9cc36828708605652a9a1fc840e714b6fdaa685b9a63e0d81f49c39db35bcec1

General

Target

SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
Size

2.0MB
MD5

5709c789c96df4555f4c517d085332be
SHA1

ae16866b3896b847fbd7ebb99a1c0e352cd1e160
SHA256

9cc36828708605652a9a1fc840e714b6fdaa685b9a63e0d81f49c39db35bcec1
SHA512

539805b21c0c93a7c031a20f49d85653419bfdec611355abb9c7c70476ae41beeced6f9c4b967b9288537873610059b737de84c2c2d6df1e485e579b093de531

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

pid	process
1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

description pid process

Token: SeDebugPrivilege 1968 SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

description	pid	process
Token: SeDebugPrivilege	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1968

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
"{path}"
2⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
"{path}"
2⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
"{path}"
2⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
"{path}"
2⤵
PID:432

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
"{path}"
2⤵
PID:844

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1968-2-0x0000000074200000-0x00000000748EE000-memory.dmp

Filesize
6.9MB

Download
memory/1968-3-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/1968-5-0x0000000000280000-0x000000000028E000-memory.dmp

Filesize
56KB

Download
memory/1968-6-0x00000000060E0000-0x00000000062BB000-memory.dmp

Filesize
1.9MB

Download

description	pid	process	target process
PID 1968 wrote to memory of 1636	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 1636	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 1636	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 1636	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 1868	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 1868	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 1868	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 1868	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 268	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 268	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 268	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 268	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 432	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 432	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 432	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 432	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 844	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 844	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 844	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 844	1968	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe	SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

Analysis

Sharing