Analysis
-
max time kernel
16s -
max time network
111s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 19:35
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe
-
Size
2.0MB
-
MD5
2d262b7c38722cc7acafebbabd2c7d83
-
SHA1
2e29bbe8eea22606527a1cc4b1759cb98bc38af0
-
SHA256
09e51710405345b4b28b6dc0562d4a05b3564b43028a552f42136c97b2994bb9
-
SHA512
5c6c215caa98eaf1ce6a5cdad4d3501720d4270a1133a8e0d6c18d19c1da0d3c5e29e7415db30e25a950893524d9b6c8860a2312c329937c19c00bf57733c3f7
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe -
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exeSecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exepid process 4768 SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe 4768 SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe 2808 SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe 2808 SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe 2808 SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe 2808 SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.execmd.exedescription pid process target process PID 4768 wrote to memory of 2808 4768 SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe PID 4768 wrote to memory of 2808 4768 SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe PID 4768 wrote to memory of 2808 4768 SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe PID 4768 wrote to memory of 644 4768 SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe cmd.exe PID 4768 wrote to memory of 644 4768 SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe cmd.exe PID 4768 wrote to memory of 644 4768 SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe cmd.exe PID 644 wrote to memory of 428 644 cmd.exe PING.EXE PID 644 wrote to memory of 428 644 cmd.exe PING.EXE PID 644 wrote to memory of 428 644 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exeC:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe /C2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.9583.23204.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping.exe -n 6 127.0.0.13⤵
- Runs ping.exe