Analysis
-
max time kernel
149s -
max time network
164s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
10-07-2020 12:11
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe
-
Size
193KB
-
MD5
c2257678b2fa6523210ba60d4fbfcdda
-
SHA1
1417d42f550ee3ad0d802a298a14712011cfa8fa
-
SHA256
fad6f1e59c3d79075062761a1003d8877f258b30999d5bfef6512c9a09f85a35
-
SHA512
0ca3b162fba84d31afcf700ecbef776dcb9059e1171c9301cef2691d4597870ec9ff4fbc2b041c04e4179d2479f28504cd26d4540a2b3d5026cdc34d0341f2bc
Score
5/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 21 IoCs
Processes:
SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exedescription pid process target process PID 1436 wrote to memory of 1216 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe schtasks.exe PID 1436 wrote to memory of 1216 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe schtasks.exe PID 1436 wrote to memory of 1216 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe schtasks.exe PID 1436 wrote to memory of 1216 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe schtasks.exe PID 1436 wrote to memory of 1776 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1776 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1776 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1776 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1772 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1772 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1772 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1772 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1760 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1760 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1760 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1760 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1760 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1760 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1760 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1760 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe PID 1436 wrote to memory of 1760 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exedescription pid process Token: SeDebugPrivilege 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exepid process 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exedescription pid process target process PID 1436 set thread context of 1760 1436 SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe -
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetThreadContext
PID:1436 -
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\xtkoqNVcW" /XML "C:\Users\Admin\AppData\Local\Temp\tmp7741.tmp"2⤵
- Creates scheduled task(s)
PID:1216 -
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe"{path}"2⤵PID:1776
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe"{path}"2⤵PID:1772
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.380.1927.25730.exe"{path}"2⤵PID:1760