Overview

overview

9

Static

static

9

SecuriteIn...04.exe

windows7_x64

1

SecuriteIn...04.exe

windows10_x64

1

Analysis

  • max time kernel
    16s
  • max time network
    111s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    09-11-2020 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe

  • Size

    2.0MB

  • MD5

    2d262b7c38722cc7acafebbabd2c7d83

  • SHA1

    2e29bbe8eea22606527a1cc4b1759cb98bc38af0

  • SHA256

    09e51710405345b4b28b6dc0562d4a05b3564b43028a552f42136c97b2994bb9

  • SHA512

    5c6c215caa98eaf1ce6a5cdad4d3501720d4270a1133a8e0d6c18d19c1da0d3c5e29e7415db30e25a950893524d9b6c8860a2312c329937c19c00bf57733c3f7

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4768
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe
      C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe /C
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      PID:2808
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:644
      • C:\Windows\SysWOW64\PING.EXE
        ping.exe -n 6 127.0.0.1
        3⤵
        • Runs ping.exe
        PID:428

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/428-3-0x0000000000000000-mapping.dmp
    Download
  • memory/644-2-0x0000000000000000-mapping.dmp
    Download
  • memory/2808-0-0x0000000000000000-mapping.dmp
    Download
  • memory/2808-1-0x0000000002860000-0x0000000002861000-memory.dmp
    Filesize

    4KB

    Download