c24f35c4f744e2ab5aaa0c950506bc3c9753507848d9094a3359da507a96b861 | Triage

Analysis

max time kernel
64s
max time network
74s
platform
windows7_x64
resource
win7
submitted
08-07-2020 01:42

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.Herz.B.19823.29450.exe
Size

683KB
MD5

14e098c83e4d4afbea1bb65e8e7ca7b9
SHA1

a4ee19e62c6ce048c7739724827c944473ba0966
SHA256

c24f35c4f744e2ab5aaa0c950506bc3c9753507848d9094a3359da507a96b861
SHA512

1d78bf23efdf28fcb364e67e207cb608b0f01e69b429a91a773ea0d462be04c091bbe7f56143e53a8f4e70912e5b4cf12a406f8bb717424701dd8551a04e2e21

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

SecuriteInfo.com.Win32.Herz.B.19823.29450.exe

description	pid	process	target process
PID 1108 set thread context of 316	1108	SecuriteInfo.com.Win32.Herz.B.19823.29450.exe	SecuriteInfo.com.Win32.Herz.B.19823.29450.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

SecuriteInfo.com.Win32.Herz.B.19823.29450.exeSecuriteInfo.com.Win32.Herz.B.19823.29450.exe

pid process

1108 SecuriteInfo.com.Win32.Herz.B.19823.29450.exe
316 SecuriteInfo.com.Win32.Herz.B.19823.29450.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

SecuriteInfo.com.Win32.Herz.B.19823.29450.exe

description	pid	process	target process
PID 1108 wrote to memory of 316	1108	SecuriteInfo.com.Win32.Herz.B.19823.29450.exe	SecuriteInfo.com.Win32.Herz.B.19823.29450.exe
PID 1108 wrote to memory of 316	1108	SecuriteInfo.com.Win32.Herz.B.19823.29450.exe	SecuriteInfo.com.Win32.Herz.B.19823.29450.exe
PID 1108 wrote to memory of 316	1108	SecuriteInfo.com.Win32.Herz.B.19823.29450.exe	SecuriteInfo.com.Win32.Herz.B.19823.29450.exe
PID 1108 wrote to memory of 316	1108	SecuriteInfo.com.Win32.Herz.B.19823.29450.exe	SecuriteInfo.com.Win32.Herz.B.19823.29450.exe

Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

SecuriteInfo.com.Win32.Herz.B.19823.29450.exe

pid process

1108 SecuriteInfo.com.Win32.Herz.B.19823.29450.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Herz.B.19823.29450.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Herz.B.19823.29450.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- Suspicious behavior: MapViewOfSection
PID:1108

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Herz.B.19823.29450.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Herz.B.19823.29450.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/316-0-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/316-1-0x000000000041E250-mapping.dmp

Download