Analysis
-
max time kernel
114s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
23-04-2021 16:42
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe
Resource
win10v20210408
General
-
Target
SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe
-
Size
2.5MB
-
MD5
ae8f9d9b8344d52f0872dfdc852e1dd4
-
SHA1
7e9f4259cc193465317ee48b8428b36e74028390
-
SHA256
95b5d0e36464afc8391a9d056926e5859506ead18937669554bde42f7a6d135b
-
SHA512
27928930215dbb9217247d846c570a756b46866b17b0832c9de7c8a800e3d0457f64c28ddfb4a66372f3837695e8f1a5645804f222ac7344284facb68bc79b21
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
CachemanControlPanel.exepid process 3192 CachemanControlPanel.exe -
Loads dropped DLL 1 IoCs
Processes:
CachemanControlPanel.exepid process 3192 CachemanControlPanel.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exedescription pid process target process PID 640 wrote to memory of 3192 640 SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe CachemanControlPanel.exe PID 640 wrote to memory of 3192 640 SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe CachemanControlPanel.exe PID 640 wrote to memory of 3192 640 SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe CachemanControlPanel.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exeC:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exeMD5
5d3bf7a18887582b8a2cea327f2e7ba6
SHA183843851b7b7beb2b1853b813e7f0b1666b1bd62
SHA256014d644eccc232cd6906c5abf8afd3e53f94004057d4a1bb2771dfea00f0ae4b
SHA5123d4ffc844b211fae199f3da8b557cec2f6e882b8be42f3d99882eaa3e9d73018f8c06971cb783d223f3423d0c55788b7520bd57fd33d8d2dfe6c4be9455e62d7
-
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exeMD5
5d3bf7a18887582b8a2cea327f2e7ba6
SHA183843851b7b7beb2b1853b813e7f0b1666b1bd62
SHA256014d644eccc232cd6906c5abf8afd3e53f94004057d4a1bb2771dfea00f0ae4b
SHA5123d4ffc844b211fae199f3da8b557cec2f6e882b8be42f3d99882eaa3e9d73018f8c06971cb783d223f3423d0c55788b7520bd57fd33d8d2dfe6c4be9455e62d7
-
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\libxml3.dllMD5
5ae30e4cdabb5b269b7eb358aae2d5e2
SHA158aae25bf64bd0b15be33ceb47ddb6ef3802433a
SHA2560b2cabaf0b2aef51c3396b11e604c46b65eabc0cbde3e257bc9c9fd1c2446c6f
SHA5122d4a2aad072bebbc707af9dca22c54f6d9607e6f7bc8826bcb61b0321f4e0464884f4577dc51dcfb7a40a9b143cf9e26225694ef4668f629f632870d11afa198
-
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\settings.xmlMD5
fa4b4f1f9869da4a0209bba251859efc
SHA1fe7a4ee923d6eeb93e8a52778735120705d927a5
SHA25605af99365637a46d18b5bc60d20e7cbd8943f250a15976c672b3d29ee1472d2f
SHA512f82eb33679935cb69baaf3ad5eaa71df3d750771b21b964597543d901483aab89602f8603e474758ae6162157c06d37b36db669086dcf31cea7ce8d560094456
-
\Users\Admin\AppData\Roaming\CachemanControlPanel\libxml3.dllMD5
5ae30e4cdabb5b269b7eb358aae2d5e2
SHA158aae25bf64bd0b15be33ceb47ddb6ef3802433a
SHA2560b2cabaf0b2aef51c3396b11e604c46b65eabc0cbde3e257bc9c9fd1c2446c6f
SHA5122d4a2aad072bebbc707af9dca22c54f6d9607e6f7bc8826bcb61b0321f4e0464884f4577dc51dcfb7a40a9b143cf9e26225694ef4668f629f632870d11afa198
-
memory/3192-114-0x0000000000000000-mapping.dmp