General
-
Target
WinS.zip
-
Size
4.2MB
-
Sample
241027-mswmfsvjcl
-
MD5
07cf4aa9a4301aa1d5239a5a71b9e748
-
SHA1
ac5c1e8d35d39916df486f9b360c642f9c925b7f
-
SHA256
795d0a91a62da5707248580ac1dad46701a693925572f091107227272d354ee5
-
SHA512
3b5f64f77107a6ffa3f65785974435d91cc38f2651a463c31492ec265c4dbd6a6eb89a964cd3127bf2ae915dda6ee717c559577460a3983871f62673f46f4658
-
SSDEEP
98304:DFe7NaiwolmCpJ2O39a254dL0vjX5MkbIIfKPq7kk/E98:A74oEi2O3M86L0b5FvfKPGLG8
Static task
static1
Behavioral task
behavioral1
Sample
WinS/WinRing0x64.sys
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
WinS/WinRing0x64.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
WinS/wd.bat
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
WinS/wd.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
WinS/wmpnetwk.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
WinS/wmpnetwk.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
WinS/xcopy.exe
Resource
win7-20241010-en
Malware Config
Targets
-
-
Target
WinS/WinRing0x64.sys
-
Size
14KB
-
MD5
0c0195c48b6b8582fa6f6373032118da
-
SHA1
d25340ae8e92a6d29f599fef426a2bc1b5217299
-
SHA256
11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
-
SHA512
ab28e99659f219fec553155a0810de90f0c5b07dc9b66bda86d7686499fb0ec5fddeb7cd7a3c5b77dccb5e865f2715c2d81f4d40df4431c92ac7860c7e01720d
-
SSDEEP
192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
Score1/10 -
-
-
Target
WinS/wd.bat
-
Size
383B
-
MD5
479988fe0741ba53d6682562377fbee6
-
SHA1
b56e82fe314d82adbb8f50c1669eda87e4a6a7e1
-
SHA256
490c8ef0d7aa7daa4255ff0792e4ba8d5edad5e2f8ab032da1ac77019a207146
-
SHA512
5fe6e34f13cb63dc9ceee13546d02b2d0c024668a30d35047fa44791481e8845c9fa4e05da64f7b5724ed8ac8b15f4e48c6f7c14b4e93dea6d1e690bc9cde0c2
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
-
-
Target
WinS/wmpnetwk.exe
-
Size
323KB
-
MD5
beceae2fdc4f7729a93e94ac2ccd78cc
-
SHA1
47c112c23c7bdf2af24a20bd512f91ff6af76bc6
-
SHA256
f689ee9af94b00e9e3f0bb072b34caaf207f32dcb4f5782fc9ca351df9a06c97
-
SHA512
073f5ae0d4ffedb5edb3b92b8e19bea2c482a3ad7ab02ed71955d3e55aa44a297307fe4334d28c6f7683cb02d40b4313e560c9049507b16a8c5d6ee0a0f0071f
-
SSDEEP
6144:yejl5QCuDlXW4+DiErv2yKU9pclGrDkXNBe:vl5QCKdW4+DiNlXNBe
Score1/10 -
-
-
Target
WinS/xcopy.exe
-
Size
4.1MB
-
MD5
8b2bee1b859c3a85195f639a6365609f
-
SHA1
415ee3c194ca9243bee87cb2c4e95de5e9ac9758
-
SHA256
5a496193f23e27ee2b8609cdfec370ab7aeed05983ca851ef8502196ee0e1c18
-
SHA512
b9df2cb6ffe1a6288fc6969ecb0db5bd70805f57b7c4e699ff3a60f106ef61beaaff4848eae623d03b3c255fc9dcc9804e09001ced050816e5303c21a641ea79
-
SSDEEP
98304:EOr3T+fANpnZpbmysbqxoCRS7BKtztkpOhJ64F7bN2N9a6nX:EODyYNpPrsbqxoCUVK9tkpOjbRbUa6nX
-
Xmrig family
-
XMRig Miner payload
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-