Malware Analysis Report

2024-07-11 07:32

Sample ID 210423-hge38eda1j
Target SecuriteInfo.com.W32.AIDetect.malware1.14311.14948
SHA256 95b5d0e36464afc8391a9d056926e5859506ead18937669554bde42f7a6d135b
Tags
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

95b5d0e36464afc8391a9d056926e5859506ead18937669554bde42f7a6d135b

Threat Level: Likely malicious

The file SecuriteInfo.com.W32.AIDetect.malware1.14311.14948 was found to be: Likely malicious.

Malicious Activity Summary


Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

NSIS installer

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Reported

2021-04-23 16:42

Signatures

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-04-23 16:42

Reported

2021-04-23 16:44

Platform

win7v20210410

Max time kernel

113s

Max time network

86s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe"

C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe

C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 vladisfoxlink.ru udp
N/A 45.85.90.225:80 vladisfoxlink.ru tcp

Files

memory/296-59-0x00000000757E1000-0x00000000757E3000-memory.dmp

\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe

MD5 5d3bf7a18887582b8a2cea327f2e7ba6
SHA1 83843851b7b7beb2b1853b813e7f0b1666b1bd62
SHA256 014d644eccc232cd6906c5abf8afd3e53f94004057d4a1bb2771dfea00f0ae4b
SHA512 3d4ffc844b211fae199f3da8b557cec2f6e882b8be42f3d99882eaa3e9d73018f8c06971cb783d223f3423d0c55788b7520bd57fd33d8d2dfe6c4be9455e62d7

memory/2020-61-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe

MD5 5d3bf7a18887582b8a2cea327f2e7ba6
SHA1 83843851b7b7beb2b1853b813e7f0b1666b1bd62
SHA256 014d644eccc232cd6906c5abf8afd3e53f94004057d4a1bb2771dfea00f0ae4b
SHA512 3d4ffc844b211fae199f3da8b557cec2f6e882b8be42f3d99882eaa3e9d73018f8c06971cb783d223f3423d0c55788b7520bd57fd33d8d2dfe6c4be9455e62d7

C:\Users\Admin\AppData\Roaming\CachemanControlPanel\libxml3.dll

MD5 5ae30e4cdabb5b269b7eb358aae2d5e2
SHA1 58aae25bf64bd0b15be33ceb47ddb6ef3802433a
SHA256 0b2cabaf0b2aef51c3396b11e604c46b65eabc0cbde3e257bc9c9fd1c2446c6f
SHA512 2d4a2aad072bebbc707af9dca22c54f6d9607e6f7bc8826bcb61b0321f4e0464884f4577dc51dcfb7a40a9b143cf9e26225694ef4668f629f632870d11afa198

\Users\Admin\AppData\Roaming\CachemanControlPanel\libxml3.dll

MD5 5ae30e4cdabb5b269b7eb358aae2d5e2
SHA1 58aae25bf64bd0b15be33ceb47ddb6ef3802433a
SHA256 0b2cabaf0b2aef51c3396b11e604c46b65eabc0cbde3e257bc9c9fd1c2446c6f
SHA512 2d4a2aad072bebbc707af9dca22c54f6d9607e6f7bc8826bcb61b0321f4e0464884f4577dc51dcfb7a40a9b143cf9e26225694ef4668f629f632870d11afa198

C:\Users\Admin\AppData\Roaming\CachemanControlPanel\settings.xml

MD5 fa4b4f1f9869da4a0209bba251859efc
SHA1 fe7a4ee923d6eeb93e8a52778735120705d927a5
SHA256 05af99365637a46d18b5bc60d20e7cbd8943f250a15976c672b3d29ee1472d2f
SHA512 f82eb33679935cb69baaf3ad5eaa71df3d750771b21b964597543d901483aab89602f8603e474758ae6162157c06d37b36db669086dcf31cea7ce8d560094456

Analysis: behavioral2

Detonation Overview

Submitted

2021-04-23 16:42

Reported

2021-04-23 16:44

Platform

win10v20210408

Max time kernel

114s

Max time network

110s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware1.14311.14948.exe"

C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe

C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 vladisfoxlink.ru udp
N/A 45.85.90.225:80 vladisfoxlink.ru tcp

Files

memory/3192-114-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe

MD5 5d3bf7a18887582b8a2cea327f2e7ba6
SHA1 83843851b7b7beb2b1853b813e7f0b1666b1bd62
SHA256 014d644eccc232cd6906c5abf8afd3e53f94004057d4a1bb2771dfea00f0ae4b
SHA512 3d4ffc844b211fae199f3da8b557cec2f6e882b8be42f3d99882eaa3e9d73018f8c06971cb783d223f3423d0c55788b7520bd57fd33d8d2dfe6c4be9455e62d7

C:\Users\Admin\AppData\Roaming\CachemanControlPanel\CachemanControlPanel.exe

MD5 5d3bf7a18887582b8a2cea327f2e7ba6
SHA1 83843851b7b7beb2b1853b813e7f0b1666b1bd62
SHA256 014d644eccc232cd6906c5abf8afd3e53f94004057d4a1bb2771dfea00f0ae4b
SHA512 3d4ffc844b211fae199f3da8b557cec2f6e882b8be42f3d99882eaa3e9d73018f8c06971cb783d223f3423d0c55788b7520bd57fd33d8d2dfe6c4be9455e62d7

C:\Users\Admin\AppData\Roaming\CachemanControlPanel\settings.xml

MD5 fa4b4f1f9869da4a0209bba251859efc
SHA1 fe7a4ee923d6eeb93e8a52778735120705d927a5
SHA256 05af99365637a46d18b5bc60d20e7cbd8943f250a15976c672b3d29ee1472d2f
SHA512 f82eb33679935cb69baaf3ad5eaa71df3d750771b21b964597543d901483aab89602f8603e474758ae6162157c06d37b36db669086dcf31cea7ce8d560094456

\Users\Admin\AppData\Roaming\CachemanControlPanel\libxml3.dll

MD5 5ae30e4cdabb5b269b7eb358aae2d5e2
SHA1 58aae25bf64bd0b15be33ceb47ddb6ef3802433a
SHA256 0b2cabaf0b2aef51c3396b11e604c46b65eabc0cbde3e257bc9c9fd1c2446c6f
SHA512 2d4a2aad072bebbc707af9dca22c54f6d9607e6f7bc8826bcb61b0321f4e0464884f4577dc51dcfb7a40a9b143cf9e26225694ef4668f629f632870d11afa198

C:\Users\Admin\AppData\Roaming\CachemanControlPanel\libxml3.dll

MD5 5ae30e4cdabb5b269b7eb358aae2d5e2
SHA1 58aae25bf64bd0b15be33ceb47ddb6ef3802433a
SHA256 0b2cabaf0b2aef51c3396b11e604c46b65eabc0cbde3e257bc9c9fd1c2446c6f
SHA512 2d4a2aad072bebbc707af9dca22c54f6d9607e6f7bc8826bcb61b0321f4e0464884f4577dc51dcfb7a40a9b143cf9e26225694ef4668f629f632870d11afa198