Overview

overview

10

Static

static

SecuriteIn...88.exe

windows7_x64

10

SecuriteIn...88.exe

windows10_x64

10

Analysis

  • max time kernel
    43s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7v200722
  • submitted
    01-08-2020 19:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.BackDoor.SpyBotNET.17.10332.27788.exe

  • Size

    455KB

  • MD5

    8c5fad5ff5c2c0af9ce18b5130f3d43c

  • SHA1

    0e2cb2a9fd256afdb2a877fa0b8fbe6c7d30c6b4

  • SHA256

    f11bf0f5b97161b5d27b4cbbc02fae52957df15646513874df10bc06d1d4e5df

  • SHA512

    c3ecee109de715fb49ca3e8fd35b598c01ff59ccaf377bfb3b2f5d8463bad6e469a89f8dd56cdae3781335a72e3eb695c7dd4f675f9f64712e97f9fea5fafed2

Score
10/10
rattrojanspywarestealerformbook

Malware Config

Signatures

  • Formbook Payload 3 IoCs
    rat
  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Suspicious use of WriteProcessMemory 7 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.SpyBotNET.17.10332.27788.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.SpyBotNET.17.10332.27788.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    • Suspicious use of SetThreadContext
    PID:1588
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.SpyBotNET.17.10332.27788.exe
      "{path}"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1040-1-0x000000000041E200-mapping.dmp
    Download
  • memory/1040-0-0x0000000000400000-0x000000000042D000-memory.dmp
    Filesize

    180KB

    Download