Analysis
-
max time kernel
1200s -
max time network
1200s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-01-2021 14:41
Static task
static1
General
-
Target
SecuriteInfo.com.generic.ml.32161.exe
-
Size
72KB
-
MD5
0640f43c412f8f2c3bf6e1b9139db1d0
-
SHA1
f07e9e5e618b14b0dd5478cb2a26f42096a10e1d
-
SHA256
1664c6a330c5b318458518ea71b2a9995a91c79281a050278c3aa2388663a986
-
SHA512
753029891e9db39d072cce14dd552ef313479ea0cff2e4c3a5591bbf045174ea474e2651c8bdbed5ca30429852f4d28a5126fe99bfcaf9aa9daec30ac46f0a05
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
Processes:
SecuriteInfo.com.generic.ml.32161.exeieinstal.exepid process 1832 SecuriteInfo.com.generic.ml.32161.exe 1520 ieinstal.exe 1520 ieinstal.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
SecuriteInfo.com.generic.ml.32161.exedescription pid process target process PID 1832 set thread context of 1520 1832 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
ieinstal.exepid process 1520 ieinstal.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
SecuriteInfo.com.generic.ml.32161.exepid process 1832 SecuriteInfo.com.generic.ml.32161.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
SecuriteInfo.com.generic.ml.32161.exeieinstal.exepid process 1832 SecuriteInfo.com.generic.ml.32161.exe 1520 ieinstal.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
SecuriteInfo.com.generic.ml.32161.exedescription pid process target process PID 1832 wrote to memory of 1520 1832 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe PID 1832 wrote to memory of 1520 1832 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe PID 1832 wrote to memory of 1520 1832 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe PID 1832 wrote to memory of 1520 1832 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe PID 1832 wrote to memory of 1520 1832 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe PID 1832 wrote to memory of 1520 1832 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe PID 1832 wrote to memory of 1520 1832 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe PID 1832 wrote to memory of 1520 1832 SecuriteInfo.com.generic.ml.32161.exe ieinstal.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.generic.ml.32161.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.generic.ml.32161.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1832 -
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.generic.ml.32161.exe"2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1520