Overview

overview

10

Static

static

SecuriteIn...16.exe

windows7_x64

10

SecuriteIn...16.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    65s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    05-07-2022 17:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.W32.AIDetectNet.01.116.exe

  • Size

    849KB

  • MD5

    54171d54525124c7f20e331778ac6dad

  • SHA1

    5cb5e18966d897a54107f84e7f3476fa9b047892

  • SHA256

    4105a93f35bd93ab92bd6a614e876cc5d80b91558119a6ed8674698938ba0212

  • SHA512

    dd72790182dc829e18557a41d7bbf688609d18cf091f92888c9580724108e5a43bd522ef7f99ece2a5f1ae60e4f0f65106b1e95787192fc7692760bf2d742806

Score
10/10
xloaderloaderrat

Malware Config

Signatures

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • Xloader Payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.116.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.116.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.116.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.116.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/836-54-0x0000000000080000-0x000000000015A000-memory.dmp
    Filesize

    872KB

    Download
  • memory/836-55-0x0000000075381000-0x0000000075383000-memory.dmp
    Filesize

    8KB

    Download
  • memory/836-56-0x00000000004E0000-0x0000000000500000-memory.dmp
    Filesize

    128KB

    Download
  • memory/836-57-0x0000000001EE0000-0x0000000001EEE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/836-58-0x0000000005220000-0x00000000052D6000-memory.dmp
    Filesize

    728KB

    Download
  • memory/836-59-0x00000000056A0000-0x0000000005714000-memory.dmp
    Filesize

    464KB

    Download
  • memory/1264-60-0x0000000000400000-0x000000000042C000-memory.dmp
    Filesize

    176KB

    Download
  • memory/1264-61-0x0000000000400000-0x000000000042C000-memory.dmp
    Filesize

    176KB

    Download
  • memory/1264-63-0x0000000000400000-0x000000000042C000-memory.dmp
    Filesize

    176KB

    Download
  • memory/1264-64-0x00000000004201D0-mapping.dmp
    Download
  • memory/1264-65-0x0000000000BD0000-0x0000000000ED3000-memory.dmp
    Filesize

    3.0MB

    Download