Analysis
-
max time kernel
22s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 19:35
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe
-
Size
2.0MB
-
MD5
892775d3437bf132cc10d2f9011c95b2
-
SHA1
7ec18bbabfc7122663cbb79457b51e509c04bcb5
-
SHA256
c106ecd2d151adeff8000fb30c9ae1a3dd664e3346754dba855a455c37991274
-
SHA512
4608abcd1f912058419102ef601a28486e6d5909dc8428fb4482e0b5de48073c579c008d679d5261553361da01e4ad53e4878373b8253262f476f0745cd7f05a
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\DeviceDesc SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Service SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000 SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\DeviceDesc SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Service SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000 SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe -
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exeSecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exepid process 984 SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe 984 SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe 2272 SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe 2272 SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe 2272 SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe 2272 SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.execmd.exedescription pid process target process PID 984 wrote to memory of 2272 984 SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe PID 984 wrote to memory of 2272 984 SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe PID 984 wrote to memory of 2272 984 SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe PID 984 wrote to memory of 2280 984 SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe cmd.exe PID 984 wrote to memory of 2280 984 SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe cmd.exe PID 984 wrote to memory of 2280 984 SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe cmd.exe PID 2280 wrote to memory of 208 2280 cmd.exe PING.EXE PID 2280 wrote to memory of 208 2280 cmd.exe PING.EXE PID 2280 wrote to memory of 208 2280 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exeC:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe /C2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping.exe -n 6 127.0.0.1 & type "C:\Windows\System32\calc.exe" > "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Agent.EQDY.7049.25175.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping.exe -n 6 127.0.0.13⤵
- Runs ping.exe