Managed XDR

wmcrms7.exe — malware analysis report

File info

Filename
wmcrms7.exe
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
222.5 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
36117dae4bd4ed3e6e1e890660d2f1e48badb0f9
SHA256
12e8c3b1a4c7791d18a8178fba3aee0ac1e05d720718fbff37981d04f87199da
MD5
c55f43f55c061468be8909129bd517f6

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1027.002 packer_entropy: Probably contains compressed or encrypted data
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Other

yara_rules: Static rules
non_quadratic_icon: Icon is not square
creates_in_windows: Creates files in the Windows directory
no_graphical_activity: No graphic activity
require_administrator: Requests administrator privileges
checktokenmembership: Checks user token with CheckTokenMembership call
pe_overlay: PE file contains overlay
valid_authenticode: The digital signature has been verified