Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/10/2024, 10:44

General

  • Target

    WinS/wmpnetwk.exe

  • Size

    323KB

  • MD5

    beceae2fdc4f7729a93e94ac2ccd78cc

  • SHA1

    47c112c23c7bdf2af24a20bd512f91ff6af76bc6

  • SHA256

    f689ee9af94b00e9e3f0bb072b34caaf207f32dcb4f5782fc9ca351df9a06c97

  • SHA512

    073f5ae0d4ffedb5edb3b92b8e19bea2c482a3ad7ab02ed71955d3e55aa44a297307fe4334d28c6f7683cb02d40b4313e560c9049507b16a8c5d6ee0a0f0071f

  • SSDEEP

    6144:yejl5QCuDlXW4+DiErv2yKU9pclGrDkXNBe:vl5QCKdW4+DiNlXNBe

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WinS\wmpnetwk.exe
    "C:\Users\Admin\AppData\Local\Temp\WinS\wmpnetwk.exe"
    1⤵
      PID:2964
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2628

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2628-0-0x0000000140000000-0x00000001405E8000-memory.dmp

            Filesize

            5.9MB

          • memory/2628-1-0x0000000140000000-0x00000001405E8000-memory.dmp

            Filesize

            5.9MB

          • memory/2628-2-0x0000000140000000-0x00000001405E8000-memory.dmp

            Filesize

            5.9MB