Overview

overview

10

Static

static

SecuriteIn...34.exe

windows7-x64

3

SecuriteIn...34.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    65s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25-08-2022 09:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.W32.AIDetectNet.01.15534.exe

  • Size

    713KB

  • MD5

    aebb05f6834535c412ba7ccea11c5eec

  • SHA1

    306b3aca470ccb23f88c18999da1d4b53346a79d

  • SHA256

    279f8bd4621f977e47756985c0cbf14e03c7f15c5200e83f03517a73649aa893

  • SHA512

    91b24bf1647211c507c0c69c5b4058cf5785cc58327e7cb1789ef772eeb832cdfed70b9f43d957597be04795cb995b77a07528176564f5800bc3cde245c0ca12

  • SSDEEP

    12288:EAGfi8JQfIT/0e5hz9bUVXhu8gqmU5qZ4Fb4eRO/zqA8RrBncXnPy:ofi8SfIT/0shbM4J4qMtRaeA8tB8Py

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.15534.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.15534.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:916
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\XIhCRld.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1316
    • C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\XIhCRld" /XML "C:\Users\Admin\AppData\Local\Temp\tmp648.tmp"
      2⤵
      • Creates scheduled task(s)
      PID:1248
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.15534.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.15534.exe"
      2⤵
        PID:592
      • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.15534.exe
        "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.15534.exe"
        2⤵
          PID:320
        • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.15534.exe
          "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.15534.exe"
          2⤵
            PID:596
          • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.15534.exe
            "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.15534.exe"
            2⤵
              PID:268
            • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.15534.exe
              "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetectNet.01.15534.exe"
              2⤵
                PID:1912

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\tmp648.tmp
              Filesize

              1KB

              MD5

              a0e838ff21b5960e45bf6171ca4af40a

              SHA1

              735321168365470320e63c24c0cf92e28e409a68

              SHA256

              84fab670c28ddb35364013b1cf9029cc5418e403f49fa99f152a3051dbb7b91b

              SHA512

              6c5c38097b8ff344a5129911845ec3d4f7a5170e4d791b6d54311db71b2b48dff76425dd0afd351f37f22d14ff6dc94b7521149fec1198c181094b4e41d96005

              Download Submit

            • memory/916-54-0x0000000000370000-0x0000000000428000-memory.dmp

              Filesize

              736KB

              Download

            • memory/916-55-0x0000000076091000-0x0000000076093000-memory.dmp

              Filesize

              8KB

              Download

            • memory/916-56-0x0000000000560000-0x000000000057A000-memory.dmp

              Filesize

              104KB

              Download

            • memory/916-57-0x00000000006B0000-0x00000000006BC000-memory.dmp

              Filesize

              48KB

              Download

            • memory/916-58-0x00000000054A0000-0x000000000551E000-memory.dmp

              Filesize

              504KB

              Download

            • memory/916-63-0x0000000005060000-0x000000000508E000-memory.dmp

              Filesize

              184KB

              Download

            • memory/1248-60-0x0000000000000000-mapping.dmp

              Download

            • memory/1316-59-0x0000000000000000-mapping.dmp

              Download

            • memory/1316-64-0x000000006E9A0000-0x000000006EF4B000-memory.dmp

              Filesize

              5.7MB

              Download