Analysis
-
max time kernel
138s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
11-07-2022 03:38
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetect.malware2.7035.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.AIDetect.malware2.7035.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.W32.AIDetect.malware2.7035.exe
-
Size
968KB
-
MD5
98143716c9ca3e964e33754da5ebab93
-
SHA1
d500c6241cd4160b0b1f3b7edf3568e30c1a5906
-
SHA256
2255f928e36f3ca1eccf76cc2b56c135d4ce70f5a0c6c372ffbc20c5fd80c0d1
-
SHA512
f489693e5fa8134f3d648fc734916303c8957b6f9dbe813c46c97130abd4539cabd9f807284805536666b1083380536f483b495bfc7eaa94009cfc796f062d3b
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
SecuriteInfo.com.W32.AIDetect.malware2.7035.exepid process 1908 SecuriteInfo.com.W32.AIDetect.malware2.7035.exe 1908 SecuriteInfo.com.W32.AIDetect.malware2.7035.exe 1908 SecuriteInfo.com.W32.AIDetect.malware2.7035.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
SecuriteInfo.com.W32.AIDetect.malware2.7035.exedescription pid process target process PID 1908 wrote to memory of 3004 1908 SecuriteInfo.com.W32.AIDetect.malware2.7035.exe cmd.exe PID 1908 wrote to memory of 3004 1908 SecuriteInfo.com.W32.AIDetect.malware2.7035.exe cmd.exe PID 1908 wrote to memory of 3004 1908 SecuriteInfo.com.W32.AIDetect.malware2.7035.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.7035.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.7035.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908 -
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵PID:3004
-