Resubmissions
24-01-2024 07:41
240124-jh881sdbd8 1023-01-2024 11:54
240123-n22qhahhfj 1024-06-2020 14:53
200624-jtkdx94cps 10Analysis
-
max time kernel
134s -
max time network
125s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
24-06-2020 14:53
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Johnnie.255811.4892.11381.dll
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Variant.Johnnie.255811.4892.11381.dll
-
Size
424KB
-
MD5
fc33761a594599efe5617c8359531b38
-
SHA1
c85e06833ba3a037e3685dd05308ef98e2c72e82
-
SHA256
c8b452572f409a7d0752734334371c900983c8e15cbf8299bda7fe7a33a1047e
-
SHA512
5566c9fbf50ad90db1b6f0ef66e56273acfe64d4855caf818ec1caf208016688c64cef75bfd58e1dcf2883a99576a717a26c39e55af003dd87d15eb2c4ed6824
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 240 wrote to memory of 1020 240 rundll32.exe 24 PID 240 wrote to memory of 1020 240 rundll32.exe 24 PID 240 wrote to memory of 1020 240 rundll32.exe 24 PID 240 wrote to memory of 1020 240 rundll32.exe 24 PID 240 wrote to memory of 1020 240 rundll32.exe 24 PID 240 wrote to memory of 1020 240 rundll32.exe 24 PID 240 wrote to memory of 1020 240 rundll32.exe 24 PID 1020 wrote to memory of 1832 1020 rundll32.exe 27 PID 1020 wrote to memory of 1832 1020 rundll32.exe 27 PID 1020 wrote to memory of 1832 1020 rundll32.exe 27 PID 1020 wrote to memory of 1832 1020 rundll32.exe 27 PID 1020 wrote to memory of 1832 1020 rundll32.exe 27 PID 1020 wrote to memory of 1832 1020 rundll32.exe 27 PID 1020 wrote to memory of 1832 1020 rundll32.exe 27 PID 1020 wrote to memory of 1832 1020 rundll32.exe 27 PID 1020 wrote to memory of 1832 1020 rundll32.exe 27 -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1020 set thread context of 1832 1020 rundll32.exe 27 -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeSecurityPrivilege 1832 msiexec.exe Token: SeSecurityPrivilege 1832 msiexec.exe -
Blacklisted process makes network request 2 IoCs
flow pid Process 6 1832 msiexec.exe 7 1832 msiexec.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Johnnie.255811.4892.11381.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:240 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Johnnie.255811.4892.11381.dll,#12⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
PID:1020 -
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
- Suspicious use of AdjustPrivilegeToken
- Blacklisted process makes network request
PID:1832
-
-