Analysis
-
max time kernel
146s -
max time network
147s -
platform
windows10_x64 -
resource
win10 -
submitted
01-08-2020 19:35
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.GenericKD.34222957.15631.17502.dll
Resource
win7
windows7_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Trojan.GenericKD.34222957.15631.17502.dll
-
Size
395KB
-
MD5
5120008536c0de7bf6030f10377ec8c0
-
SHA1
778a0fd8c2b307ad1aba4a66fadef2ff3306d5d0
-
SHA256
fa09c9ab2f3fc8d3c6541cb835769792d6bc041ba5aa1d04a22be1608791ad9e
-
SHA512
83f151f19a5cada9420040522d21b52943793530e5e43d1e0e47f8b4cc726d4b741663d4c8b8ef03649c1b281cd9c702419cb580abc555317363e7b8d02edb15
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 3968 rundll32.exe 3968 rundll32.exe -
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
Processes:
rundll32.exedescription pid process target process PID 3968 created 3020 3968 rundll32.exe Explorer.EXE -
Suspicious use of SetThreadContext 1 IoCs
Processes:
rundll32.exedescription pid process target process PID 3968 set thread context of 416 3968 rundll32.exe msiexec.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 3100 wrote to memory of 3968 3100 rundll32.exe rundll32.exe PID 3100 wrote to memory of 3968 3100 rundll32.exe rundll32.exe PID 3100 wrote to memory of 3968 3100 rundll32.exe rundll32.exe PID 3968 wrote to memory of 416 3968 rundll32.exe msiexec.exe PID 3968 wrote to memory of 416 3968 rundll32.exe msiexec.exe PID 3968 wrote to memory of 416 3968 rundll32.exe msiexec.exe PID 3968 wrote to memory of 416 3968 rundll32.exe msiexec.exe PID 3968 wrote to memory of 416 3968 rundll32.exe msiexec.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
rundll32.exemsiexec.exedescription pid process Token: SeDebugPrivilege 3968 rundll32.exe Token: SeSecurityPrivilege 416 msiexec.exe Token: SeSecurityPrivilege 416 msiexec.exe
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.34222957.15631.17502.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.34222957.15631.17502.dll,#13⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\msiexec.exemsiexec.exe2⤵
- Suspicious use of AdjustPrivilegeToken