e1de8d77e6dd9bd1cc7b8dfc1f9de0b1d08ca1575da949cc8e4e69c47a5a0faa

Analysis

max time kernel
1377s
max time network
1167s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 13:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WuWaRuV2.exe
Size

9.4MB
MD5

d49304afc157354093b9028ef00357a9
SHA1

eb9a6b7a466cd95b4c773a6ca9c04f5547517083
SHA256

e1de8d77e6dd9bd1cc7b8dfc1f9de0b1d08ca1575da949cc8e4e69c47a5a0faa
SHA512

af5b4a8f80bea6e67eae4da557742d12dee3419e8da5ecca6f0c3a11dc28bf630ad9f35a3174f369e7fb1ad982ee5952d207b7617c1c8035d8c1c9de2fe47219
SSDEEP

196608:RzKRdmVL81+APaHB+NNM/rjvEDTOuK6m0VN8iNISSkSIWpWFnp:ZXJwI/rjM5Xm0XWkSDpY

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3096	WuWaRuV2.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3096	WuWaRuV2.exe

C:\Users\Admin\AppData\Local\Temp\WuWaRuV2.exe
"C:\Users\Admin\AppData\Local\Temp\WuWaRuV2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Costura\A690C95FAC2EB4CEFFACC77CAF9428F3\32\sqlite.interop.dll

Filesize
1.4MB

MD5
6f2fdecc48e7d72ca1eb7f17a97e59ad

SHA1
fcbc8c4403e5c8194ee69158d7e70ee7dbd4c056

SHA256
70e48ef5c14766f3601c97451b47859fddcbe7f237e1c5200cea8e7a7609d809

SHA512
fea98a3d6fff1497551dc6583dd92798dcac764070a350fd381e856105a6411c94effd4b189b7a32608ff610422b8dbd6d93393c5da99ee66d4569d45191dc8b

Download Submit
memory/3096-16-0x000000000E710000-0x000000000E7C2000-memory.dmp

Filesize
712KB

Download
memory/3096-27-0x0000000074950000-0x0000000075100000-memory.dmp

Filesize
7.7MB

Download
memory/3096-15-0x000000000AE30000-0x000000000AE7C000-memory.dmp

Filesize
304KB

Download
memory/3096-8-0x0000000006220000-0x00000000062B2000-memory.dmp

Filesize
584KB

Download
memory/3096-9-0x0000000006200000-0x000000000620A000-memory.dmp

Filesize
40KB

Download
memory/3096-10-0x0000000074950000-0x0000000075100000-memory.dmp

Filesize
7.7MB

Download
memory/3096-12-0x000000000AD70000-0x000000000ADDA000-memory.dmp

Filesize
424KB

Download
memory/3096-13-0x0000000074950000-0x0000000075100000-memory.dmp

Filesize
7.7MB

Download
memory/3096-11-0x000000000ACD0000-0x000000000AD70000-memory.dmp

Filesize
640KB

Download
memory/3096-17-0x00000000057F0000-0x00000000057FA000-memory.dmp

Filesize
40KB

Download
memory/3096-7-0x0000000006730000-0x0000000006CD4000-memory.dmp

Filesize
5.6MB

Download
memory/3096-1-0x0000000000BF0000-0x0000000001566000-memory.dmp

Filesize
9.5MB

Download
memory/3096-14-0x000000000D0A0000-0x000000000D3F4000-memory.dmp

Filesize
3.3MB

Download
memory/3096-18-0x0000000005800000-0x0000000005826000-memory.dmp

Filesize
152KB

Download
memory/3096-19-0x0000000005830000-0x0000000005838000-memory.dmp

Filesize
32KB

Download
memory/3096-20-0x0000000005860000-0x0000000005876000-memory.dmp

Filesize
88KB

Download
memory/3096-21-0x0000000005880000-0x000000000588A000-memory.dmp

Filesize
40KB

Download
memory/3096-22-0x0000000007860000-0x000000000786A000-memory.dmp

Filesize
40KB

Download
memory/3096-23-0x000000000F030000-0x000000000F038000-memory.dmp

Filesize
32KB

Download
memory/3096-24-0x000000000F090000-0x000000000F0AE000-memory.dmp

Filesize
120KB

Download
memory/3096-25-0x000000007495E000-0x000000007495F000-memory.dmp

Filesize
4KB

Download
memory/3096-26-0x0000000074950000-0x0000000075100000-memory.dmp

Filesize
7.7MB

Download
memory/3096-0-0x000000007495E000-0x000000007495F000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads