Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 21:00
General
-
Target
SecuriteInfo.com.MSIL11.BQEP.16523.30026.exe
-
Size
523KB
-
MD5
d335904e0fc1209cced63553bebb5203
-
SHA1
118580c111cd1d5da92c281647cb773d060dfb4b
-
SHA256
55b8c931d255cef1b2541db94a1eea700b9849c253ca5b24f31aeaf272a276c9
-
SHA512
59b89a9148f16fc9e0e9098dcb2f3fc12e146377fc097fc2012ee45800c1c7b7d4c1ef1125b387ffd1be47e46d2eac6f5504b91d2dbd13d28eecc372539a3506
Score
8/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops startup file 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.MSIL11.BQEP.16523.30026.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.MSIL11.BQEP.16523.30026.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ru3211.bat" "2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wscript.exewscript.exe "C:\Users\Admin\AppData\Local\Temp\thenewinvs.vbs" "C:\Users\Admin\AppData\Local\Temp\anothenwtshit.bat3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\anothenwtshit.bat" "4⤵
- Drops startup file
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-