170d07557b53788f7718957661880e48e7e8aa711d417ef722ef1da67beb9e58

General

Target

SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
Size

706KB
MD5

9c4dae36c101af2a1bf1b1de16ee5868
SHA1

bcfc8812e4e9457366c8930309875aae3c1c7a73
SHA256

170d07557b53788f7718957661880e48e7e8aa711d417ef722ef1da67beb9e58
SHA512

c2b03abf2ebcc8d7a3b6815594b7bcbf46adb5843c3dc7a96753df616343b3c8fcbe156ccc892e061d4ea86c95199a58c27490e53b5eaff26fc606f77f8c5bca

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe

pid	process
292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe

description pid process

Token: SeDebugPrivilege 292 SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe

description	pid	process
Token: SeDebugPrivilege	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:292

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
"{path}"
2⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
"{path}"
2⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
"{path}"
2⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
"{path}"
2⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
"{path}"
2⤵
PID:1472

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/292-0-0x00000000748D0000-0x0000000074FBE000-memory.dmp

Filesize
6.9MB

Download
memory/292-1-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/292-3-0x0000000001EC0000-0x0000000001F1B000-memory.dmp

Filesize
364KB

Download
memory/292-4-0x00000000005E0000-0x00000000005F1000-memory.dmp

Filesize
68KB

Download
memory/292-9-0x00000000005E0000-0x00000000005F1000-memory.dmp

Filesize
68KB

Download
memory/292-610-0x0000000000710000-0x0000000000724000-memory.dmp

Filesize
80KB

Download
memory/292-611-0x00000000048F0000-0x0000000004949000-memory.dmp

Filesize
356KB

Download

description	pid	process	target process
PID 292 wrote to memory of 1672	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1672	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1672	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1672	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1580	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1580	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1580	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1580	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1008	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1008	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1008	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1008	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 332	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 332	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 332	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 332	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1472	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1472	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1472	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe
PID 292 wrote to memory of 1472	292	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe	SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe

Analysis

Sharing