Analysis

  • max time kernel
    1473s
  • max time network
    1499s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-es
  • resource tags

    arch:x64arch:x86image:win11-20241007-eslocale:es-esos:windows11-21h2-x64systemwindows
  • submitted
    16/10/2024, 20:14

General

  • Target

    wbem/WMIsvc.dll

  • Size

    238KB

  • MD5

    8828f0794cd83e81a9ca9b3bd0903bc3

  • SHA1

    a374277de6eeb62bef9ad0f7ae43f3fd7ec299e1

  • SHA256

    fc0fab4941a94299486709a7ff68ae7ce4d60ef597269743f3e8cce0b2c95463

  • SHA512

    43cce7fecc55c7611dd3443ddbff64325e17ca9377dfb1c6abd2457e6d66313f66833868b4c6a28180b4a5e68810da0542958fd5aac6dd64cd8eba45dfe4a31d

  • SSDEEP

    3072:uRH7TyNVxUt43PZwaAz0lbxSyaMWWzdoBrlbXJ+lkBkut9+W8EPusK7wJL7GGGqL:uRH7THm3xAzGxSyUsyBn0ky696f+Wg

Score
8/10

Malware Config

Signatures

  • Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
  • Modifies registry class 12 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\wbem\WMIsvc.dll
    1⤵
    • Server Software Component: Terminal Services DLL
    • Modifies registry class
    PID:3200

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads