92714bd064db14df090e83922023d6ebc0e515909e223e9277a35c570b0a36e0

General

Target

SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
Size

1.8MB
MD5

d3f1cfa10774c6c3546d8cde6b4ebe7a
SHA1

575115582654e82f4df739b41a5331c10c675426
SHA256

92714bd064db14df090e83922023d6ebc0e515909e223e9277a35c570b0a36e0
SHA512

5daad347f58f802a2fb0fb2c52a5de6df7399c6b180eae981c4dc348bc2dafa64a2ca758fe8790963af949e1d540f35b4bee9a42b01ed55e60e61ca5af9e9b29

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 37 IoCs

Processes:

SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe

pid	process
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe

pid	process
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

Processes:

SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe

description	pid	process
Token: SeDebugPrivilege	4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
Token: 33	4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
Token: SeIncBasePriorityPrivilege	4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
Token: 33	4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
Token: SeIncBasePriorityPrivilege	4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
Token: 33	4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
Token: SeIncBasePriorityPrivilege	4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
Token: 33	4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
Token: SeIncBasePriorityPrivilege	4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
Token: 33	4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
Token: SeIncBasePriorityPrivilege	4004	SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe

pid process

4004 SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004 SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe

pid process

4004 SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
4004 SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Razy.671281.3341.21664.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4004

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads