Analysis
-
max time kernel
91s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
resource tags
arch:x64arch:x86image:win10v2004-20220414-enlocale:en-usos:windows10-2004-x64system -
submitted
18-07-2022 04:33
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetect.malware2.21162.exe
Resource
win7-20220414-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.AIDetect.malware2.21162.exe
Resource
win10v2004-20220414-en
3 signatures
150 seconds
General
-
Target
SecuriteInfo.com.W32.AIDetect.malware2.21162.exe
-
Size
1.4MB
-
MD5
9156ad371784d9d3639d617e52216f35
-
SHA1
d83523bbbf918da1408faf0fb815456acb862b85
-
SHA256
24c617f6c994a7a2f8520020365669fbd3cf5535f893118cefc39401394c2e15
-
SHA512
fe99810ee3d2c9c970ce30a3a619ab2890fc8024f77e57f9f6e0420d70da18ebd132f61db9623f9ca9815ed4488c955be7893cdd211dfebecf8413a45597a146
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
SecuriteInfo.com.W32.AIDetect.malware2.21162.exepid process 4588 SecuriteInfo.com.W32.AIDetect.malware2.21162.exe 4588 SecuriteInfo.com.W32.AIDetect.malware2.21162.exe 4588 SecuriteInfo.com.W32.AIDetect.malware2.21162.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
SecuriteInfo.com.W32.AIDetect.malware2.21162.exedescription pid process target process PID 4588 wrote to memory of 2592 4588 SecuriteInfo.com.W32.AIDetect.malware2.21162.exe cmd.exe PID 4588 wrote to memory of 2592 4588 SecuriteInfo.com.W32.AIDetect.malware2.21162.exe cmd.exe PID 4588 wrote to memory of 2592 4588 SecuriteInfo.com.W32.AIDetect.malware2.21162.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.21162.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.21162.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4588 -
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵PID:2592