60769011e0b36e12f2c1f3d1b53ea17c73de476d40f5d839c268020ea2c08da7

General

Target

SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
Size

2.0MB
MD5

bef5b892c7db00fd6652a3489c3e88f7
SHA1

d87b6088bff692ca946b9b9f77c6d47af999a9a6
SHA256

60769011e0b36e12f2c1f3d1b53ea17c73de476d40f5d839c268020ea2c08da7
SHA512

6036bd3d1d14e940d8ccd96a5ac63e82a322dc23ba4b98bec3cb96cd4d1054fb0605bd65c0f3ca466d0cecd4222ed5ca3002b3e90ed67896f5b82568855f9489

Score

1^/10

Malware Config

Signatures

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

1348 PING.EXE

pid	process
1348	PING.EXE

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exeSecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe

pid	process
476	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
1164	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
1164	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.execmd.exe

description	pid	process	target process
PID 476 wrote to memory of 1164	476	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
PID 476 wrote to memory of 1164	476	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
PID 476 wrote to memory of 1164	476	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
PID 476 wrote to memory of 1164	476	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
PID 476 wrote to memory of 896	476	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe	cmd.exe
PID 476 wrote to memory of 896	476	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe	cmd.exe
PID 476 wrote to memory of 896	476	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe	cmd.exe
PID 476 wrote to memory of 896	476	SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe	cmd.exe
PID 896 wrote to memory of 1348	896	cmd.exe	PING.EXE
PID 896 wrote to memory of 1348	896	cmd.exe	PING.EXE
PID 896 wrote to memory of 1348	896	cmd.exe	PING.EXE
PID 896 wrote to memory of 1348	896	cmd.exe	PING.EXE

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:476

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe /C
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1164

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:896

C:\Windows\SysWOW64\PING.EXE
ping.exe -n 6 127.0.0.1
3⤵
- Runs ping.exe
PID:1348

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/896-2-0x0000000000000000-mapping.dmp

Download
memory/1164-0-0x0000000000000000-mapping.dmp

Download
memory/1164-1-0x0000000002420000-0x0000000002431000-memory.dmp

Filesize
68KB

Download
memory/1348-3-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing