Analysis
-
max time kernel
36s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 21:00
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe
Resource
win10v20201028
General
-
Target
SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe
-
Size
248KB
-
MD5
0bfd40449c1de10ddaa4d9a85e01b32c
-
SHA1
6717435249b4c5a75c34f4d9584d3f42b45eb6cc
-
SHA256
7c7006f806e0b360bebc42c8e7d75507afbcd0569f153adc0cf06f5a35e2c1b3
-
SHA512
ff3331152209921783969033ea04967d17d95d30a90001140b94e4773dcf411b1395a9cbef810e047230f41bcdde6222492001f3826fcc445a3f94926a3c7ab6
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.execmd.exedescription pid process target process PID 656 wrote to memory of 192 656 SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe cmd.exe PID 656 wrote to memory of 192 656 SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe cmd.exe PID 656 wrote to memory of 192 656 SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe cmd.exe PID 192 wrote to memory of 2120 192 cmd.exe attrib.exe PID 192 wrote to memory of 2120 192 cmd.exe attrib.exe PID 192 wrote to memory of 2120 192 cmd.exe attrib.exe -
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe"1⤵
- Checks BIOS information in registry
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\259315140.bat" "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib -r -s -h "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Downloader.Generic14.CHCV.9257.1895.exe"3⤵
- Views/modifies file attributes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\259315140.batMD5
8e64b58b53fc71e37badecfd56d87e8c
SHA14a0c7a2e97b400465eb93f0eadb126c51b0d45b6
SHA2563cda23cff4fa3288324a2bf298524a4e3070e3dee3a5f41b85902b38ab297721
SHA512a632ba4715221f6cfe1488142853fa8bae4f6664d6dd54a82d9304d977683c5ae560341df867b04902dc8fa120fdb87f54b2411a80f1620eadf1a2047fe0c563
-
memory/192-0-0x0000000000000000-mapping.dmp
-
memory/2120-2-0x0000000000000000-mapping.dmp