Analysis
-
max time kernel
34s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-11-2020 21:00
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe
Resource
win10v20201028
General
-
Target
SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe
-
Size
248KB
-
MD5
0bfd40449c1de10ddaa4d9a85e01b32c
-
SHA1
6717435249b4c5a75c34f4d9584d3f42b45eb6cc
-
SHA256
7c7006f806e0b360bebc42c8e7d75507afbcd0569f153adc0cf06f5a35e2c1b3
-
SHA512
ff3331152209921783969033ea04967d17d95d30a90001140b94e4773dcf411b1395a9cbef810e047230f41bcdde6222492001f3826fcc445a3f94926a3c7ab6
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe -
Deletes itself 1 IoCs
Processes:
cmd.exepid process 1660 cmd.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.execmd.exedescription pid process target process PID 2036 wrote to memory of 1660 2036 SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe cmd.exe PID 2036 wrote to memory of 1660 2036 SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe cmd.exe PID 2036 wrote to memory of 1660 2036 SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe cmd.exe PID 2036 wrote to memory of 1660 2036 SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe cmd.exe PID 1660 wrote to memory of 1652 1660 cmd.exe attrib.exe PID 1660 wrote to memory of 1652 1660 cmd.exe attrib.exe PID 1660 wrote to memory of 1652 1660 cmd.exe attrib.exe PID 1660 wrote to memory of 1652 1660 cmd.exe attrib.exe -
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe"1⤵
- Checks BIOS information in registry
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\259295689.bat" "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe""2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib -r -s -h "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe"3⤵
- Views/modifies file attributes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\259295689.batMD5
0bf80c5440e3555c4ab125d93d210028
SHA14df44ffc0e62d2f2a7e28c08b9b626914a5acaa8
SHA2568518a46c1533e5ba6336573d4ffdbb2c43bbd737ec9ffe20fe89e4215a926961
SHA51217663910064b08751ec53af2d6a7ab4c7f4fe4fd0b25b9713d29c4ba31a497dfa9034f44240c0a44652bf701e57e3868d0bc6661d29e9c87cd26c15e0cc71d13
-
memory/1652-2-0x0000000000000000-mapping.dmp
-
memory/1660-0-0x0000000000000000-mapping.dmp