Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-01-2021 09:51
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.generic.ml.32161.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.generic.ml.32161.exe
-
Size
72KB
-
MD5
0640f43c412f8f2c3bf6e1b9139db1d0
-
SHA1
f07e9e5e618b14b0dd5478cb2a26f42096a10e1d
-
SHA256
1664c6a330c5b318458518ea71b2a9995a91c79281a050278c3aa2388663a986
-
SHA512
753029891e9db39d072cce14dd552ef313479ea0cff2e4c3a5591bbf045174ea474e2651c8bdbed5ca30429852f4d28a5126fe99bfcaf9aa9daec30ac46f0a05
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
Processes:
SecuriteInfo.com.generic.ml.32161.exeieinstal.exepid process 1432 SecuriteInfo.com.generic.ml.32161.exe 1116 ieinstal.exe 1116 ieinstal.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
SecuriteInfo.com.generic.ml.32161.exedescription pid process target process PID 1432 set thread context of 1116 1432 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
SecuriteInfo.com.generic.ml.32161.exepid process 1432 SecuriteInfo.com.generic.ml.32161.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
SecuriteInfo.com.generic.ml.32161.exeieinstal.exepid process 1432 SecuriteInfo.com.generic.ml.32161.exe 1116 ieinstal.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
SecuriteInfo.com.generic.ml.32161.exedescription pid process target process PID 1432 wrote to memory of 1116 1432 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe PID 1432 wrote to memory of 1116 1432 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe PID 1432 wrote to memory of 1116 1432 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe PID 1432 wrote to memory of 1116 1432 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe PID 1432 wrote to memory of 1116 1432 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe PID 1432 wrote to memory of 1116 1432 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe PID 1432 wrote to memory of 1116 1432 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe PID 1432 wrote to memory of 1116 1432 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.generic.ml.32161.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.generic.ml.32161.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1432 -
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.generic.ml.32161.exe"2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:1116