Analysis
-
max time kernel
150s -
max time network
136s -
platform
windows10_x64 -
resource
win10 -
submitted
01-08-2020 19:33
General
-
Target
SecuriteInfo.com.Trojan.DownLoader33.36721.26238.29912.exe
-
Size
115KB
-
MD5
2d96d4b232edab88dd7bf3ab0e87f5f0
-
SHA1
7979259ca944d83302caa738fc01f460b31e8d85
-
SHA256
d85623e40ad2ce2710913d1033fc78e3c0c7151837f4af41bf592ceb5bf68cdf
-
SHA512
5caf735b63dba73089268a9887148cee5cd1584128298e049425ffbdf52138d75b93298ae388dbd935d3d7f39a1e9238757d9cab7ab150a72000e9a2a56009ac
Score
8/10
Malware Config
Signatures
-
Drops startup file 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
-
Executes dropped EXE 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 13 IoCs
-
Modifies Windows Firewall 1 TTPs
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.DownLoader33.36721.26238.29912.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.DownLoader33.36721.26238.29912.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\System.exe"C:\Users\Admin\AppData\Local\Temp\System.exe"2⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Adds Run key to start application
-
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\System.exe" "System.exe" ENABLE3⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\System.exe
-
C:\Users\Admin\AppData\Local\Temp\System.exe
-
memory/2892-0-0x0000000000000000-mapping.dmp
-
memory/3616-3-0x0000000000000000-mapping.dmp