Analysis

  • max time kernel
    1468s
  • max time network
    1483s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-es
  • resource tags

    arch:x64arch:x86image:win11-20241007-eslocale:es-esos:windows11-21h2-x64systemwindows
  • submitted
    16/10/2024, 20:14

General

  • Target

    wbem/wmiutils.dll

  • Size

    135KB

  • MD5

    103768e150d89d6a759d9c85c5efcec1

  • SHA1

    617a83d206b6944ac10be2250a942959a9e5e9c2

  • SHA256

    5184cc67151f598b0ca7676e8aa582575816d31ac8faba9ec328c6738ac51fe5

  • SHA512

    0c4990dc70df437985a4bed5c28654f04d05843bf4f728024c9a76251e9d7baf368537c973b8e3249ed825ed92e6c99580ca38da09400046ed87df8de7ec2c2b

  • SSDEEP

    3072:vlFkYHH/lv01dEdQiNh+e13At2hIJl1bko3OTc:7fH/4dEdQGs2Y1Yo3OT

Malware Config

Signatures

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Modifies registry class 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\wbem\wmiutils.dll
    1⤵
    • Modifies registry class
    PID:4800

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads