Analysis
-
max time kernel
103s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
15-07-2022 10:43
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Symmi.62789.26138.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Symmi.62789.26138.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Variant.Symmi.62789.26138.exe
-
Size
1.3MB
-
MD5
696e80260ef63b7915996c5ae37e3969
-
SHA1
c944a69729abc5d5c757d5e87458d80f1a29c123
-
SHA256
f128b47c15bafda3c7379b8ee62b839d7d9971e5740fe6c2a7f8e1f6b452bec8
-
SHA512
97b472bfe733965a606677e621bbd9247b660ba3a9d7f64ce7ec95539610de7ceeb8af93f34b63a9d1bf76a9fb16bb569bc83139f6749752762bcc4222ae9b2e
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
SecuriteInfo.com.Variant.Symmi.62789.26138.exepid process 2624 SecuriteInfo.com.Variant.Symmi.62789.26138.exe 2624 SecuriteInfo.com.Variant.Symmi.62789.26138.exe 2624 SecuriteInfo.com.Variant.Symmi.62789.26138.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
SecuriteInfo.com.Variant.Symmi.62789.26138.exedescription pid process target process PID 2624 wrote to memory of 2104 2624 SecuriteInfo.com.Variant.Symmi.62789.26138.exe cmd.exe PID 2624 wrote to memory of 2104 2624 SecuriteInfo.com.Variant.Symmi.62789.26138.exe cmd.exe PID 2624 wrote to memory of 2104 2624 SecuriteInfo.com.Variant.Symmi.62789.26138.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Symmi.62789.26138.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Symmi.62789.26138.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624 -
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵PID:2104