Overview

overview

6

Static

static

SecuriteIn...21.exe

windows7_x64

6

SecuriteIn...21.exe

windows10_x64

6

Analysis

  • max time kernel
    127s
  • max time network
    130s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    20-04-2021 13:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Variant.Johnnie.323807.26508.21921.exe

  • Size

    1.4MB

  • MD5

    b7ba4e82fe9ff22b4ea1372fd0c3a8d1

  • SHA1

    dc4e72d4b4bcc4bc18c7fb915ae7f53bccb2ab52

  • SHA256

    9f4e84629acc73ae01dd5eb4670ebd0366dc7aabf465f7013d9e37b7e2349f1b

  • SHA512

    c888ac83dca3d964c85c9bebf23da312421c687f496b92e9387de863d1c892ce6aff3035b221e6c51661d5a7898990f93cc56dde9837bdd7e37bdc5d8f14bb15

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Johnnie.323807.26508.21921.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Johnnie.323807.26508.21921.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    PID:856

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/0-116-0x0000000000400000-0x0000000000450000-memory.dmp

    Filesize

    320KB

    Download