b34f463e49ee79001e38c0a2bb70af2a54c0eda036934eedcc22440220d7809e

Analysis

max time kernel
135s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2023 12:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wub_x64.exe
Size

913KB
MD5

4de68a46a3c3d4104aa3609c9004238b
SHA1

ab69dca72f1cc0ca0a1a74de5ccaa62bf95591ad
SHA256

b34f463e49ee79001e38c0a2bb70af2a54c0eda036934eedcc22440220d7809e
SHA512

9ac302a39f0f4fb5c439191cd39f4465f8c2d4c92c00295bbedc7c9e8c6401e2dca5675b99704acde62cee7d1081a26d6b92875cb9c87557065d2c6b69c1ac04
SSDEEP

24576:G2DW/xbzX2YIbfQsu3/PNLaQwHyQqJTREPV1HD:G2EPXSQsW/PNOQA9zN1j

Score

10^/10

evasion

Malware Config

Signatures

Modifies security service 2 TTPs 1 IoCs

evasion

Modify Registry

T1112

Modify Existing Service

T1031

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Start = "4"	Wub_x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3700	Wub_x64.exe

C:\Users\Admin\AppData\Local\Temp\Wub_x64.exe
"C:\Users\Admin\AppData\Local\Temp\Wub_x64.exe"
1⤵
- Modifies security service
- Suspicious behavior: GetForegroundWindowSpam
PID:3700

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Wub.ini

Filesize
2KB

MD5
e8ab09bfd5dd7445cf21c5a3ce901ebd

SHA1
33846165c811f9c47e0c5b08d6c8b382634d9985

SHA256
789db18b699ec3cb7f10a30180e43400159d4212dbadaf331e548c7bb80aa061

SHA512
08c658a39597c667793036811e4c2416abfa200a6058cc038db48fa410d583d8c2ba204dbc6a5ef2e8884fc8c65059ec80240b33a07e1ffe2efa5d6a7d947524

Download Submit