24c617f6c994a7a2f8520020365669fbd3cf5535f893118cefc39401394c2e15

Resubmissions

18-07-2022 04:41

220718-fa5dbaafek 10

18-07-2022 04:33

220718-e6hzhsafbm 10

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
resource tags

arch:x64arch:x86image:win7-20220414-enlocale:en-usos:windows7-x64system
submitted
18-07-2022 04:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.W32.AIDetect.malware2.21162.exe
Size

1.4MB
MD5

9156ad371784d9d3639d617e52216f35
SHA1

d83523bbbf918da1408faf0fb815456acb862b85
SHA256

24c617f6c994a7a2f8520020365669fbd3cf5535f893118cefc39401394c2e15
SHA512

fe99810ee3d2c9c970ce30a3a619ab2890fc8024f77e57f9f6e0420d70da18ebd132f61db9623f9ca9815ed4488c955be7893cdd211dfebecf8413a45597a146

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

SecuriteInfo.com.W32.AIDetect.malware2.21162.exe

pid	process
812	SecuriteInfo.com.W32.AIDetect.malware2.21162.exe
812	SecuriteInfo.com.W32.AIDetect.malware2.21162.exe
812	SecuriteInfo.com.W32.AIDetect.malware2.21162.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

SecuriteInfo.com.W32.AIDetect.malware2.21162.exe

description	pid	process	target process
PID 812 wrote to memory of 1716	812	SecuriteInfo.com.W32.AIDetect.malware2.21162.exe	cmd.exe
PID 812 wrote to memory of 1716	812	SecuriteInfo.com.W32.AIDetect.malware2.21162.exe	cmd.exe
PID 812 wrote to memory of 1716	812	SecuriteInfo.com.W32.AIDetect.malware2.21162.exe	cmd.exe
PID 812 wrote to memory of 1716	812	SecuriteInfo.com.W32.AIDetect.malware2.21162.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.21162.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.21162.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:812

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
2⤵
PID:1716

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/812-56-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download
memory/1716-57-0x0000000000000000-mapping.dmp

Download