eccebeaa26e771fa679177b8a05aaec028218381007a10993b4dad939245f0e8

Analysis

Target

SecuriteInfo.com.Variant.Midie.109118.23009.exe
Size

948KB
MD5

b050af8aba3a07d5ef9a3de5ab9bc565
SHA1

8d9bc9ef9e929d7fdd6f88b0ecc19da91b07b2d1
SHA256

eccebeaa26e771fa679177b8a05aaec028218381007a10993b4dad939245f0e8
SHA512

a64659ce1caece764a98ec352e25a9273667d8b5ad972b763199975e00ec2426b6eac93aff78d0aff26166b5cb7f8141c620bef23aa49a9d39f88ec42eb6ea86

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1928	SecuriteInfo.com.Variant.Midie.109118.23009.exe
1928	SecuriteInfo.com.Variant.Midie.109118.23009.exe
1928	SecuriteInfo.com.Variant.Midie.109118.23009.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 3832	1928	SecuriteInfo.com.Variant.Midie.109118.23009.exe	80
PID 1928 wrote to memory of 3832	1928	SecuriteInfo.com.Variant.Midie.109118.23009.exe	80
PID 1928 wrote to memory of 3832	1928	SecuriteInfo.com.Variant.Midie.109118.23009.exe	80

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Midie.109118.23009.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Midie.109118.23009.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:3832

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact