17c4e9bf1981229f104d4a129063f9e41275f092724ccf5c1963999ece12c895

General

Target

SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
Size

2.1MB
MD5

1ac96e37aa2943e23cbeec35fc69036a
SHA1

5ea307c51a3448e2530d9c1879bb62e7ce565260
SHA256

17c4e9bf1981229f104d4a129063f9e41275f092724ccf5c1963999ece12c895
SHA512

684e5c2964333b9a711c8835079634ef716a9515829572abbef37b4491ce9c362779f84a9b966b4eae5482e4706c90d147df56006b1663a79ce5d8aa875d5e00

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

SecuriteInfo.com.W32.AIDetectNet.01.8511.exe

pid	process
860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

SecuriteInfo.com.W32.AIDetectNet.01.8511.exe

description pid process

Token: SeDebugPrivilege 860 SecuriteInfo.com.W32.AIDetectNet.01.8511.exe

description	pid	process
Token: SeDebugPrivilege	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

SecuriteInfo.com.W32.AIDetectNet.01.8511.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:860

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe"
2⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe"
2⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe"
2⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe"
2⤵
PID:1192

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.8511.exe"
2⤵
PID:1104

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/860-54-0x0000000000270000-0x0000000000492000-memory.dmp

Filesize
2.1MB

Download
memory/860-55-0x00000000763C1000-0x00000000763C3000-memory.dmp

Filesize
8KB

Download
memory/860-56-0x00000000004E0000-0x0000000000500000-memory.dmp

Filesize
128KB

Download
memory/860-57-0x00000000008C0000-0x00000000008CE000-memory.dmp

Filesize
56KB

Download
memory/860-58-0x0000000007E60000-0x000000000805A000-memory.dmp

Filesize
2.0MB

Download
memory/860-59-0x0000000005CB0000-0x0000000005E66000-memory.dmp

Filesize
1.7MB

Download

description	pid	process	target process
PID 860 wrote to memory of 2024	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 2024	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 2024	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 2024	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 2012	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 2012	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 2012	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 2012	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 992	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 992	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 992	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 992	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 1192	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 1192	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 1192	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 1192	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 1104	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 1104	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 1104	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe
PID 860 wrote to memory of 1104	860	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe	SecuriteInfo.com.W32.AIDetectNet.01.8511.exe

Analysis

Sharing