300b12de8755d083045fa0cbeb61c40a1d1a9a6cbee641128ac0d3afc325350b

Analysis

Target

SecuriteInfo.com.Trojan.VB.OKD.20152.exe
Size

1.7MB
MD5

ea7eb88e26a1ff7e512ee488312eb4ac
SHA1

3f9fa8fe2de956c70d6f1ac7fc68988d65e55313
SHA256

300b12de8755d083045fa0cbeb61c40a1d1a9a6cbee641128ac0d3afc325350b
SHA512

6f6120f523df3b610eb78fe962f9e719eb20119890d5d5bc395a12ab953a9eaa7abe1bdcd90a41c6e2264286de42494cab8dff6ffee67da7096522a8c8a04c92

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3032	SecuriteInfo.com.Trojan.VB.OKD.20152.exe
3032	SecuriteInfo.com.Trojan.VB.OKD.20152.exe
3032	SecuriteInfo.com.Trojan.VB.OKD.20152.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 3936	3032	SecuriteInfo.com.Trojan.VB.OKD.20152.exe	83
PID 3032 wrote to memory of 3936	3032	SecuriteInfo.com.Trojan.VB.OKD.20152.exe	83
PID 3032 wrote to memory of 3936	3032	SecuriteInfo.com.Trojan.VB.OKD.20152.exe	83

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.VB.OKD.20152.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.VB.OKD.20152.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:3936

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact