3a184ed46b10e27515f8f8726a91886296f7ab1e9c05552b1189d828f15ccb3f

Resubmissions

07/07/2022, 09:57

08/07/2020, 02:41

Target

SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe
Size

88KB
MD5

568042d040ed7fbbb802d847ef614a4d
SHA1

6b18e8df396a665808ef362354366befc4ed7aeb
SHA256

3a184ed46b10e27515f8f8726a91886296f7ab1e9c05552b1189d828f15ccb3f
SHA512

ddb683924c2736bf76533ed9e60a64cc744b0f194486292d10494665cc88ce165b420c9a2d3d6e507ce0f011fa674a1d22197bfd2f5a420ed069b02477192f6c

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe
3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe
3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe
3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe
3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe
3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe
3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe
3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3548 wrote to memory of 644	3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	66
PID 3548 wrote to memory of 644	3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	66
PID 3548 wrote to memory of 644	3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	66
PID 3548 wrote to memory of 648	3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	67
PID 3548 wrote to memory of 648	3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	67
PID 3548 wrote to memory of 648	3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	67
PID 3548 wrote to memory of 1012	3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	70
PID 3548 wrote to memory of 1012	3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	70
PID 3548 wrote to memory of 1012	3548	SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe	70

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3548
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c del /q "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe"
  2⤵
  PID:644
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c RMDIR /S /Q "C:\Program Files (x86)\svm"
  2⤵
  PID:648
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c del /q "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.34132730.25936.7257.exe"
  2⤵
  PID:1012