Resubmissions
24-01-2024 07:41
240124-jh881sdbd8 1023-01-2024 11:54
240123-n22qhahhfj 1024-06-2020 14:53
200624-jtkdx94cps 10Analysis
-
max time kernel
116s -
max time network
122s -
platform
windows10_x64 -
resource
win10 -
submitted
24-06-2020 14:53
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Johnnie.255811.4892.11381.dll
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Variant.Johnnie.255811.4892.11381.dll
-
Size
424KB
-
MD5
fc33761a594599efe5617c8359531b38
-
SHA1
c85e06833ba3a037e3685dd05308ef98e2c72e82
-
SHA256
c8b452572f409a7d0752734334371c900983c8e15cbf8299bda7fe7a33a1047e
-
SHA512
5566c9fbf50ad90db1b6f0ef66e56273acfe64d4855caf818ec1caf208016688c64cef75bfd58e1dcf2883a99576a717a26c39e55af003dd87d15eb2c4ed6824
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeSecurityPrivilege 64 msiexec.exe Token: SeSecurityPrivilege 64 msiexec.exe -
Blacklisted process makes network request 2 IoCs
flow pid Process 13 64 msiexec.exe 14 64 msiexec.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 3908 wrote to memory of 3880 3908 rundll32.exe 67 PID 3908 wrote to memory of 3880 3908 rundll32.exe 67 PID 3908 wrote to memory of 3880 3908 rundll32.exe 67 PID 3880 wrote to memory of 64 3880 rundll32.exe 74 PID 3880 wrote to memory of 64 3880 rundll32.exe 74 PID 3880 wrote to memory of 64 3880 rundll32.exe 74 PID 3880 wrote to memory of 64 3880 rundll32.exe 74 PID 3880 wrote to memory of 64 3880 rundll32.exe 74 -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 3880 set thread context of 64 3880 rundll32.exe 74
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Johnnie.255811.4892.11381.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3908 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Johnnie.255811.4892.11381.dll,#12⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
PID:3880 -
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
- Suspicious use of AdjustPrivilegeToken
- Blacklisted process makes network request
PID:64
-
-