Analysis
-
max time kernel
62s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
28-07-2022 04:42
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Symmi.62789.26421.exe
Resource
win7-20220718-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Symmi.62789.26421.exe
Resource
win10v2004-20220721-en
3 signatures
150 seconds
General
-
Target
SecuriteInfo.com.Variant.Symmi.62789.26421.exe
-
Size
1.3MB
-
MD5
5e10013ea2325b25d71fa7731b150c50
-
SHA1
3dc974c7eb43e2728b0dc660915e222f04d21800
-
SHA256
ac08f85dffd331e7c9b5a4ff14b4518b4ad1220effd27215ac827bb2278bbb74
-
SHA512
2ea4216048cceec7ba4e905abd9fd8eef54c24f5b10fb7162dd66e16e5d9c02195c5db6f32fbe9fa02a37fc217dc6d817131637eebb137e854ae3fa82ab36a93
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
SecuriteInfo.com.Variant.Symmi.62789.26421.exepid process 4548 SecuriteInfo.com.Variant.Symmi.62789.26421.exe 4548 SecuriteInfo.com.Variant.Symmi.62789.26421.exe 4548 SecuriteInfo.com.Variant.Symmi.62789.26421.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
SecuriteInfo.com.Variant.Symmi.62789.26421.exedescription pid process target process PID 4548 wrote to memory of 2740 4548 SecuriteInfo.com.Variant.Symmi.62789.26421.exe cmd.exe PID 4548 wrote to memory of 2740 4548 SecuriteInfo.com.Variant.Symmi.62789.26421.exe cmd.exe PID 4548 wrote to memory of 2740 4548 SecuriteInfo.com.Variant.Symmi.62789.26421.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Symmi.62789.26421.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Symmi.62789.26421.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4548 -
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵PID:2740