issues
search
mttaggart
/
wtfbins
WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.
MIT License
142
stars
10
forks
source link
[New WTFBin]: WTFBIN Here
#52
Open
ThureinOo
opened
4 months ago
ThureinOo
commented
4 months ago
Contributor Name:
Thurein Oo
Application/Executable:
EndpointBasecamp.exe, RiskIndexCollector.exe
WTF Behavior Description:
Trend Micro EndpointBasecamp.exe drops RiskIndexCollector.exe which invoke wmic to get list of Hotfixes/Patches using the command
wmic qfe get Description, HotfixID, InstalledOn
Link to Documentation of Behavior:
https://any.run/report/123b7b8262d000d098c4d18bec592f22677d2374bef1e59573a05aeea9a58b3b/73ede74d-a30d-45d2-91c2-cc1870b275f6
Please provide any images for additional evidence.
wmic qfe get Description, HotfixID, InstalledOn