Malware Analysis Report

2025-04-14 05:14

Sample ID 201201-pvvtlhszy2
Target SecuriteInfo.com.Trojan.PackedNET.405.30542.16556
SHA256 9cc36828708605652a9a1fc840e714b6fdaa685b9a63e0d81f49c39db35bcec1
Tags
masslogger spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9cc36828708605652a9a1fc840e714b6fdaa685b9a63e0d81f49c39db35bcec1

Threat Level: Known bad

The file SecuriteInfo.com.Trojan.PackedNET.405.30542.16556 was found to be: Known bad.

Malicious Activity Summary

masslogger spyware stealer upx

MassLogger

MassLogger log file

UPX packed file

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Looks up external IP address via web service

Suspicious use of SetThreadContext

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: AddClipboardFormatListener

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2020-12-01 20:53

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2020-12-01 20:53

Reported

2020-12-01 20:55

Platform

win10v20201028

Max time kernel

133s

Max time network

134s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe"

Signatures

MassLogger

stealer spyware masslogger

MassLogger log file

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe N/A

Reads user/profile data of web browsers

spyware

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 576 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 576 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 576 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 576 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 576 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 576 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 576 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 576 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe"

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

"{path}"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 api.ipify.org udp
N/A 54.225.220.115:80 api.ipify.org tcp
N/A 8.8.8.8:53 mail.bhavnatutor.com udp
N/A 162.211.86.20:587 mail.bhavnatutor.com tcp

Files

memory/576-2-0x0000000073560000-0x0000000073C4E000-memory.dmp

memory/576-3-0x0000000000200000-0x0000000000201000-memory.dmp

memory/576-5-0x00000000051B0000-0x00000000051B1000-memory.dmp

memory/576-6-0x0000000004D90000-0x0000000004D91000-memory.dmp

memory/576-7-0x0000000004D50000-0x0000000004D51000-memory.dmp

memory/576-8-0x0000000005BE0000-0x0000000005BE1000-memory.dmp

memory/576-9-0x00000000050B0000-0x00000000050B1000-memory.dmp

memory/576-10-0x0000000004EB0000-0x0000000004EBE000-memory.dmp

memory/576-11-0x00000000068E0000-0x0000000006ABB000-memory.dmp

memory/3844-12-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-13-0x0000000000559DFE-mapping.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe.log

MD5 3fed8d1dd11972a6e2603bb2d73a3ee5
SHA1 7ecb7f64ade7b91c5815da647e84167c3d95afb4
SHA256 eecf6c0575dc995a485d46a5daaa66f58229e552f16782d873834d218ab17551
SHA512 ca6059eb67f800cc666d5146d24070abf5ee08209f8f9d1668a0ca2201eb3f6fa013c2d807b09925e12b82c37686980fcc26a6a5e4a5ba129c4b2a585961d3bb

memory/3844-15-0x0000000073560000-0x0000000073C4E000-memory.dmp

memory/3844-19-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-20-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-21-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-22-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-23-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-24-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-25-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-18-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-26-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-27-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-28-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-29-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-30-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-31-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-32-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-33-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-34-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-35-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-36-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-37-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-38-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-39-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-40-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-41-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-42-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-43-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-44-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-45-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-46-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-47-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-48-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-49-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-50-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-51-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-52-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-53-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-54-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-55-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-56-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-57-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-58-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-59-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-60-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-61-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-62-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-63-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-64-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-65-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-66-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-67-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-68-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-69-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-70-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-71-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-72-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-73-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-74-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-75-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-76-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-77-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-78-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-79-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-80-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-81-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-82-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-83-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-84-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-86-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-85-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-87-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-89-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-88-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-90-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-91-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-92-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-93-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-94-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-95-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-96-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-97-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-98-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-100-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-99-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-101-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-102-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-103-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-104-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-105-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-106-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-107-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-108-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-109-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-110-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-111-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-112-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-113-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-114-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-115-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-116-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-117-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-118-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-119-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-120-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-121-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-122-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-123-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-124-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-125-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-126-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-127-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-128-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-129-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-130-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-131-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-132-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-133-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-134-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-135-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-136-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-137-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-138-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-139-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-140-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-141-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-142-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-143-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-144-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-145-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-146-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-147-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-148-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-149-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-150-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-151-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-152-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-153-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-154-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-155-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-156-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-157-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-158-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-159-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-160-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-161-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-162-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-163-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-164-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-165-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-166-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-167-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-168-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-169-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-170-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-171-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-172-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-173-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-174-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-175-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-176-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-177-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-178-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-179-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-180-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-181-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-182-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-183-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-184-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-185-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-186-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-187-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-188-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-189-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-190-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-191-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-192-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-193-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-194-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-195-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-196-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-197-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-198-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-199-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-200-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-201-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-202-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-203-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-204-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-205-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-206-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-207-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-208-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-209-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-210-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-211-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-212-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-213-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-214-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-215-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-216-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-217-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-218-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-219-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-220-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-221-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-222-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-223-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-224-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-225-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-226-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-227-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-228-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-229-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-230-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-231-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-232-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-233-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-234-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-235-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-236-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-237-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-238-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-239-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-240-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-241-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-242-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-244-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-243-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-245-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-246-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-247-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-248-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-249-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-250-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-251-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-252-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-253-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-254-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-255-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-256-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-257-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-258-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-259-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-260-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-261-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-262-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-263-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-264-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-267-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-266-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-265-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-268-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-270-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-271-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-269-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-273-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-272-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-274-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-275-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-276-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-277-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-278-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-279-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-280-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-281-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-282-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-283-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-284-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-285-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-286-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-287-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-288-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-289-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-290-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-291-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-292-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-293-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-294-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-296-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-295-0x0000000000400000-0x000000000055E000-memory.dmp

memory/3844-297-0x0000000000400000-0x000000000055E000-memory.dmp

\Users\Admin\AppData\Local\Temp\Costura\8E3603ED8A0381E02887C1DBBE921340\32\sqlite.interop.dll

MD5 e81aeac387c5db32b7f9b07d15e788e0
SHA1 829be6eaf1cb0d82b2ddfc98272e1087f4a7a7c3
SHA256 44f31f99f048bfc5195937353b5207332e455bcd5a722bcfd32cacfd93f60f06
SHA512 cc6a96325a01c50c059706a1f4156f109e502ef9c0b0f5de209d1f52e7cc973cebc027f57ed988e9d1b8fca62746b60ee7430d608de95cdd0e5ac3cb61fbe32e

memory/3844-301-0x00000000061C0000-0x00000000061C1000-memory.dmp

memory/3844-303-0x0000000007A50000-0x0000000007A8E000-memory.dmp

memory/3844-304-0x0000000008450000-0x0000000008451000-memory.dmp

memory/3844-305-0x00000000084A0000-0x00000000084A1000-memory.dmp

memory/3844-308-0x0000000007F70000-0x0000000007FFD000-memory.dmp

memory/3844-309-0x0000000008000000-0x0000000008059000-memory.dmp

memory/3844-310-0x0000000008070000-0x0000000008071000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2020-12-01 20:53

Reported

2020-12-01 20:55

Platform

win7v20201028

Max time kernel

124s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1968 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 1636 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 268 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 432 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe
PID 1968 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe"

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.405.30542.16556.exe

"{path}"

Network

N/A

Files

memory/1968-2-0x0000000074200000-0x00000000748EE000-memory.dmp

memory/1968-3-0x00000000002D0000-0x00000000002D1000-memory.dmp

memory/1968-5-0x0000000000280000-0x000000000028E000-memory.dmp

memory/1968-6-0x00000000060E0000-0x00000000062BB000-memory.dmp