Overview

overview

10

Static

static

SecuriteIn...17.exe

windows7_x64

10

SecuriteIn...17.exe

windows10_x64

3

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    01-08-2020 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.GenericKD.43569931.17547.14217.exe

  • Size

    531KB

  • MD5

    17e2541126192fb39fcfd63c4ea3308a

  • SHA1

    468cc15e755e368bc56c779ac801a95dffd6c4a9

  • SHA256

    a1bf9a7b8d6dd555ea81443658567d3d5cd91cdf57ccdbaf9557db1531349f64

  • SHA512

    8b9ad5da4ff25611e5d3cc1d7645a7ac9ea6b6c1e1f1dfb1953cd3c4fbd5cf3f5e86e1cf38a01aad787848eaa421ef7f1d242bc40a0567071143e53cb25df84c

Score
3/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.43569931.17547.14217.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.43569931.17547.14217.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    PID:3932
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 956
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious behavior: EnumeratesProcesses
      • Program crash
      PID:3200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3200-0-0x0000000004BF0000-0x0000000004BF1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3200-1-0x00000000051B0000-0x00000000051B1000-memory.dmp
    Filesize

    4KB

    Download