Analysis
-
max time kernel
25s -
max time network
111s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 19:30
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe
-
Size
1.8MB
-
MD5
e139969d784f0fa5a453c1c61f567461
-
SHA1
4b78b16a38c6eb1a743efe2094026b5aadf6e737
-
SHA256
cb6482a720030ffef0799c6743bb134a71962531a05f38c5706449985ca37d52
-
SHA512
0b9e4e9e05287c5f2804578d4570640cc60a73cc37527f1acae99d3c82663a612167dbd29c1b2eb3751e31315eec37e776285749f47dae2d51b9c5bb151bac40
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
SecuriteInfo.com.Win32.Kryptik.HDBX.579.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe -
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
SecuriteInfo.com.Win32.Kryptik.HDBX.579.exeSecuriteInfo.com.Win32.Kryptik.HDBX.579.exepid process 500 SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe 500 SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe 4092 SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe 4092 SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe 4092 SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe 4092 SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
SecuriteInfo.com.Win32.Kryptik.HDBX.579.execmd.exedescription pid process target process PID 500 wrote to memory of 4092 500 SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe PID 500 wrote to memory of 4092 500 SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe PID 500 wrote to memory of 4092 500 SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe PID 500 wrote to memory of 2680 500 SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe cmd.exe PID 500 wrote to memory of 2680 500 SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe cmd.exe PID 500 wrote to memory of 2680 500 SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe cmd.exe PID 2680 wrote to memory of 1320 2680 cmd.exe PING.EXE PID 2680 wrote to memory of 1320 2680 cmd.exe PING.EXE PID 2680 wrote to memory of 1320 2680 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:500 -
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.579.exeC:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe /C2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:4092 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.579.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:2680 -
C:\Windows\SysWOW64\PING.EXEping.exe -n 6 127.0.0.13⤵
- Runs ping.exe
PID:1320