Overview

overview

10

Static

static

3

wufuc_v1.0...d4.zip

windows7-x64

1

wufuc/COPYING.txt

windows7-x64

1

wufuc/Donate.url

windows7-x64

6

wufuc/Help...se.url

windows7-x64

1

wufuc/Help...ue.url

windows7-x64

1

wufuc/Rest...rv.reg

windows7-x64

10

wufuc/inst...uc.bat

windows7-x64

1

wufuc/unin...uc.bat

windows7-x64

1

wufuc/version.txt

windows7-x64

1

wufuc/wufu...ub.url

windows7-x64

1

wufuc/wufuc32.dll

windows7-x64

1

wufuc/wufuc64.dll

windows7-x64

1

wufuc/wufu...sk.xml

windows7-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    25-04-2024 07:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wufuc/Restore_wuauserv.reg

  • Size

    708B

  • MD5

    99f25f3eb124c29e24c5352371c6b576

  • SHA1

    68e203682392be44065b32ee43e8f5536133b98c

  • SHA256

    e520b1620ae71ffae8908609e99a06d998c7e773c5179532c834d4adbcae8e5b

  • SHA512

    c2dc2361a4dbdf5da93cb67ca9b8c8b18c52ff93b376a006ac04cc6ee9da1255687c49a5c424d4feaacecdac4299fad5caf75cd7caffdf93accb4643bbeb6736

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies security service 2 TTPs 2 IoCs
    evasion
  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • Runs .reg file with regedit 1 IoCs

Processes

  • C:\Windows\regedit.exe
    regedit.exe "C:\Users\Admin\AppData\Local\Temp\wufuc\Restore_wuauserv.reg"
    1⤵
    • Modifies security service
    • Sets DLL path for service in the registry
    • Runs .reg file with regedit
    PID:2952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2952-0-0x0000000000560000-0x0000000000561000-memory.dmp

    Filesize

    4KB

    Download