Analysis
-
max time kernel
106s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 19:34
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe
-
Size
2.0MB
-
MD5
3af1f572ea705aed7f84730a710b4222
-
SHA1
3e0aaed41a8395ed49f16301c2781b8a0d8fa327
-
SHA256
6f603badfe96ba7f8d6ba5c2b815eab659e7af8a856e15e7594d57800e3e5e12
-
SHA512
6af836efd5d7ea2f2aabff181d3376d4fabbeb332152af4c96b70c1df9c2ef94395516e43165ef25d66851f46bfbe72e470038307bc1d1defff0d348b07c5c6a
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe -
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exeSecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exepid process 728 SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe 728 SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe 2620 SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe 2620 SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe 2620 SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe 2620 SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.execmd.exedescription pid process target process PID 728 wrote to memory of 2620 728 SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe PID 728 wrote to memory of 2620 728 SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe PID 728 wrote to memory of 2620 728 SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe PID 728 wrote to memory of 1296 728 SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe cmd.exe PID 728 wrote to memory of 1296 728 SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe cmd.exe PID 728 wrote to memory of 1296 728 SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe cmd.exe PID 1296 wrote to memory of 3916 1296 cmd.exe PING.EXE PID 1296 wrote to memory of 3916 1296 cmd.exe PING.EXE PID 1296 wrote to memory of 3916 1296 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exeC:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe /C2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Agent.EQDY.895.3145.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping.exe -n 6 127.0.0.13⤵
- Runs ping.exe