Overview

overview

10

Static

static

10

Winget-Aut...r.psd1

windows7-x64

1

Winget-Aut...r.psd1

windows10-2004-x64

1

Winget-Aut...ui.ps1

windows7-x64

3

Winget-Aut...ui.ps1

windows10-2004-x64

8

Winget-Aut...ll.ps1

windows7-x64

3

Winget-Aut...ll.ps1

windows10-2004-x64

8

Winget-Aut...un.ps1

windows7-x64

3

Winget-Aut...un.ps1

windows10-2004-x64

3

Winget-Aut...es.ps1

windows7-x64

3

Winget-Aut...es.ps1

windows10-2004-x64

3

Winget-Aut...ll.ps1

windows7-x64

3

Winget-Aut...ll.ps1

windows10-2004-x64

3

Winget-Aut...ll.ps1

windows7-x64

3

Winget-Aut...ll.ps1

windows10-2004-x64

3

Winget-Aut...fy.ps1

windows7-x64

3

Winget-Aut...fy.ps1

windows10-2004-x64

3

Winget-Aut...de.ps1

windows7-x64

3

Winget-Aut...de.ps1

windows10-2004-x64

8

Winget-Aut...ne.ps1

windows7-x64

3

Winget-Aut...ne.ps1

windows10-2004-x64

3

Winget-Aut...ut.ps1

windows7-x64

3

Winget-Aut...ut.ps1

windows10-2004-x64

3

Winget-Aut...on.ps1

windows7-x64

3

Winget-Aut...on.ps1

windows10-2004-x64

3

Winget-Aut...py.ps1

windows7-x64

3

Winget-Aut...py.ps1

windows10-2004-x64

3

Winget-Aut...fo.ps1

windows7-x64

3

Winget-Aut...fo.ps1

windows10-2004-x64

3

Winget-Aut...ps.ps1

windows7-x64

3

Winget-Aut...ps.ps1

windows10-2004-x64

3

Winget-Aut...ps.ps1

windows7-x64

3

Winget-Aut...ps.ps1

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Winget-AutoUpdate-main.zip

  • Size

    125KB

  • Sample

    240710-wdh79atdrc

  • MD5

    74e2b9c25e6ae7658fe9132910bc6395

  • SHA1

    2e2adb438cdc445f477636fa9b6eff84f8526e79

  • SHA256

    91da2797797025f89356c0a2c66caa05040fc8d189a5db6c504ec78372bd487d

  • SHA512

    7a418307169920f53e4a45f3e4f22b1ad93ef248915167313cd2b05cb245da3f83b56077d8bcb5106172b5735bde310a183c8cf52799be5c01de7954a832dfad

  • SSDEEP

    3072:UV402FPbjLhLaQJCBvv0qt9YTshzoss8LG7edlToMN8uUy4:UV4rFzjtLJgBvv0MYQhksf2MuuUR

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://github.com/Romanitho/Winget-Install-GUI/raw/main/Tools/cmtrace.exe
exe.dropper

https://www.nirsoft.net/utils/advancedrun-x64.zip
exe.dropper

https://www.nirsoft.net/utils/uninstallview-x64.zip
exe.dropper

https://api.github.com/repos/Romanitho/Winget-AutoUpdate/releases/latest

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://api.github.com/repos/Romanitho/Winget-AutoUpdate/releases
exe.dropper

https://github.com/Romanitho/Winget-AutoUpdate/releases
exe.dropper

https://api.github.com/repos/Romanitho/Winget-AutoUpdate/releases/latest
exe.dropper

https://github.com/Romanitho/Winget-AutoUpdate/releases/latest

Extracted

Language
ps1
Source
URLs
exe.dropper

https://aka.ms/Microsoft.VCLibs.x64.14.00.Desktop.appx
exe.dropper

https://github.com/microsoft/microsoft-ui-xaml/releases/download/v2.8.6/Microsoft.UI.Xaml.2.8.x64.appx

Extracted

Language
ps1
Source
URLs
exe.dropper

https://github.com/Romanitho/Winget-AutoUpdate/releases

Extracted

Language
ps1
Source
URLs
exe.dropper

https://api.github.com/repos/microsoft/winget-cli/releases/latest

Targets

    • Target

      Winget-AutoUpdate-main/.github/.powershell-psscriptanalyzer.psd1

    • Size

      751B

    • MD5

      1cfc61ccac03a930ad3ed36cca120af9

    • SHA1

      b09847eafeeac1b137b372a7ab60784533496568

    • SHA256

      d467f0429c7619c4b557ea9c9f622fd45e6874940d09c8f05b96c494ca58990b

    • SHA512

      b11de9cbe6b7971145ea7f64ed1e8c9d970ce20737d337b993b5537da2ccd85ecad629830514a709b1e55f530e156985cef9a432c3aa5929f0fcc1062d71c63f

    Score
    1/10
    behavioral1behavioral2

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Gui.ps1

    • Size

      40KB

    • MD5

      8763a2e08937d135e3abdbf4579dda27

    • SHA1

      26db49e76d3dd9578db93474a752709f09a6c7cb

    • SHA256

      b421ad0c8320ce128ee394fde02106e8510b543f28dfa83342822f2b699c5633

    • SHA512

      2b06471616346f79a0117f2f48c46421c74aba752494dc6e769f37a35fe9d01db2037674a0f4ea334c9091871c2bc5500a7957ca156373cbdeeaea91dd726050

    • SSDEEP

      384:pmF2OOogMBFnRskeBhjofFx1Vc3pknh70nq/GQ4dWGLJ8xF6LGi+mjoy+vN/w6Y:4F2ro6kSufFdku35FAGiKvO5

    Score
    8/10
    execution

    • Blocklisted process makes network request

    behavioral3behavioral4

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Winget-AutoUpdate-Install.ps1

    • Size

      26KB

    • MD5

      07ba0c8cce815a8d50b1590814e1af3c

    • SHA1

      124b8ee99598c006767e9ec91af23036cb2acae0

    • SHA256

      b69b120f2d61b33f1c473f19f13901710adb4dd25143b1534e9a9d068a0dcf96

    • SHA512

      7a57de32f6d19a7188f493018f5e2da3757940fae8bda2d28e79817a34a70a50fb0cb38f09987073b042e28ee8a6ca03292fe137a8505cb2bf22ba054082a242

    • SSDEEP

      384:U571+QE7EqAxcK6F4/8yw6IVBUOoZWtkrqM+Y7Ml2Q3ZlPnYnqwxQKCDcmIt:G71JxcK6F4/8yIYqKQK+cVt

    Score
    8/10
    execution

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral5behavioral6

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Winget-AutoUpdate/User-Run.ps1

    • Size

      3KB

    • MD5

      c1c532d865420357e25ba3d4d1b6e950

    • SHA1

      9a195bbd3b61e0b16d1f2e3a614531d3a44b658e

    • SHA256

      dc6919d7b7001ec56122100b3b633f459f6f49981565d580b41e536de9b0113e

    • SHA512

      a2f24d645e58f1f27c59840aa4a1f2c9d72ef9ee1e81f62d46dd9dc25eb8b9e1c168359dfa5b71c9926e10c3175384cf8a16194ba1e448ffc11a09aa697e436d

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Winget-AutoUpdate/WAU-Policies.ps1

    • Size

      5KB

    • MD5

      d7ff1eb2257350badf6692e096d8afea

    • SHA1

      ba24f2f58ccd2850060c52847a00cf6dc3106d6e

    • SHA256

      f92493b028444096ead6bf0fd2121b91337b305896428050a74b3ddb5a89ee1f

    • SHA512

      47db5386c12ba48343160384851824477fe3f21257678c33938fd99e94cfb06140776f5b4b9b877e5311002a97c23d481d53d96632a4f6c44f442349d235835d

    • SSDEEP

      96:VJW3nwG4sod0l2hRTT1KSTSxK3laK4lVxKDlVXc+plBwZ6yaoFsuXgLtn3:6Ysod08h5JFieI1tQbcclBwRdsCgpn3

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Winget-AutoUpdate/WAU-Uninstall.ps1

    • Size

      4KB

    • MD5

      40be78a0706d3a20f4cac1ae5526b10b

    • SHA1

      d32b8b59ad54863fe3fc95e431f3420be74c4e95

    • SHA256

      c64bba059115e2e8f7ba754adef5300617c42f18f6deb9a6670a74468e2dd6cd

    • SHA512

      21c238c1f788e92809d51f35fb7fa0b959685e693f5450ac8a8ceb6a446658ff4a110cf123e1f2630d2570e475095d9dc716c4bd238fe2c3ffff39b0e1d6deee

    • SSDEEP

      96:+f10ri96cxP+ze+PIj1c+V+lv+O6gBnvDMO:+fPocxP+ze+PJlvJhDT

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Winget-AutoUpdate/Winget-Install.ps1

    • Size

      14KB

    • MD5

      71f63d2635f8f2f656c1c931905b831e

    • SHA1

      b0191e52a5d1976b65fada798d9303a28c34fb19

    • SHA256

      8bcab8bdd670d1a5f7d633cc9376073aca7c3193295ed982f01913b773a42a7a

    • SHA512

      b2e685fc0c510b16fd7a9e39b5f03c7be768c29872c2c42002567ee7f9c90bcc505145068b4d6cd8905f72d2c3c2c2adb11e423b49545e21650b132c26fe5033

    • SSDEEP

      192:ODaDIGv24EZDisbGZRKzCytizzFy5iL4U2DuCXRbLeZYnzpzfGeTfq:ODaDru8s0qKCkqzpaeu

    Score
    3/10
    execution
    behavioral13behavioral14

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Winget-AutoUpdate/Winget-Notify.ps1

    • Size

      1024B

    • MD5

      e60f4daa89b899d238a7330a2ff25d2b

    • SHA1

      2f4a868cc5db3cb43a64e5d0415d2441366cea90

    • SHA256

      bc004d7c794ee6921948ed2191f00cf0cf936b207c9802f6aaec744d8c172894

    • SHA512

      5423bf018966865a7fc49f4196e7e2bdbeb61485eab3a2d0781d56d0f8d96a77ee689963f1383751d73a7287a306eefede9877d65dd8d6030cb1add9d25b8aa8

    Score
    3/10
    execution
    behavioral15behavioral16

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Winget-AutoUpdate/Winget-Upgrade.ps1

    • Size

      17KB

    • MD5

      05dfe634bc83bb9fa5054eaee9990452

    • SHA1

      8273b9dfce7ac8e5da5f4e1f364f549572601eb0

    • SHA256

      b775469f51fd9ea89840a9dd86c1ac939a1a55b6f5898535d80415b90b766311

    • SHA512

      d5f1a64f008d316aa133d38c3dc5bf3d97f058aa38da005200a8b6573a29515f4c33d0a068a5f3cd90ca9148027a43e208a91cce1e125226e32a9b3fa82370bc

    • SSDEEP

      384:Ouv+/ld8AVMrOlS4PDhZ5WBHOK+k1LTqscOPcZIiA:dN8C1HPiA

    Score
    8/10
    execution

    • Blocklisted process makes network request

    behavioral17behavioral18

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Winget-AutoUpdate/functions/Add-ScopeMachine.ps1

    • Size

      1KB

    • MD5

      317f8ee0b56c532884986de92264a65d

    • SHA1

      e8c5bb985c4679485d088f628114ff26e0db9fc6

    • SHA256

      730f84623488fc22dda375ab516e84da92d399dd71cdae82f458a7f107767fa4

    • SHA512

      c7918d551bf668fc7e4b19a20d829bf7b919670ddfee78e8f9d49c7b975c17fedc9326891ca4f90e986e3eb281c197c09db119b4e389a50ff7fa3385fe9e77ee

    Score
    3/10
    execution
    behavioral19behavioral20

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Winget-AutoUpdate/functions/Add-Shortcut.ps1

    • Size

      391B

    • MD5

      6457b8abd9dd8fa42ec57d2f09b706c1

    • SHA1

      1ad8e47dc1fca2178356eb3f15bf2f428f10fb7b

    • SHA256

      2eee5655448afbabb4e378f542afa9c858a8b24fccd6d6c05fa1bea9b9f3fcfb

    • SHA512

      0c9c0154ff1c8d0768aa5ea53a83fd0ab01474d08cca14615902441a63e75a484f49ce2f4449187638a41717ba7ccecf13171283d421e609b83a76fd13d5a1b6

    Score
    3/10
    execution
    behavioral21behavioral22

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Winget-AutoUpdate/functions/Confirm-Installation.ps1

    • Size

      646B

    • MD5

      a87d56b98d5e6208b12a7122ee718bca

    • SHA1

      1008467ded79efcfd8f9a48fb86c5c449cdb9f1d

    • SHA256

      392fca86e417b4cf7aff2267b131553d327393fd49834c2e8c01c7e8126a9e55

    • SHA512

      2f79c7c9c7cde4b3c34a3738f613602c870db9de0c1616fcaf6fcede10818b0021b69e37dc91b7c0a3ed33b90d33cb801ac4b22ff556e4cc8a06de289424559b

    Score
    3/10
    execution
    behavioral23behavioral24

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Winget-AutoUpdate/functions/Get-AZCopy.ps1

    • Size

      2KB

    • MD5

      d49836b1ae15a638d6a279cb0d2a2143

    • SHA1

      0e6bf08d064b6aedf9f918bc4ff1fd7d1b413137

    • SHA256

      2528aaa015bf6d92f9e2085d435cdf9b0f88b5194b054711ca26817839e1b15b

    • SHA512

      e31f462ef9590799049105206647e6bb950513fcb133d90bf304a68f98105120b6356f8cf79d2390d15636aafb34b3b6399dea7119577d146a30919f7f1bab1b

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Winget-AutoUpdate/functions/Get-AppInfo.ps1

    • Size

      355B

    • MD5

      fc551fef084728bf59067b870936f146

    • SHA1

      373f56931a5e2c38219fcc1f7b7d72ada6a79cf5

    • SHA256

      d2628ca9e5f62d1633628bb4e0a2f4f0a80316e7d01923e269576e259fa6e5ed

    • SHA512

      75f4f9279d52b08ad9caed36922e539557bb556309303e58ca5a77ead8eda35cc4396c4b7de8d1b5db026cca5827c636d9e0a0833f6f0b9cc0b6e5405b443aea

    Score
    3/10
    execution
    behavioral27behavioral28

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Winget-AutoUpdate/functions/Get-ExcludedApps.ps1

    • Size

      1KB

    • MD5

      125ef0f2c0b6ba059df45445fd9125a2

    • SHA1

      302042b9565aa2ce1df0ff071dff7fb279598484

    • SHA256

      27dbc946497de6caaec4a716101497d83d8b8548470db79ab57af11e8ea32227

    • SHA512

      f2f8dc99336a6cac209398a45e8d59408c03ff0f7ea25d806561d05cf4b59f3dc2a17f2730ca93d9fc631f0dabd812b4d364d2be8469a54cfe7b6b8eb7b4ae78

    Score
    3/10
    execution
    behavioral29behavioral30

    • Target

      Winget-AutoUpdate-main/Sources/WAU/Winget-AutoUpdate/functions/Get-IncludedApps.ps1

    • Size

      1KB

    • MD5

      faed5305dff2b0e16c1863361da7cf1e

    • SHA1

      b8fe1126e06cfb5e480b75b45a472d8912216c62

    • SHA256

      51c950e98170e99d9d8cc72c6b291331de3457cf90214fa3c58bfb0e69ad24bf

    • SHA512

      78387aa888e6e901287c420958e4560524a1dde7f6dd5e1c6ae906094bb7886d3134274f240d1bf2e28b4cda5b3f87128c54265447cd917f850e55a2fd8fa4e6

    Score
    3/10
    execution
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

execution
Score
3/10

behavioral4

execution
Score
8/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
8/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
8/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

execution
Score
3/10

behavioral30

execution
Score
3/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10