Resubmissions

15/09/2023, 15:47

230915-s8jwgsdb61 1

15/09/2023, 14:47

230915-r53zhscf71 1

Analysis

  • max time kernel
    140s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/09/2023, 14:47

General

  • Target

    vmware.exe

  • Size

    2.1MB

  • MD5

    da9bb486b14c37a771d6f7bf208a86d3

  • SHA1

    23c2671b2558f00738c3010b00154aa059d774ad

  • SHA256

    19bd8a90a779a9b35117f4e814de20661e32ea07a6721a2a13858473be8d4a36

  • SHA512

    82284d3bf3692f187ddbb60e6f8beaa928f8ca23146423d681f53dddda8a8b73bb16159eb7e8572cf3a2cd24daaefd137ac6badfe67ff08d85502198711ee573

  • SSDEEP

    49152:r0WtLrwaCUzBMoaSnRUntexlBbt41aCq4:Yynw3U1aqjBb

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\vmware.exe
    "C:\Users\Admin\AppData\Local\Temp\vmware.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Windows\system32\pcaui.exe
      "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {db4f3aa6-828e-4e0c-a461-efac8dacc1a2} -a "VMware Workstation Pro" -v "VMware, Inc." -s "This app can't run because it causes security or performance issues on Windows. A new version may be available. Check with your software provider for an updated version that runs on this version of Windows." -n 1 -f 2109246 -k 0 -e "C:\Users\Admin\AppData\Local\Temp\vmware.exe"
      2⤵
        PID:4792

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads