[New WTFBin]: WTFBIN Here

Open ThureinOo opened this issue 1 year ago • 0 comments

Contributor Name: Thurein Oo
Application/Executable: EndpointBasecamp.exe, RiskIndexCollector.exe
WTF Behavior Description: Trend Micro EndpointBasecamp.exe drops RiskIndexCollector.exe which invoke wmic to get list of Hotfixes/Patches using the command wmic qfe get Description, HotfixID, InstalledOn
Link to Documentation of Behavior:
https://any.run/report/123b7b8262d000d098c4d18bec592f22677d2374bef1e59573a05aeea9a58b3b/73ede74d-a30d-45d2-91c2-cc1870b275f6
Please provide any images for additional evidence.

Mar 25 '24 08:03 ThureinOo