Overview

overview

7

Static

static

3

CompMgmtLauncher.exe

windows7-x64

5

CompMgmtLauncher.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2023, 13:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    CompMgmtLauncher.exe

  • Size

    144KB

  • MD5

    023a7565f6a6fb90fa666babab598853

  • SHA1

    bb95310354b433ddb56bcb2a96d69d14a5caa78f

  • SHA256

    650926ff85163cef3288e3f32575851458a45361ade9207dcde3923d22771644

  • SHA512

    aa0f74363b19dc6bf1f0671d7d793a28e6523e0bd79a84071d3404c9942719174324189d833dddbaf138c39558735e22a16b53e9486113fe8a08ccee8ffbf808

  • SSDEEP

    1536:dECYMyOQif7YO97drDAkwbjZM+AWLDyDssyChrrcx/JyRtH/dGrc+APUfhMjVHCh:BSwdrDApM+AWLDuBNQ/JyRV/Yr7XDf6

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CompMgmtLauncher.exe
    "C:\Users\Admin\AppData\Local\Temp\CompMgmtLauncher.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4380
    • C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\system32\compmgmt.msc" /s
      2⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4912
      • C:\Windows\system32\mmc.exe
        "C:\Windows\system32\compmgmt.msc" "C:\Windows\system32\compmgmt.msc" /s
        3⤵
        • Drops file in System32 directory
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:1552

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1552-133-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1552-134-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1552-135-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1552-136-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1552-137-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1552-138-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1552-139-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1552-140-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1552-141-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1552-142-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1552-143-0x0000000004B50000-0x0000000004B60000-memory.dmp

          Filesize

          64KB

          Download