arkei | 1ee02de26540eaa184f366e18366bda9ab636c9ce1918ff17eab10d9455c1a6c

General

Target

SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe
Size

1.5MB
MD5

3c4b2b063479b125c6e807ebcec61fef
SHA1

38ae16f7928bca6ce1cb9d307604bcfa9be2da43
SHA256

1ee02de26540eaa184f366e18366bda9ab636c9ce1918ff17eab10d9455c1a6c
SHA512

9175713a088a075c56ce1449d4c1317b1025624f7f7a27c05f0447fec0db4b26e9c045c723cb0a2e0581a83688cd4ef45e16a4cd25eefc9c52e13cb0ff47317a

Score

10^/10

arkei stealer

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1156 set thread context of 2008	1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	27

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1204	2008	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe
1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe
1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe
1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 2008	1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	27
PID 1156 wrote to memory of 2008	1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	27
PID 1156 wrote to memory of 2008	1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	27
PID 1156 wrote to memory of 2008	1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	27
PID 1156 wrote to memory of 2008	1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	27
PID 1156 wrote to memory of 2008	1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	27
PID 1156 wrote to memory of 2008	1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	27
PID 1156 wrote to memory of 2008	1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	27
PID 1156 wrote to memory of 2008	1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	27
PID 1156 wrote to memory of 2008	1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	27
PID 1156 wrote to memory of 2008	1156	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	27
PID 2008 wrote to memory of 1204	2008	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	28
PID 2008 wrote to memory of 1204	2008	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	28
PID 2008 wrote to memory of 1204	2008	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	28
PID 2008 wrote to memory of 1204	2008	SecuriteInfo.com.Trojan.MSIL.Formbook.NUM.MTB.2339.exe	28

memory/1156-54-0x0000000000370000-0x000000000046E000-memory.dmp

Filesize
1016KB

Download
memory/1156-55-0x0000000000550000-0x0000000000584000-memory.dmp

Filesize
208KB

Download
memory/1156-56-0x0000000001FD0000-0x0000000001FEA000-memory.dmp

Filesize
104KB

Download
memory/1156-57-0x00000000004B0000-0x00000000004B6000-memory.dmp

Filesize
24KB

Download
memory/2008-64-0x00000000000C0000-0x00000000000DC000-memory.dmp

Filesize
112KB

Download
memory/2008-61-0x00000000000C0000-0x00000000000DC000-memory.dmp

Filesize
112KB

Download
memory/2008-63-0x00000000000C0000-0x00000000000DC000-memory.dmp

Filesize
112KB

Download
memory/2008-59-0x00000000000C0000-0x00000000000DC000-memory.dmp

Filesize
112KB

Download
memory/2008-66-0x00000000000C0000-0x00000000000DC000-memory.dmp

Filesize
112KB

Download
memory/2008-67-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2008-69-0x00000000000C0000-0x00000000000DC000-memory.dmp

Filesize
112KB

Download
memory/2008-72-0x00000000000C0000-0x00000000000DC000-memory.dmp

Filesize
112KB

Download
memory/2008-75-0x00000000000C0000-0x00000000000DC000-memory.dmp

Filesize
112KB

Download
memory/2008-58-0x00000000000C0000-0x00000000000DC000-memory.dmp

Filesize
112KB

Download