Overview

overview

10

Static

static

SecuriteIn...93.exe

windows7_x64

10

SecuriteIn...93.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    06-07-2022 02:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.generic.ml.11693.exe

  • Size

    1.0MB

  • MD5

    b7e7dbddbf21cffd9bc1c8dc94d4a441

  • SHA1

    f224aa8a1b6fcc26c1ebce42166529191381abd5

  • SHA256

    c8fc44d1f9bae45933ba95a20f0aebf0e69f8304ea11a4346e610dfacc8ce049

  • SHA512

    72caa05fd9bb53057ecc0beb0a48505901c1d1f6d76394e3340f4ba9daaf472f95a760634a4943858821b41e2ae887f0ac76aa667c5d4fba72436f0d3f20dc67

Score
10/10
formbookmodiloaderxloaderloaderpersistenceratspywarestealersuricatatrojan

Malware Config

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader
  • suricata: ET MALWARE FormBook CnC Checkin (GET)

    suricata: ET MALWARE FormBook CnC Checkin (GET)

    suricata
  • suricata: ET MALWARE FormBook CnC Checkin (POST) M2

    suricata: ET MALWARE FormBook CnC Checkin (POST) M2

    suricata
  • ModiLoader Second Stage 38 IoCs
  • Xloader Payload 5 IoCs
    rat
  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 44 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.generic.ml.11693.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.generic.ml.11693.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3620
      • C:\Windows\SysWOW64\logagent.exe
        C:\Windows\System32\logagent.exe
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of AdjustPrivilegeToken
        PID:4512
    • C:\Windows\SysWOW64\raserver.exe
      "C:\Windows\SysWOW64\raserver.exe"
      2⤵
      • Adds policy Run key to start application
      • Suspicious use of SetThreadContext
      • Drops file in Program Files directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4376
      • C:\Windows\SysWOW64\cmd.exe
        /c del "C:\Windows\SysWOW64\logagent.exe"
        3⤵
          PID:5088
        • C:\Program Files\Mozilla Firefox\Firefox.exe
          "C:\Program Files\Mozilla Firefox\Firefox.exe"
          3⤵
            PID:1172

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Registry Run Keys / Startup Folder

      1
      T1060

      Privilege Escalation

      Defense Evasion

      Modify Registry

      2
      T1112

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2032-191-0x00000000032D0000-0x0000000003396000-memory.dmp
        Filesize

        792KB

        Download
      • memory/2032-201-0x0000000003690000-0x0000000003748000-memory.dmp
        Filesize

        736KB

        Download
      • memory/2032-199-0x0000000003690000-0x0000000003748000-memory.dmp
        Filesize

        736KB

        Download
      • memory/3620-169-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-149-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-141-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-147-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-171-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-148-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-151-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-150-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-152-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-153-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-155-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-154-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-157-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-156-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-159-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-170-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-160-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-161-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-162-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-164-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-163-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-165-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-167-0x0000000010410000-0x000000001043C000-memory.dmp
        Filesize

        176KB

        Download
      • memory/3620-142-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-145-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-146-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-158-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-173-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-172-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-181-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-180-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-183-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-182-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-185-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-184-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-186-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-187-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-143-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/3620-144-0x0000000005080000-0x00000000050D3000-memory.dmp
        Filesize

        332KB

        Download
      • memory/4376-192-0x0000000000000000-mapping.dmp
        Download
      • memory/4376-195-0x00000000002C0000-0x00000000002DF000-memory.dmp
        Filesize

        124KB

        Download
      • memory/4376-196-0x0000000000E70000-0x0000000000E9C000-memory.dmp
        Filesize

        176KB

        Download
      • memory/4376-197-0x0000000002E30000-0x000000000317A000-memory.dmp
        Filesize

        3.3MB

        Download
      • memory/4376-198-0x0000000002C60000-0x0000000002CF0000-memory.dmp
        Filesize

        576KB

        Download
      • memory/4376-200-0x0000000000E70000-0x0000000000E9C000-memory.dmp
        Filesize

        176KB

        Download
      • memory/4512-190-0x0000000000EB0000-0x0000000000EC1000-memory.dmp
        Filesize

        68KB

        Download
      • memory/4512-193-0x0000000010410000-0x000000001043C000-memory.dmp
        Filesize

        176KB

        Download
      • memory/4512-188-0x0000000002A40000-0x0000000002D8A000-memory.dmp
        Filesize

        3.3MB

        Download
      • memory/4512-168-0x0000000000000000-mapping.dmp
        Download
      • memory/5088-194-0x0000000000000000-mapping.dmp
        Download