Analysis
-
max time kernel
149s -
max time network
64s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
01-08-2020 19:30
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe
-
Size
322KB
-
MD5
75363c46c34315176a3037ae4cf38269
-
SHA1
7887760491424f8ca1bdb120877424e694b49c8a
-
SHA256
4af607b8f0a25a2125d39656c45466ce256e10d053c7e4b1b230ea839648b076
-
SHA512
f7fca634abe83973b4e66a20c4e753cd8f69cd287dab84accf06519f3d145b23da421015e7ae70bb37603c9399dcebfaacff2b61154190d39fbb9b3d8ae47eec
Score
8/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exedescription pid process Token: SeDebugPrivilege 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
Processes:
SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exepid process 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.execmd.exedescription pid process target process PID 3952 wrote to memory of 1000 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe securiteinfo.com.trojan.downloader19.14585.15763.1162.exe PID 3952 wrote to memory of 1000 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe securiteinfo.com.trojan.downloader19.14585.15763.1162.exe PID 3952 wrote to memory of 1000 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe securiteinfo.com.trojan.downloader19.14585.15763.1162.exe PID 3952 wrote to memory of 1012 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe cmd.exe PID 3952 wrote to memory of 1012 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe cmd.exe PID 3952 wrote to memory of 1012 3952 SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe cmd.exe PID 1012 wrote to memory of 1412 1012 cmd.exe PING.EXE PID 1012 wrote to memory of 1412 1012 cmd.exe PING.EXE PID 1012 wrote to memory of 1412 1012 cmd.exe PING.EXE -
Executes dropped EXE 1 IoCs
Processes:
securiteinfo.com.trojan.downloader19.14585.15763.1162.exepid process 1000 securiteinfo.com.trojan.downloader19.14585.15763.1162.exe -
Runs ping.exe 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\securiteinfo.com.trojan.downloader19.14585.15763.1162\securiteinfo.com.trojan.downloader19.14585.15763.1162.exe"C:\Users\Admin\AppData\Local\Temp\securiteinfo.com.trojan.downloader19.14585.15763.1162\securiteinfo.com.trojan.downloader19.14585.15763.1162.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 1000 > Nul & Del "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.DownLoader19.14585.15763.1162.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 10003⤵
- Runs ping.exe
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\securiteinfo.com.trojan.downloader19.14585.15763.1162.exe.log
-
C:\Users\Admin\AppData\Local\Temp\securiteinfo.com.trojan.downloader19.14585.15763.1162\securiteinfo.com.trojan.downloader19.14585.15763.1162.exe
-
C:\Users\Admin\AppData\Local\Temp\securiteinfo.com.trojan.downloader19.14585.15763.1162\securiteinfo.com.trojan.downloader19.14585.15763.1162.exe
-
memory/1000-0-0x0000000000000000-mapping.dmp
-
memory/1012-3-0x0000000000000000-mapping.dmp
-
memory/1412-5-0x0000000000000000-mapping.dmp