3a184ed46b10e27515f8f8726a91886296f7ab1e9c05552b1189d828f15ccb3f

Resubmissions

07/07/2022, 09:57

08/07/2020, 02:41

Target

SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe
Size

88KB
MD5

568042d040ed7fbbb802d847ef614a4d
SHA1

6b18e8df396a665808ef362354366befc4ed7aeb
SHA256

3a184ed46b10e27515f8f8726a91886296f7ab1e9c05552b1189d828f15ccb3f
SHA512

ddb683924c2736bf76533ed9e60a64cc744b0f194486292d10494665cc88ce165b420c9a2d3d6e507ce0f011fa674a1d22197bfd2f5a420ed069b02477192f6c

Score

7^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe
1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe
1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe
1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 1796	1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	25
PID 1156 wrote to memory of 1796	1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	25
PID 1156 wrote to memory of 1796	1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	25
PID 1156 wrote to memory of 1796	1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	25
PID 1156 wrote to memory of 1880	1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	27
PID 1156 wrote to memory of 1880	1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	27
PID 1156 wrote to memory of 1880	1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	27
PID 1156 wrote to memory of 1880	1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	27
PID 1156 wrote to memory of 1900	1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	29
PID 1156 wrote to memory of 1900	1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	29
PID 1156 wrote to memory of 1900	1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	29
PID 1156 wrote to memory of 1900	1156	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	29

Deletes itself 1 IoCs

pid	Process
1900	cmd.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c del /q "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe"
  2⤵
  PID:1796
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c RMDIR /S /Q "C:\Program Files (x86)\svm"
  2⤵
  PID:1880
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c del /q "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe"
  2⤵
  - Deletes itself
  PID:1900