Overview

overview

10

Static

static

SecuriteIn...97.exe

windows7-x64

6

SecuriteIn...97.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220718-en
  • resource tags

    arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
  • submitted
    27-07-2022 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.W32.AIDetectNet.01.22897.exe

  • Size

    825KB

  • MD5

    f10789db721c1dfdf2e74554508f23e7

  • SHA1

    12a2fb70d4e7358fc53e5f19ddfc91ae0f2ea018

  • SHA256

    5e26cb68b7cd24df50916757dd43c5357bcee359d05d8d8649749fdce26d540c

  • SHA512

    72a4cf5ca2d2fe08ee4b1b667e215801d750d1d8580d1fad90e06f0caf579b23969cda58a3534c1777a9617470aac784ba13ce4587ea3e856e7d2858480b7e49

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 44 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAALQBTAGUAYwBvAG4AZABzACAAMQAwAA==
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1604
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
      C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
      2⤵
        PID:964
      • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
        C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
        2⤵
          PID:2028
        • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
          C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
          2⤵
            PID:1112
          • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
            C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
            2⤵
              PID:916
            • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
              C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
              2⤵
                PID:908
              • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
                C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
                2⤵
                  PID:1784
                • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
                  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
                  2⤵
                    PID:1076
                  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
                    C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
                    2⤵
                      PID:288
                    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
                      C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
                      2⤵
                        PID:268
                      • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
                        C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.22897.exe
                        2⤵
                          PID:560

                      Network

                      MITRE ATT&CK Enterprise v6

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • memory/1604-60-0x000000006FAB0000-0x000000007005B000-memory.dmp

                        Filesize

                        5.7MB

                        Download

                      • memory/1604-61-0x000000006FAB0000-0x000000007005B000-memory.dmp

                        Filesize

                        5.7MB

                        Download

                      • memory/1912-54-0x0000000000140000-0x0000000000214000-memory.dmp

                        Filesize

                        848KB

                        Download

                      • memory/1912-55-0x0000000004950000-0x0000000004A12000-memory.dmp

                        Filesize

                        776KB

                        Download

                      • memory/1912-56-0x0000000000800000-0x0000000000892000-memory.dmp

                        Filesize

                        584KB

                        Download

                      • memory/1912-57-0x0000000076071000-0x0000000076073000-memory.dmp

                        Filesize

                        8KB

                        Download