Analysis
-
max time kernel
123s -
max time network
124s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
10-12-2020 16:41
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Zusy.354598.7638.1727.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Zusy.354598.7638.1727.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Variant.Zusy.354598.7638.1727.exe
-
Size
2.1MB
-
MD5
34bd9b901914a3051989e95ce2a47ba3
-
SHA1
9374073cbfdda04402cc4c64937a7eecb802d622
-
SHA256
f245e9b94930c77f626bdc4d74f7d03f48557cb206175876da42033186da6410
-
SHA512
22f03430fb938667d7beda2f8b64556c9a316cedf0c39d23b8f80d71dcb7818adbc02ded8c4b5780ee8f09f9e3da99d53498380b2304916aaf4266519952f1bc
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
cmd.exepid process 1604 cmd.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
SecuriteInfo.com.Variant.Zusy.354598.7638.1727.execmd.exedescription pid process target process PID 1072 wrote to memory of 1604 1072 SecuriteInfo.com.Variant.Zusy.354598.7638.1727.exe cmd.exe PID 1072 wrote to memory of 1604 1072 SecuriteInfo.com.Variant.Zusy.354598.7638.1727.exe cmd.exe PID 1072 wrote to memory of 1604 1072 SecuriteInfo.com.Variant.Zusy.354598.7638.1727.exe cmd.exe PID 1072 wrote to memory of 1604 1072 SecuriteInfo.com.Variant.Zusy.354598.7638.1727.exe cmd.exe PID 1604 wrote to memory of 548 1604 cmd.exe PING.EXE PID 1604 wrote to memory of 548 1604 cmd.exe PING.EXE PID 1604 wrote to memory of 548 1604 cmd.exe PING.EXE PID 1604 wrote to memory of 548 1604 cmd.exe PING.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Zusy.354598.7638.1727.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Zusy.354598.7638.1727.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ping 127.0.0.1 -n 3 & del "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Zusy.354598.7638.1727.exe"2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping 127.0.0.1 -n 33⤵
- Runs ping.exe