Overview

overview

6

Static

static

SecuriteIn...21.exe

windows7_x64

6

SecuriteIn...21.exe

windows10_x64

6

Analysis

  • max time kernel
    5s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    20-04-2021 13:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Variant.Johnnie.323807.26508.21921.exe

  • Size

    1.4MB

  • MD5

    b7ba4e82fe9ff22b4ea1372fd0c3a8d1

  • SHA1

    dc4e72d4b4bcc4bc18c7fb915ae7f53bccb2ab52

  • SHA256

    9f4e84629acc73ae01dd5eb4670ebd0366dc7aabf465f7013d9e37b7e2349f1b

  • SHA512

    c888ac83dca3d964c85c9bebf23da312421c687f496b92e9387de863d1c892ce6aff3035b221e6c51661d5a7898990f93cc56dde9837bdd7e37bdc5d8f14bb15

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Johnnie.323807.26508.21921.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Johnnie.323807.26508.21921.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    PID:1996
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1740

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7pa1X.jpg
    MD5

    472d5bd3b4c1e2b39e4c528eb2ac5af5

    SHA1

    beb29bae52b99da51c3436fde0dc7360aa384328

    SHA256

    dd872138cd8acbe76987659e7d4fcbd5606d3500e4280ea78cefa48ee0969d76

    SHA512

    3a7b30141133a62a8c3f2759f6931ffff0f16ecf01e44c9524b9c406d4ec94301337cfdd158bce553d0291fbf6bf4ae9abd990a0989e2f66b6b99d41bafff123

    Download Submit
  • memory/0-65-0x0000000000400000-0x0000000000450000-memory.dmp
    Filesize

    320KB

    Download
  • memory/1740-64-0x0000000000170000-0x0000000000172000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1740-66-0x00000000002E0000-0x00000000002E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1996-61-0x0000000075D41000-0x0000000075D43000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1996-63-0x0000000003660000-0x0000000003662000-memory.dmp
    Filesize

    8KB

    Download