Analysis
-
max time kernel
90s -
max time network
91s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-11-2020 19:29
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe
-
Size
1.8MB
-
MD5
2ee8b7769503088a310b710416b4033a
-
SHA1
a8d0ef6771b1db73e840596c9add5b9bdc26d602
-
SHA256
bf6ab55e02880cb4aff0dff16a2d608b56be4cd88b5a2c425ef3934f4cc091c3
-
SHA512
9f8752ff0d5ed07aeaa0f5186ef8089db7dc429f83895817065cf842dec63d52b691ed0b21797a70e1fc2e1482da44674ce0a775632d149a4d211b00ad10993c
Malware Config
Signatures
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exeSecuriteInfo.com.Win32.Kryptik.HDBX.3579.exepid process 1960 SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe 1724 SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe 1724 SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe -
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
SecuriteInfo.com.Win32.Kryptik.HDBX.3579.execmd.exedescription pid process target process PID 1960 wrote to memory of 1724 1960 SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe PID 1960 wrote to memory of 1724 1960 SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe PID 1960 wrote to memory of 1724 1960 SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe PID 1960 wrote to memory of 1724 1960 SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe PID 1960 wrote to memory of 1644 1960 SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe cmd.exe PID 1960 wrote to memory of 1644 1960 SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe cmd.exe PID 1960 wrote to memory of 1644 1960 SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe cmd.exe PID 1960 wrote to memory of 1644 1960 SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe cmd.exe PID 1644 wrote to memory of 756 1644 cmd.exe PING.EXE PID 1644 wrote to memory of 756 1644 cmd.exe PING.EXE PID 1644 wrote to memory of 756 1644 cmd.exe PING.EXE PID 1644 wrote to memory of 756 1644 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exeC:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe /C2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Kryptik.HDBX.3579.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping.exe -n 6 127.0.0.13⤵
- Runs ping.exe