Analysis
-
max time kernel
117s -
max time network
124s -
platform
windows7_x64 -
resource
win7 -
submitted
31-07-2020 20:33
General
-
Target
SecuriteInfo.com.Generic.mg.c273e75105e752ed.512.exe
-
Size
140KB
-
MD5
c273e75105e752ed59f14f4d97683001
-
SHA1
5f1e89ae2529fd52bcad9d79a9cd933d27f3d274
-
SHA256
22d381feb748820ad07b312c2d6c9d82330b380fbf1676c82146f228d493d944
-
SHA512
0f4d178ecde5d937163c0dfd7f100098baecc3c5cef5b19293d61a8e3ede12f149788e0b04ec503756bcb73c42c027711ea75ec20385923c8e348dfa26e7ada7
Score
8/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
-
Executes dropped EXE 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Generic.mg.c273e75105e752ed.512.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Generic.mg.c273e75105e752ed.512.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Drops file in Windows directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {E5C05134-87C1-441D-8CF3-B4645B789D1B} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\avxbp\mghcwau.exeC:\ProgramData\avxbp\mghcwau.exe start2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\avxbp\mghcwau.exe
-
C:\ProgramData\avxbp\mghcwau.exe
-
memory/336-3-0x0000000000000000-mapping.dmp
-
memory/336-5-0x00000000033A6000-0x00000000033A7000-memory.dmpFilesize
4KB
-
memory/336-6-0x0000000003910000-0x0000000003921000-memory.dmpFilesize
68KB
-
memory/1464-0-0x0000000003426000-0x0000000003427000-memory.dmpFilesize
4KB
-
memory/1464-1-0x0000000004C20000-0x0000000004C31000-memory.dmpFilesize
68KB