Analysis
-
max time kernel
128s -
max time network
133s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
30-06-2020 00:48
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.C64.YzY0Ovy4hELZZb0e.10477.dll
Resource
win7
windows7_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.C64.YzY0Ovy4hELZZb0e.10477.dll
-
Size
579KB
-
MD5
8c803e59b00506c97d382a0d628f35b5
-
SHA1
9550d3d3e18164d09fb962845b7bf8054eecc620
-
SHA256
b7a306bd407cca438202bfb3b92abff60f959418c7fd129487a6510554ff5706
-
SHA512
0a06b98c25fc65c12f45823aa5edd0ed8f637f70c35f40cddc9925760b13db064bb2c1ab1ba9857c6e6efbb5e5208f6b13f7aa7a64ec28e1edf3f2530b86938f
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2536 wrote to memory of 2684 2536 rundll32.exe rundll32.exe PID 2536 wrote to memory of 2684 2536 rundll32.exe rundll32.exe PID 2536 wrote to memory of 2684 2536 rundll32.exe rundll32.exe PID 2684 wrote to memory of 2876 2684 rundll32.exe msiexec.exe PID 2684 wrote to memory of 2876 2684 rundll32.exe msiexec.exe PID 2684 wrote to memory of 2876 2684 rundll32.exe msiexec.exe PID 2684 wrote to memory of 2876 2684 rundll32.exe msiexec.exe PID 2684 wrote to memory of 2876 2684 rundll32.exe msiexec.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
rundll32.exemsiexec.exedescription pid process Token: SeDebugPrivilege 2684 rundll32.exe Token: SeSecurityPrivilege 2876 msiexec.exe Token: SeSecurityPrivilege 2876 msiexec.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 2684 rundll32.exe 2684 rundll32.exe -
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
Processes:
rundll32.exedescription pid process target process PID 2684 created 3008 2684 rundll32.exe Explorer.EXE -
Suspicious use of SetThreadContext 1 IoCs
Processes:
rundll32.exedescription pid process target process PID 2684 set thread context of 2876 2684 rundll32.exe msiexec.exe -
Blacklisted process makes network request 16 IoCs
Processes:
msiexec.exeflow pid process 6 2876 msiexec.exe 7 2876 msiexec.exe 8 2876 msiexec.exe 9 2876 msiexec.exe 10 2876 msiexec.exe 11 2876 msiexec.exe 13 2876 msiexec.exe 15 2876 msiexec.exe 17 2876 msiexec.exe 19 2876 msiexec.exe 20 2876 msiexec.exe 21 2876 msiexec.exe 22 2876 msiexec.exe 23 2876 msiexec.exe 24 2876 msiexec.exe 26 2876 msiexec.exe
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.C64.YzY0Ovy4hELZZb0e.10477.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.C64.YzY0Ovy4hELZZb0e.10477.dll,#13⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\msiexec.exemsiexec.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Blacklisted process makes network request