Analysis
-
max time kernel
16s -
max time network
111s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 19:35
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe
-
Size
2.0MB
-
MD5
06fc098e9bee239ad5bb817d3ef30185
-
SHA1
109f83114e59109f3ae30367776d10513a473c2d
-
SHA256
9b31f62eba51d6306c43c073911e03f80805f363683acc38ac31511a234c3f8d
-
SHA512
21b4cd83c6798836bc041794ea7a15f24194a34b7e30293ff9c66a0c04291a0d7c165f9ee02dd5a2bd03486f6e8a3ba98b0fb2afd40585b2e6ad9b66ca4764ec
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe -
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exeSecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exepid process 4668 SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe 4668 SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe 788 SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe 788 SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe 788 SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe 788 SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.execmd.exedescription pid process target process PID 4668 wrote to memory of 788 4668 SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe PID 4668 wrote to memory of 788 4668 SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe PID 4668 wrote to memory of 788 4668 SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe PID 4668 wrote to memory of 3968 4668 SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe cmd.exe PID 4668 wrote to memory of 3968 4668 SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe cmd.exe PID 4668 wrote to memory of 3968 4668 SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe cmd.exe PID 3968 wrote to memory of 4256 3968 cmd.exe PING.EXE PID 3968 wrote to memory of 4256 3968 cmd.exe PING.EXE PID 3968 wrote to memory of 4256 3968 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exeC:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe /C2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39574.10161.4629.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping.exe -n 6 127.0.0.13⤵
- Runs ping.exe