Analysis Overview
SHA256
95b5d0e36464afc8391a9d056926e5859506ead18937669554bde42f7a6d135b
Threat Level: Likely malicious
The file SecuriteInfo.com.W32.AIDetect.malware1.14311.14948 was found to be: Likely malicious.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
NSIS installer
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2021-04-23 16:42
Signatures
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-04-23 16:42
Reported
2021-04-23 16:44
Platform
win7v20210410
Max time kernel
113s
Max time network
86s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 296 wrote to memory of 2020 | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe | C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe |
| PID 296 wrote to memory of 2020 | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe | C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe |
| PID 296 wrote to memory of 2020 | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe | C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe |
| PID 296 wrote to memory of 2020 | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe | C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe"
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | vladisfoxlink.ru | udp |
| N/A | 45.85.90.225:80 | vladisfoxlink.ru | tcp |
Files
memory/296-59-0x00000000757E1000-0x00000000757E3000-memory.dmp
\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe
| MD5 | 5d3bf7a18887582b8a2cea327f2e7ba6 |
| SHA1 | 83843851b7b7beb2b1853b813e7f0b1666b1bd62 |
| SHA256 | 014d644eccc232cd6906c5abf8afd3e53f94004057d4a1bb2771dfea00f0ae4b |
| SHA512 | 3d4ffc844b211fae199f3da8b557cec2f6e882b8be42f3d99882eaa3e9d73018f8c06971cb783d223f3423d0c55788b7520bd57fd33d8d2dfe6c4be9455e62d7 |
memory/2020-61-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe
| MD5 | 5d3bf7a18887582b8a2cea327f2e7ba6 |
| SHA1 | 83843851b7b7beb2b1853b813e7f0b1666b1bd62 |
| SHA256 | 014d644eccc232cd6906c5abf8afd3e53f94004057d4a1bb2771dfea00f0ae4b |
| SHA512 | 3d4ffc844b211fae199f3da8b557cec2f6e882b8be42f3d99882eaa3e9d73018f8c06971cb783d223f3423d0c55788b7520bd57fd33d8d2dfe6c4be9455e62d7 |
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\libxml3.dll
| MD5 | 5ae30e4cdabb5b269b7eb358aae2d5e2 |
| SHA1 | 58aae25bf64bd0b15be33ceb47ddb6ef3802433a |
| SHA256 | 0b2cabaf0b2aef51c3396b11e604c46b65eabc0cbde3e257bc9c9fd1c2446c6f |
| SHA512 | 2d4a2aad072bebbc707af9dca22c54f6d9607e6f7bc8826bcb61b0321f4e0464884f4577dc51dcfb7a40a9b143cf9e26225694ef4668f629f632870d11afa198 |
\Users\Admin\AppData\Roaming\CachemanControlPanel\libxml3.dll
| MD5 | 5ae30e4cdabb5b269b7eb358aae2d5e2 |
| SHA1 | 58aae25bf64bd0b15be33ceb47ddb6ef3802433a |
| SHA256 | 0b2cabaf0b2aef51c3396b11e604c46b65eabc0cbde3e257bc9c9fd1c2446c6f |
| SHA512 | 2d4a2aad072bebbc707af9dca22c54f6d9607e6f7bc8826bcb61b0321f4e0464884f4577dc51dcfb7a40a9b143cf9e26225694ef4668f629f632870d11afa198 |
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\settings.xml
| MD5 | fa4b4f1f9869da4a0209bba251859efc |
| SHA1 | fe7a4ee923d6eeb93e8a52778735120705d927a5 |
| SHA256 | 05af99365637a46d18b5bc60d20e7cbd8943f250a15976c672b3d29ee1472d2f |
| SHA512 | f82eb33679935cb69baaf3ad5eaa71df3d750771b21b964597543d901483aab89602f8603e474758ae6162157c06d37b36db669086dcf31cea7ce8d560094456 |
Analysis: behavioral2
Detonation Overview
Submitted
2021-04-23 16:42
Reported
2021-04-23 16:44
Platform
win10v20210408
Max time kernel
114s
Max time network
110s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 640 wrote to memory of 3192 | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe | C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe |
| PID 640 wrote to memory of 3192 | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe | C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe |
| PID 640 wrote to memory of 3192 | N/A | C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe | C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe"
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe
Network
| Country | Destination | Domain | Proto |
| N/A | 8.8.8.8:53 | vladisfoxlink.ru | udp |
| N/A | 45.85.90.225:80 | vladisfoxlink.ru | tcp |
Files
memory/3192-114-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe
| MD5 | 5d3bf7a18887582b8a2cea327f2e7ba6 |
| SHA1 | 83843851b7b7beb2b1853b813e7f0b1666b1bd62 |
| SHA256 | 014d644eccc232cd6906c5abf8afd3e53f94004057d4a1bb2771dfea00f0ae4b |
| SHA512 | 3d4ffc844b211fae199f3da8b557cec2f6e882b8be42f3d99882eaa3e9d73018f8c06971cb783d223f3423d0c55788b7520bd57fd33d8d2dfe6c4be9455e62d7 |
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe
| MD5 | 5d3bf7a18887582b8a2cea327f2e7ba6 |
| SHA1 | 83843851b7b7beb2b1853b813e7f0b1666b1bd62 |
| SHA256 | 014d644eccc232cd6906c5abf8afd3e53f94004057d4a1bb2771dfea00f0ae4b |
| SHA512 | 3d4ffc844b211fae199f3da8b557cec2f6e882b8be42f3d99882eaa3e9d73018f8c06971cb783d223f3423d0c55788b7520bd57fd33d8d2dfe6c4be9455e62d7 |
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\settings.xml
| MD5 | fa4b4f1f9869da4a0209bba251859efc |
| SHA1 | fe7a4ee923d6eeb93e8a52778735120705d927a5 |
| SHA256 | 05af99365637a46d18b5bc60d20e7cbd8943f250a15976c672b3d29ee1472d2f |
| SHA512 | f82eb33679935cb69baaf3ad5eaa71df3d750771b21b964597543d901483aab89602f8603e474758ae6162157c06d37b36db669086dcf31cea7ce8d560094456 |
\Users\Admin\AppData\Roaming\CachemanControlPanel\libxml3.dll
| MD5 | 5ae30e4cdabb5b269b7eb358aae2d5e2 |
| SHA1 | 58aae25bf64bd0b15be33ceb47ddb6ef3802433a |
| SHA256 | 0b2cabaf0b2aef51c3396b11e604c46b65eabc0cbde3e257bc9c9fd1c2446c6f |
| SHA512 | 2d4a2aad072bebbc707af9dca22c54f6d9607e6f7bc8826bcb61b0321f4e0464884f4577dc51dcfb7a40a9b143cf9e26225694ef4668f629f632870d11afa198 |
C:\Users\Admin\AppData\Roaming\CachemanControlPanel\libxml3.dll
| MD5 | 5ae30e4cdabb5b269b7eb358aae2d5e2 |
| SHA1 | 58aae25bf64bd0b15be33ceb47ddb6ef3802433a |
| SHA256 | 0b2cabaf0b2aef51c3396b11e604c46b65eabc0cbde3e257bc9c9fd1c2446c6f |
| SHA512 | 2d4a2aad072bebbc707af9dca22c54f6d9607e6f7bc8826bcb61b0321f4e0464884f4577dc51dcfb7a40a9b143cf9e26225694ef4668f629f632870d11afa198 |