Analysis
-
max time kernel
102s -
max time network
136s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
17-04-2021 19:42
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetect.malware1.30216.18401.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.AIDetect.malware1.30216.18401.exe
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.W32.AIDetect.malware1.30216.18401.exe
-
Size
576KB
-
MD5
65e4738a2f6efef7cbaedd8b8796d412
-
SHA1
b8f47d8831f5a3caee60481e2e575c67cd0f28a2
-
SHA256
20c9ffeb623d11467dd18264df210fc313a19e5fa17a77738aba5f0d430d7ac0
-
SHA512
9d91ad3f39e68f7d94c9452a231f7043fbf7f6da8096523158c179c43f16de68017a866b106e847746fe776565263fc07973abe1b940f8a7be79f3da62ae0683
Malware Config
Extracted
Family
raccoon
Botnet
fe080c9bfcbe54ed632d9562ae158e815dbdc717
Attributes
-
url4cnc
https://telete.in/jdiamond13
rc4.plain
rc4.plain
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
Processes:
WerFault.exedescription pid process target process PID 1256 created 904 1256 WerFault.exe SecuriteInfo.com.W32.AIDetect.malware1.30216.18401.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1256 904 WerFault.exe SecuriteInfo.com.W32.AIDetect.malware1.30216.18401.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
WerFault.exepid process 1256 WerFault.exe 1256 WerFault.exe 1256 WerFault.exe 1256 WerFault.exe 1256 WerFault.exe 1256 WerFault.exe 1256 WerFault.exe 1256 WerFault.exe 1256 WerFault.exe 1256 WerFault.exe 1256 WerFault.exe 1256 WerFault.exe 1256 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WerFault.exedescription pid process Token: SeRestorePrivilege 1256 WerFault.exe Token: SeBackupPrivilege 1256 WerFault.exe Token: SeDebugPrivilege 1256 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.30216.18401.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.30216.18401.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 11642⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken