Analysis
-
max time kernel
150s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06-02-2023 09:59
Static task
static1
Behavioral task
behavioral1
Sample
WindowUpdateBlocker/Wub.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
WindowUpdateBlocker/Wub.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
WindowUpdateBlocker/Wub_x64.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
WindowUpdateBlocker/Wub_x64.exe
Resource
win10v2004-20221111-en
General
-
Target
WindowUpdateBlocker/Wub_x64.exe
-
Size
924KB
-
MD5
418dff42eea894a227f78935fbd8b059
-
SHA1
24c587c6f765bbbbe70f0d4c2f3a8654e8667a25
-
SHA256
bf79bb5da35061353485c7369cc5ecc9cecc79de7543bd71ce73f7192d0f6ec3
-
SHA512
ce7f3281dae81006edd545442d32cfe4ffa706964a0a8fc6e8c768fa1ca8a6b92a05a052b57849a73a5d6ecc70c1e4be3a858ddaae21f59a351ee226e248468d
-
SSDEEP
24576:q2DW/xbgX2YIbBQsu3/PNLKQ4HyAvsT7GUcUHJb:q2EUXgQsW/PNWQojUcUpb
Malware Config
Signatures
-
Modifies security service 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wuauserv\Start = "4" Wub_x64.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 968 Wub_x64.exe