Analysis
-
max time kernel
138s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
28-02-2022 05:04
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetect.malware2.16115.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.AIDetect.malware2.16115.exe
Resource
win10v2004-en-20220113
General
-
Target
SecuriteInfo.com.W32.AIDetect.malware2.16115.exe
-
Size
331KB
-
MD5
b387b2bde14ad35ce0fea34ab540db93
-
SHA1
2ee731cecbf4dc498fa31705060fb5c8d258e015
-
SHA256
d53b16bb54e10bada1347a25db1ebc090d5822bf6285dc3d707bf4abb65e3ab5
-
SHA512
6af60c0c30fc70bc161cd1e8020a6f45c24e4edab3faace08dc3c85eb5b826e00dbd0b7a7c7a3e37a2e1eb50f8c59517d3e42335aeaf208256544fa6131814d6
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
uhyqikys.exepid process 2180 uhyqikys.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
SecuriteInfo.com.W32.AIDetect.malware2.16115.exeuhyqikys.exedescription pid process target process PID 1852 wrote to memory of 2180 1852 SecuriteInfo.com.W32.AIDetect.malware2.16115.exe uhyqikys.exe PID 1852 wrote to memory of 2180 1852 SecuriteInfo.com.W32.AIDetect.malware2.16115.exe uhyqikys.exe PID 1852 wrote to memory of 2180 1852 SecuriteInfo.com.W32.AIDetect.malware2.16115.exe uhyqikys.exe PID 2180 wrote to memory of 2508 2180 uhyqikys.exe uhyqikys.exe PID 2180 wrote to memory of 2508 2180 uhyqikys.exe uhyqikys.exe PID 2180 wrote to memory of 2508 2180 uhyqikys.exe uhyqikys.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.16115.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.16115.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\uhyqikys.exeC:\Users\Admin\AppData\Local\Temp\uhyqikys.exe C:\Users\Admin\AppData\Local\Temp\qitdbbj2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\uhyqikys.exeC:\Users\Admin\AppData\Local\Temp\uhyqikys.exe C:\Users\Admin\AppData\Local\Temp\qitdbbj3⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\9el21ap69a71ihMD5
e93bda648ded0ad7079f19b4b0bb428a
SHA1801a7ddf7d5fdc980764aa7d356c34b087fbe3f2
SHA25684355aeeeda66ba08a27ad5c15df27b6bc87f4b370b1205f5938a33483ab0813
SHA51233beb1fa0c964509e2bb8022a22376135e5fccf2f98e0d554e60f0ff448e3a5a11823ac69c5d2f22ab58ea852b8131b4b76497e7f6faec7d74a980641596cd92
-
C:\Users\Admin\AppData\Local\Temp\qitdbbjMD5
67b72c0ea3cb0e106fcaed602d0c8559
SHA17119802e2a9377ce5729f0f7b8d415e1ecedd339
SHA2569219be699e628fb7f8404ee6f69c3e7eb9a1de73fea59cbc30b249d8b6658015
SHA51275d72a45de2dec4173e44e60cdb4fde2a0b634652bfeca7567a0233a3ee5a909ab5b658c03b34d7d130d409a98b0438d06a2413956351011188d33514ebb7782
-
C:\Users\Admin\AppData\Local\Temp\uhyqikys.exeMD5
c1a3d57ddb6e5f84efed0b3122b8eff4
SHA109fc67e2184549999aaccdd4f1a48b48b2e77f78
SHA2560efaa0c4088494696884b373c8874ffc33485da2513b01002671e4d649ea98e5
SHA5123b6255abee878f0c29d1aefc54fe8b16cc94694aa388898ae5fbf33463a211a9a3a7325b39d5b2d242d4c4950341d6787d48e970d4f2b8b1d2d347307bcb7d7a
-
C:\Users\Admin\AppData\Local\Temp\uhyqikys.exeMD5
c1a3d57ddb6e5f84efed0b3122b8eff4
SHA109fc67e2184549999aaccdd4f1a48b48b2e77f78
SHA2560efaa0c4088494696884b373c8874ffc33485da2513b01002671e4d649ea98e5
SHA5123b6255abee878f0c29d1aefc54fe8b16cc94694aa388898ae5fbf33463a211a9a3a7325b39d5b2d242d4c4950341d6787d48e970d4f2b8b1d2d347307bcb7d7a