Overview

overview

10

Static

static

SecuriteIn...33.exe

windows7_x64

10

SecuriteIn...33.exe

windows10_x64

10

Analysis

  • max time kernel
    137s
  • max time network
    129s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    08-07-2020 16:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.A.16433.exe

  • Size

    253KB

  • MD5

    f58843af873716aeee6e9e74ff8918ca

  • SHA1

    8fb3aba6f5610c465e6fa4f87638fc706b2bcf63

  • SHA256

    54c3e01a3dee75c7137c63a25915b7bec1876a8fc65047eff99b97d9ca6cd5c6

  • SHA512

    3dc3413064112266ac303a2691c024c40fb914593e0622cb970ea367b5f03d60a7355f0a37064e5da4369dc4c7e545c7df7272943ffc6007f0cbede2cfafbd19

Score
10/10
backdoorbazarbackdoor

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • BazarBackdoor

    Stealthy backdoor targetting corporate networks, believed to be developed by Trickbot's authors.

    backdoorbazarbackdoor
  • Drops startup file 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.A.16433.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.A.16433.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Drops startup file
    PID:992
  • C:\Windows\system32\cmd.exe
    cmd.exe / c "start "" /b "cmd.exe" /c "copy /y "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.A.16433.exe" "C:\Users\Admin\AppData\Local\Temp\pfehamig.exe"&&start "" /b "C:\Users\Admin\AppData\Local\Temp\pfehamig.exe" -z {66A8ED9E-41EF-4620-9B69-81FFB215B4D7}&&exit 0""
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3932
    • C:\Users\Admin\AppData\Local\Temp\pfehamig.exe
      "C:\Users\Admin\AppData\Local\Temp\pfehamig.exe" -z {66A8ED9E-41EF-4620-9B69-81FFB215B4D7}
      2⤵
      • Executes dropped EXE
      PID:3428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\pfehamig.exe
    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pfehamig.exe
    Download Submit

  • memory/992-0-0x00000000029D0000-0x00000000029F1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/3428-1-0x0000000000000000-mapping.dmp

    Download

  • memory/3428-2-0x0000000000000000-mapping.dmp

    Download

  • memory/3428-5-0x0000000001160000-0x0000000001181000-memory.dmp

    Filesize

    132KB

    Download