Analysis
-
max time kernel
25s -
max time network
111s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 19:30
General
-
Target
SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe
-
Size
1.8MB
-
MD5
e139969d784f0fa5a453c1c61f567461
-
SHA1
4b78b16a38c6eb1a743efe2094026b5aadf6e737
-
SHA256
cb6482a720030ffef0799c6743bb134a71962531a05f38c5706449985ca37d52
-
SHA512
0b9e4e9e05287c5f2804578d4570640cc60a73cc37527f1acae99d3c82663a612167dbd29c1b2eb3751e31315eec37e776285749f47dae2d51b9c5bb151bac40
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.579.exeC:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe /C2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping.exe -n 6 127.0.0.13⤵
- Runs ping.exe
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1320-3-0x0000000000000000-mapping.dmp
-
memory/2680-2-0x0000000000000000-mapping.dmp
-
memory/4092-0-0x0000000000000000-mapping.dmp
-
memory/4092-1-0x0000000002840000-0x0000000002841000-memory.dmpFilesize
4KB