Analysis
-
max time kernel
54s -
max time network
56s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-11-2020 19:37
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe
-
Size
2.0MB
-
MD5
429f375e1c229f8363bf548c4e78f7d7
-
SHA1
1d92bc80f6ca0bf3f6e28214887b8d90d49f5419
-
SHA256
20054fdc1487c99a01a8844a5336c08af60a6237f3131219a0e3867cba3618e0
-
SHA512
3fa750eea91e16dd9013f930f3f6f756b0437a36ef05d5cb6c941172b61ec244273a2b54bd47827d583e56ea604424f165ad3070fabefd89ce98b53847d47855
Score
1/10
Malware Config
Signatures
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exeSecuriteInfo.com.Variant.Zusy.302928.7624.20864.exepid process 484 SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe 1340 SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe 1340 SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe -
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
SecuriteInfo.com.Variant.Zusy.302928.7624.20864.execmd.exedescription pid process target process PID 484 wrote to memory of 1340 484 SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe PID 484 wrote to memory of 1340 484 SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe PID 484 wrote to memory of 1340 484 SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe PID 484 wrote to memory of 1340 484 SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe PID 484 wrote to memory of 1536 484 SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe cmd.exe PID 484 wrote to memory of 1536 484 SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe cmd.exe PID 484 wrote to memory of 1536 484 SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe cmd.exe PID 484 wrote to memory of 1536 484 SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe cmd.exe PID 1536 wrote to memory of 1384 1536 cmd.exe PING.EXE PID 1536 wrote to memory of 1384 1536 cmd.exe PING.EXE PID 1536 wrote to memory of 1384 1536 cmd.exe PING.EXE PID 1536 wrote to memory of 1384 1536 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:484 -
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exeC:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe /C2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1340 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Zusy.302928.7624.20864.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:1536 -
C:\Windows\SysWOW64\PING.EXEping.exe -n 6 127.0.0.13⤵
- Runs ping.exe
PID:1384