Overview

overview

10

Static

static

SecuriteIn...83.exe

windows7_x64

10

SecuriteIn...83.exe

windows10_x64

3

Analysis

  • max time kernel
    123s
  • max time network
    148s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    17/07/2020, 04:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Fareit-FXH669AAA441B0C.26983.exe

  • Size

    1.3MB

  • MD5

    669aaa441b0cf2654c259e4c24b50143

  • SHA1

    ab3e801debb13208312a5cb508f2f7f8f87a5219

  • SHA256

    bac48e9a9fad6c9afa0387fe592bb1eabd56cfbcbffef2bbc765e32de2846478

  • SHA512

    91d4b8b82d62b2aeb7426280b7108a2eb3503c96e3e8aad0d6d331e3802143a838bd55a6b6836ec518288845c0a42048fa84795c1e524ce0307fe07f81d82023

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Fareit-FXH669AAA441B0C.26983.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Fareit-FXH669AAA441B0C.26983.exe"
    1⤵
      PID:2040
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 1160
        2⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious behavior: EnumeratesProcesses
        PID:2540

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2540-0-0x0000000004680000-0x0000000004681000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2540-1-0x0000000004680000-0x0000000004681000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2540-3-0x0000000004F30000-0x0000000004F31000-memory.dmp

            Filesize

            4KB

            Download