA1

    6f4aa6bf55c72e84bc39924d29e14842768d2ee3

  • SHA256

    3444c223866508d0bd3e1ff4d5ebedb5455202e1ec4744291707bb92814f18fa

  • SHA512

    56c2fad25ac9b25dc551eb0c736bf76e58fe1293ce143acffa6ee890f6d44504022c6b7166b6782d33d5010348e1d318121a0346facaf2bbe1fd5e7cc61f5fdd

  • SSDEEP

    1536:IVeXBz803YBaB8TMEz8t8jWYCMNBvEKstOcnt3NrIOCFnToIfoth:dB/ft8CYCMNBMKstOqt3NdCtTBfoth

Score
8/10

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3444c223866508d0bd3e1ff4d5ebedb5455202e1ec4744291707bb92814f18fa.exe
    "C:\Users\Admin\AppData\Local\Temp\3444c223866508d0bd3e1ff4d5ebedb5455202e1ec4744291707bb92814f18fa.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Drops file in Windows directory
    PID:4364
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs -s FastUserSwitchingCompatibility
    1⤵
    • Loads dropped DLL
    PID:5104

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\IME\wmimachine2.dll

          Filesize

          76KB

          MD5

          0eb198c23b3c0039673380b12025a788

          SHA1

          851bf54eb673c601ce9cd3effff78b65eefd5d61

          SHA256

          fbf076e629db5c1daee61fb6a9844e294f07d08e8bb53b8903d65dfdaa610efc

          SHA512

          d2ad581d94726f6611a507dd34b24528d70e62e0224914f77d7ffe8407543712f99bf9bcc5feb29660aa6a7a8d067bdb2beab06c85b157c7f0e8c4320cfc2bb6

        • \??\c:\windows\ime\wmimachine2.dll

          Filesize

          76KB

          MD5

          0eb198c23b3c0039673380b12025a788

          SHA1

          851bf54eb673c601ce9cd3effff78b65eefd5d61

          SHA256

          fbf076e629db5c1daee61fb6a9844e294f07d08e8bb53b8903d65dfdaa610efc

          SHA512

          d2ad581d94726f6611a507dd34b24528d70e62e0224914f77d7ffe8407543712f99bf9bcc5feb29660aa6a7a8d067bdb2beab06c85b157c7f0e8c4320cfc2bb6