Analysis
-
max time kernel
137s -
max time network
141s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
01-08-2020 19:35
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exe
-
Size
63KB
-
MD5
49b71eb3c4e9b9f5f4d58722e6bcdfa4
-
SHA1
519870c71a1ae3c12300284139d1e311e16ea416
-
SHA256
8179d0b5e1307621aa793c502a89ac3b7aba833f3b4fc815f99d0dbc85aa7c06
-
SHA512
8303a45003605f4c1dc7b7ca182f526eb0897c3e43d5118c448b94cc3f25e4e32b13b4722165e4c7cc72e14d0cdf9fd3612656919bc50febf4e0574454235acb
Score
6/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exedescription pid process target process PID 3740 wrote to memory of 3876 3740 SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exe explorer.exe PID 3740 wrote to memory of 3876 3740 SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exe explorer.exe PID 3740 wrote to memory of 3876 3740 SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exe explorer.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exepid process 3740 SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exedescription pid process target process PID 3740 set thread context of 3876 3740 SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exe explorer.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
explorer.exepid process 3876 explorer.exe 3876 explorer.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
explorer.exedescription pid process Token: SeDebugPrivilege 3876 explorer.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winmgr = "C:\\Users\\Admin\\AppData\\Roaming\\RmiRNe0PT9k3qos89RIUWm8AN1TA.exe" SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exe -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exepid process 3740 SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject2.57861.24408.7581.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
- Adds Run key to start application
- Suspicious behavior: RenamesItself
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\system32\explorer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken