Analysis

  • max time kernel
    190s
  • max time network
    194s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 21:59

General

  • Target

    wenminggd_sl.exe

  • Size

    1.2MB

  • MD5

    ef6a20847627d443f906f0cbb3f4c1b4

  • SHA1

    836a2433a7e36db59ecab3de9c39bac9e36ca6f8

  • SHA256

    14fa59defe7e2c25cfa52bcab6e5ef6b635882aeafbe4a9f86215d363978594e

  • SHA512

    c1d9f4ec29c28bce2a5488aca5eb3e2120e1bf9499819832195c360423ee1e535889f958d4e43fa2981a5d9767bd446df498090f2ffb24b453c9166a40d8da8f

  • SSDEEP

    24576:vp5UAiLo6HPk0aBTN+YMV1Vx6AGOqfIe7VKG3u:v4SF0sBM1VyOq7KR

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wenminggd_sl.exe
    "C:\Users\Admin\AppData\Local\Temp\wenminggd_sl.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4648

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads