Analysis
-
max time kernel
23s -
max time network
73s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 19:36
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe
-
Size
2.0MB
-
MD5
2ce698773ab268afeb0c3fc643b1293e
-
SHA1
cbe87beb3fdc6091c319a103d33b693ae6e9d484
-
SHA256
10ed81b1d71aee0029c36f386b2c5d8afce2373982232da36d0999e8c72df971
-
SHA512
df2fe9e4043c5df0f164bac4b32a7255f205ee7684c6cf2c2c93681839bd4cde9f32a3481594443d3d8bde5741b15b8baccc084bd10c9e060c241e5d09f8acc5
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe -
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exeSecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exepid process 972 SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe 972 SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe 1192 SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe 1192 SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe 1192 SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe 1192 SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.execmd.exedescription pid process target process PID 972 wrote to memory of 1192 972 SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe PID 972 wrote to memory of 1192 972 SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe PID 972 wrote to memory of 1192 972 SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe PID 972 wrote to memory of 884 972 SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe cmd.exe PID 972 wrote to memory of 884 972 SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe cmd.exe PID 972 wrote to memory of 884 972 SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe cmd.exe PID 884 wrote to memory of 2192 884 cmd.exe PING.EXE PID 884 wrote to memory of 2192 884 cmd.exe PING.EXE PID 884 wrote to memory of 2192 884 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exeC:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe /C2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.20937.2924.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping.exe -n 6 127.0.0.13⤵
- Runs ping.exe