Analysis
-
max time kernel
23s -
max time network
113s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 19:36
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe
-
Size
2.0MB
-
MD5
ef61071df06d356311801907c2d135c2
-
SHA1
1d2271e1d3800c6489ad48195f9506f4cec1ab09
-
SHA256
98ac4fde26f6f87ed27f7c1b1f3ce88e86ea0fd2303c13b90ff77e77c70100be
-
SHA512
2a57c2418bda827b98597c563a87b37006ce7a126855be54cd14e8cec88b823fb42aa9b5750257a8f229772ea4b76df31581709c19dd8cba8c23a0b0962cd068
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe -
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exeSecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exepid process 412 SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe 412 SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe 1008 SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe 1008 SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe 1008 SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe 1008 SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.execmd.exedescription pid process target process PID 412 wrote to memory of 1008 412 SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe PID 412 wrote to memory of 1008 412 SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe PID 412 wrote to memory of 1008 412 SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe PID 412 wrote to memory of 2924 412 SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe cmd.exe PID 412 wrote to memory of 2924 412 SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe cmd.exe PID 412 wrote to memory of 2924 412 SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe cmd.exe PID 2924 wrote to memory of 3796 2924 cmd.exe PING.EXE PID 2924 wrote to memory of 3796 2924 cmd.exe PING.EXE PID 2924 wrote to memory of 3796 2924 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exeC:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe /C2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.13300.25948.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping.exe -n 6 127.0.0.13⤵
- Runs ping.exe