Analysis
-
max time kernel
94s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 19:35
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe
-
Size
2.0MB
-
MD5
bef5b892c7db00fd6652a3489c3e88f7
-
SHA1
d87b6088bff692ca946b9b9f77c6d47af999a9a6
-
SHA256
60769011e0b36e12f2c1f3d1b53ea17c73de476d40f5d839c268020ea2c08da7
-
SHA512
6036bd3d1d14e940d8ccd96a5ac63e82a322dc23ba4b98bec3cb96cd4d1054fb0605bd65c0f3ca466d0cecd4222ed5ca3002b3e90ed67896f5b82568855f9489
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe -
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exeSecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exepid process 740 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe 740 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe 204 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe 204 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe 204 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe 204 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.execmd.exedescription pid process target process PID 740 wrote to memory of 204 740 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe PID 740 wrote to memory of 204 740 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe PID 740 wrote to memory of 204 740 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe PID 740 wrote to memory of 3492 740 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe cmd.exe PID 740 wrote to memory of 3492 740 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe cmd.exe PID 740 wrote to memory of 3492 740 SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe cmd.exe PID 3492 wrote to memory of 992 3492 cmd.exe PING.EXE PID 3492 wrote to memory of 992 3492 cmd.exe PING.EXE PID 3492 wrote to memory of 992 3492 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exeC:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe /C2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Inject3.39575.25249.24693.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping.exe -n 6 127.0.0.13⤵
- Runs ping.exe