d53b16bb54e10bada1347a25db1ebc090d5822bf6285dc3d707bf4abb65e3ab5

Analysis

Target

SecuriteInfo.com.W32.AIDetect.malware2.16115.exe
Size

331KB
MD5

b387b2bde14ad35ce0fea34ab540db93
SHA1

2ee731cecbf4dc498fa31705060fb5c8d258e015
SHA256

d53b16bb54e10bada1347a25db1ebc090d5822bf6285dc3d707bf4abb65e3ab5
SHA512

6af60c0c30fc70bc161cd1e8020a6f45c24e4edab3faace08dc3c85eb5b826e00dbd0b7a7c7a3e37a2e1eb50f8c59517d3e42335aeaf208256544fa6131814d6

Score

8^/10

Executes dropped EXE 1 IoCs

Processes:

uhyqikys.exe

pid process

2180 uhyqikys.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
2180	uhyqikys.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

SecuriteInfo.com.W32.AIDetect.malware2.16115.exeuhyqikys.exe

description	pid	process	target process
PID 1852 wrote to memory of 2180	1852	SecuriteInfo.com.W32.AIDetect.malware2.16115.exe	uhyqikys.exe
PID 1852 wrote to memory of 2180	1852	SecuriteInfo.com.W32.AIDetect.malware2.16115.exe	uhyqikys.exe
PID 1852 wrote to memory of 2180	1852	SecuriteInfo.com.W32.AIDetect.malware2.16115.exe	uhyqikys.exe
PID 2180 wrote to memory of 2508	2180	uhyqikys.exe	uhyqikys.exe
PID 2180 wrote to memory of 2508	2180	uhyqikys.exe	uhyqikys.exe
PID 2180 wrote to memory of 2508	2180	uhyqikys.exe	uhyqikys.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.16115.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.16115.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1852

C:\Users\Admin\AppData\Local\Temp\uhyqikys.exe
C:\Users\Admin\AppData\Local\Temp\uhyqikys.exe C:\Users\Admin\AppData\Local\Temp\qitdbbj
3⤵
PID:2508

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

C:\Users\Admin\AppData\Local\Temp\9el21ap69a71ih
MD5
e93bda648ded0ad7079f19b4b0bb428a

SHA1
801a7ddf7d5fdc980764aa7d356c34b087fbe3f2

SHA256
84355aeeeda66ba08a27ad5c15df27b6bc87f4b370b1205f5938a33483ab0813

SHA512
33beb1fa0c964509e2bb8022a22376135e5fccf2f98e0d554e60f0ff448e3a5a11823ac69c5d2f22ab58ea852b8131b4b76497e7f6faec7d74a980641596cd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\qitdbbj
MD5
67b72c0ea3cb0e106fcaed602d0c8559

SHA1
7119802e2a9377ce5729f0f7b8d415e1ecedd339

SHA256
9219be699e628fb7f8404ee6f69c3e7eb9a1de73fea59cbc30b249d8b6658015

SHA512
75d72a45de2dec4173e44e60cdb4fde2a0b634652bfeca7567a0233a3ee5a909ab5b658c03b34d7d130d409a98b0438d06a2413956351011188d33514ebb7782

Download Submit
C:\Users\Admin\AppData\Local\Temp\uhyqikys.exe
MD5
c1a3d57ddb6e5f84efed0b3122b8eff4

SHA1
09fc67e2184549999aaccdd4f1a48b48b2e77f78

SHA256
0efaa0c4088494696884b373c8874ffc33485da2513b01002671e4d649ea98e5

SHA512
3b6255abee878f0c29d1aefc54fe8b16cc94694aa388898ae5fbf33463a211a9a3a7325b39d5b2d242d4c4950341d6787d48e970d4f2b8b1d2d347307bcb7d7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\uhyqikys.exe
MD5
c1a3d57ddb6e5f84efed0b3122b8eff4

SHA1
09fc67e2184549999aaccdd4f1a48b48b2e77f78

SHA256
0efaa0c4088494696884b373c8874ffc33485da2513b01002671e4d649ea98e5

SHA512
3b6255abee878f0c29d1aefc54fe8b16cc94694aa388898ae5fbf33463a211a9a3a7325b39d5b2d242d4c4950341d6787d48e970d4f2b8b1d2d347307bcb7d7a

Download Submit