0638b1723d45eb9fbbf4db0428aeb59b08da4082779c361ae881445ef35bb6d4 | Triage

Analysis

max time kernel
142s
max time network
22s
platform
windows7_x64
resource
win7v200430
submitted
10-07-2020 17:44

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
Size

288KB
MD5

9d4c81c16699da96cacc73cabaaf9fb4
SHA1

10ff1580fb137006d2e396ee9432ff4a84b409b7
SHA256

0638b1723d45eb9fbbf4db0428aeb59b08da4082779c361ae881445ef35bb6d4
SHA512

9ce9fecf3921ba70e9e0a92400439d842073d1cc5f52e16f06a4c4259622ea42d4314b8700edd7e24a6b34276e29b93eb7100f5a0a6f774048c96a1bdf23b0c0

Score

5^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe

description	pid	process	target process
PID 1092 wrote to memory of 1796	1092	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
PID 1092 wrote to memory of 1796	1092	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
PID 1092 wrote to memory of 1796	1092	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
PID 1092 wrote to memory of 1796	1092	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
PID 1092 wrote to memory of 1796	1092	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
PID 1092 wrote to memory of 1796	1092	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
PID 1092 wrote to memory of 1796	1092	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe

description	pid	process	target process
PID 1092 set thread context of 1796	1092	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe	SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe

pid process

1796 SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
PID:1092

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.43466730.30129.29543.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1092-1-0x0000000000000000-0x0000000000000000-disk.dmp

Download
memory/1796-2-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1796-3-0x000000000041E2F0-mapping.dmp

Download