Analysis Overview
SHA256
9cc36828708605652a9a1fc840e714b6fdaa685b9a63e0d81f49c39db35bcec1
Threat Level: Known bad
The file SecuriteInfo.com.Trojan.PackedNET.405.30542.16556 was found to be: Known bad.
Malicious Activity Summary
MassLogger
MassLogger log file
UPX packed file
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Looks up external IP address via web service
Suspicious use of SetThreadContext
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2020-12-01 20:53
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2020-12-01 20:53
Reported
2020-12-01 20:55
Platform
win10v20201028
Max time kernel
133s
Max time network
134s
Command Line
Signatures
MassLogger
MassLogger log file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe | N/A |
Reads user/profile data of web browsers
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 576 set thread context of 3844 | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe"
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
"{path}"
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | api.ipify.org | udp |
| N/A | 54.225.220.115:80 | api.ipify.org | tcp |
| N/A | 8.8.8.8:53 | mail.bhavnatutor.com | udp |
| N/A | 162.211.86.20:587 | mail.bhavnatutor.com | tcp |
Files
memory/576-2-0x0000000073560000-0x0000000073C4E000-memory.dmp
memory/576-3-0x0000000000200000-0x0000000000201000-memory.dmp
memory/576-5-0x00000000051B0000-0x00000000051B1000-memory.dmp
memory/576-6-0x0000000004D90000-0x0000000004D91000-memory.dmp
memory/576-7-0x0000000004D50000-0x0000000004D51000-memory.dmp
memory/576-8-0x0000000005BE0000-0x0000000005BE1000-memory.dmp
memory/576-9-0x00000000050B0000-0x00000000050B1000-memory.dmp
memory/576-10-0x0000000004EB0000-0x0000000004EBE000-memory.dmp
memory/576-11-0x00000000068E0000-0x0000000006ABB000-memory.dmp
memory/3844-12-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-13-0x0000000000559DFE-mapping.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe.log
| MD5 | 3fed8d1dd11972a6e2603bb2d73a3ee5 |
| SHA1 | 7ecb7f64ade7b91c5815da647e84167c3d95afb4 |
| SHA256 | eecf6c0575dc995a485d46a5daaa66f58229e552f16782d873834d218ab17551 |
| SHA512 | ca6059eb67f800cc666d5146d24070abf5ee08209f8f9d1668a0ca2201eb3f6fa013c2d807b09925e12b82c37686980fcc26a6a5e4a5ba129c4b2a585961d3bb |
memory/3844-15-0x0000000073560000-0x0000000073C4E000-memory.dmp
memory/3844-19-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-20-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-21-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-22-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-23-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-24-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-25-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-18-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-26-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-27-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-28-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-29-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-30-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-31-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-32-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-33-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-34-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-35-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-36-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-37-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-38-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-39-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-40-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-41-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-42-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-43-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-44-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-45-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-46-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-47-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-48-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-49-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-50-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-51-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-52-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-53-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-54-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-55-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-56-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-57-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-58-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-59-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-60-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-61-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-62-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-63-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-64-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-65-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-66-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-67-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-68-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-69-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-70-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-71-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-72-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-73-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-74-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-75-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-76-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-77-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-78-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-79-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-80-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-81-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-82-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-83-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-84-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-86-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-85-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-87-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-89-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-88-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-90-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-91-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-92-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-93-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-94-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-95-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-96-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-97-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-98-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-100-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-99-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-101-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-102-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-103-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-104-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-105-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-106-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-107-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-108-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-109-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-110-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-111-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-112-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-113-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-114-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-115-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-116-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-117-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-118-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-119-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-120-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-121-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-122-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-123-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-124-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-125-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-126-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-127-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-128-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-129-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-130-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-131-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-132-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-133-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-134-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-135-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-136-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-137-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-138-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-139-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-140-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-141-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-142-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-143-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-144-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-145-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-146-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-147-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-148-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-149-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-150-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-151-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-152-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-153-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-154-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-155-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-156-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-157-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-158-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-159-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-160-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-161-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-162-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-163-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-164-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-165-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-166-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-167-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-168-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-169-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-170-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-171-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-172-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-173-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-174-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-175-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-176-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-177-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-178-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-179-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-180-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-181-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-182-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-183-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-184-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-185-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-186-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-187-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-188-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-189-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-190-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-191-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-192-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-193-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-194-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-195-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-196-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-197-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-198-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-199-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-200-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-201-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-202-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-203-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-204-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-205-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-206-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-207-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-208-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-209-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-210-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-211-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-212-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-213-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-214-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-215-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-216-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-217-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-218-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-219-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-220-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-221-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-222-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-223-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-224-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-225-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-226-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-227-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-228-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-229-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-230-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-231-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-232-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-233-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-234-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-235-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-236-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-237-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-238-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-239-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-240-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-241-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-242-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-244-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-243-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-245-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-246-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-247-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-248-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-249-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-250-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-251-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-252-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-253-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-254-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-255-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-256-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-257-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-258-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-259-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-260-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-261-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-262-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-263-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-264-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-267-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-266-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-265-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-268-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-270-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-271-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-269-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-273-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-272-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-274-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-275-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-276-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-277-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-278-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-279-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-280-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-281-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-282-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-283-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-284-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-285-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-286-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-287-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-288-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-289-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-290-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-291-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-292-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-293-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-294-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-296-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-295-0x0000000000400000-0x000000000055E000-memory.dmp
memory/3844-297-0x0000000000400000-0x000000000055E000-memory.dmp
\Users\Admin\AppData\Local\Temp\Costura\8E3603ED8A0381E02887C1DBBE921340\32\sqlite.interop.dll
| MD5 | e81aeac387c5db32b7f9b07d15e788e0 |
| SHA1 | 829be6eaf1cb0d82b2ddfc98272e1087f4a7a7c3 |
| SHA256 | 44f31f99f048bfc5195937353b5207332e455bcd5a722bcfd32cacfd93f60f06 |
| SHA512 | cc6a96325a01c50c059706a1f4156f109e502ef9c0b0f5de209d1f52e7cc973cebc027f57ed988e9d1b8fca62746b60ee7430d608de95cdd0e5ac3cb61fbe32e |
memory/3844-301-0x00000000061C0000-0x00000000061C1000-memory.dmp
memory/3844-303-0x0000000007A50000-0x0000000007A8E000-memory.dmp
memory/3844-304-0x0000000008450000-0x0000000008451000-memory.dmp
memory/3844-305-0x00000000084A0000-0x00000000084A1000-memory.dmp
memory/3844-308-0x0000000007F70000-0x0000000007FFD000-memory.dmp
memory/3844-309-0x0000000008000000-0x0000000008059000-memory.dmp
memory/3844-310-0x0000000008070000-0x0000000008071000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2020-12-01 20:53
Reported
2020-12-01 20:55
Platform
win7v20201028
Max time kernel
124s
Max time network
129s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe"
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
"{path}"
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
"{path}"
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
"{path}"
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
"{path}"
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
"{path}"
Network
Files
memory/1968-2-0x0000000074200000-0x00000000748EE000-memory.dmp
memory/1968-3-0x00000000002D0000-0x00000000002D1000-memory.dmp
memory/1968-5-0x0000000000280000-0x000000000028E000-memory.dmp
memory/1968-6-0x00000000060E0000-0x00000000062BB000-memory.dmp