Analysis
-
max time kernel
62s -
max time network
127s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
21-12-2020 11:34
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe
-
Size
80KB
-
MD5
5188c198e093757a394d4bcb495f325d
-
SHA1
bed090c60387a493b4dabf3f1ee318293c4cee27
-
SHA256
6f18dd2576aa2fc3af625f18e10aeac0f57fca8be33207bc0b6a7a6ee7d33701
-
SHA512
f5f8578156a3a8635e3a16acebcd83c46ada5b5089ba53020b5b52ba4f990f967e197ce89dfd22118ffb15a2cba7e5f889d6d102c7acf56a8ec354c60b26c07c
Score
10/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\propylasoc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Caravanerner\\Mechanico7.vbs" SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe Key created \REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
Processes:
SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exeSecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exepid process 4680 SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe 3296 SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe 3296 SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exedescription pid process target process PID 4680 set thread context of 3296 4680 SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exepid process 4680 SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exepid process 4680 SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exedescription pid process target process PID 4680 wrote to memory of 3296 4680 SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe PID 4680 wrote to memory of 3296 4680 SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe PID 4680 wrote to memory of 3296 4680 SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe PID 4680 wrote to memory of 3296 4680 SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe"1⤵
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Generic.mg.5188c198e093757a.6046.exe"2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3296-4-0x0000000000401314-mapping.dmp