Analysis

  • max time kernel
    1476s
  • max time network
    1486s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-es
  • resource tags

    arch:x64arch:x86image:win11-20241007-eslocale:es-esos:windows11-21h2-x64systemwindows
  • submitted
    16/10/2024, 20:14

General

  • Target

    wbem/WMIPSESS.dll

  • Size

    60KB

  • MD5

    9be96954745d7c36a5726deb8ad28bde

  • SHA1

    8e44a8b9234d4e73f9d9fa1f414aa24648a9ee7e

  • SHA256

    8300c2da596f5c1a416d02a598e323cdb4e82fc480e125df6fb3aa2c53cacfa2

  • SHA512

    7e5060fb071dc528d463e378635c700e63974f20e477114c756178de0d3def025c13f4383b0b1678634fd6a61b22dbe7a8c5d5726d6c59c71a40555eb92aa0d3

  • SSDEEP

    1536:SXOWHEOQjeCKfEFIb0bnhf91dkSWpXIRqk:C/5QjeZfEyknhf9sS6YR9

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Modifies registry class 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\wbem\WMIPSESS.dll
    1⤵
    • Modifies registry class
    PID:2760

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads