Analysis
-
max time kernel
14s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-11-2020 19:35
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
-
Size
2.0MB
-
MD5
bef5b892c7db00fd6652a3489c3e88f7
-
SHA1
d87b6088bff692ca946b9b9f77c6d47af999a9a6
-
SHA256
60769011e0b36e12f2c1f3d1b53ea17c73de476d40f5d839c268020ea2c08da7
-
SHA512
6036bd3d1d14e940d8ccd96a5ac63e82a322dc23ba4b98bec3cb96cd4d1054fb0605bd65c0f3ca466d0cecd4222ed5ca3002b3e90ed67896f5b82568855f9489
Score
1/10
Malware Config
Signatures
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exeSecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exepid process 476 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe 1164 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe 1164 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe -
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.execmd.exedescription pid process target process PID 476 wrote to memory of 1164 476 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe PID 476 wrote to memory of 1164 476 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe PID 476 wrote to memory of 1164 476 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe PID 476 wrote to memory of 1164 476 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe PID 476 wrote to memory of 896 476 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe cmd.exe PID 476 wrote to memory of 896 476 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe cmd.exe PID 476 wrote to memory of 896 476 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe cmd.exe PID 476 wrote to memory of 896 476 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe cmd.exe PID 896 wrote to memory of 1348 896 cmd.exe PING.EXE PID 896 wrote to memory of 1348 896 cmd.exe PING.EXE PID 896 wrote to memory of 1348 896 cmd.exe PING.EXE PID 896 wrote to memory of 1348 896 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exeC:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe /C2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping.exe -n 6 127.0.0.13⤵
- Runs ping.exe