f55a1b5389c828a04ebfaf173152da61ff556b886187d5a6747ca191284d739e

Analysis

max time kernel
70s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe
Size

811KB
MD5

e49610b5bf4fb52616b04bb28571b11c
SHA1

753bdc6976b072c73b1e14b1dd92360c057d2719
SHA256

f55a1b5389c828a04ebfaf173152da61ff556b886187d5a6747ca191284d739e
SHA512

535a5d27f1e2bd7ea13b554f6b4f166855aa888f039b783d75cc57669b77999e94afe98d996429cfff3f9364b7ccf625e24343f248f7e9b653f1a60ff15d714f
SSDEEP

12288:51IMvqVUfEu514oS4Q7qmgvX8LMfazSebBvku:51IG49VFCX8EA6u

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe
2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe
2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe
2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe
2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1180	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	26
PID 2000 wrote to memory of 1180	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	26
PID 2000 wrote to memory of 1180	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	26
PID 2000 wrote to memory of 1180	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	26
PID 2000 wrote to memory of 1136	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	27
PID 2000 wrote to memory of 1136	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	27
PID 2000 wrote to memory of 1136	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	27
PID 2000 wrote to memory of 1136	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	27
PID 2000 wrote to memory of 1296	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	28
PID 2000 wrote to memory of 1296	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	28
PID 2000 wrote to memory of 1296	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	28
PID 2000 wrote to memory of 1296	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	28
PID 2000 wrote to memory of 1272	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	29
PID 2000 wrote to memory of 1272	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	29
PID 2000 wrote to memory of 1272	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	29
PID 2000 wrote to memory of 1272	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	29
PID 2000 wrote to memory of 1228	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	30
PID 2000 wrote to memory of 1228	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	30
PID 2000 wrote to memory of 1228	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	30
PID 2000 wrote to memory of 1228	2000	SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe	30

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe
  "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe"
  2⤵
  PID:1180
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe
  "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe"
  2⤵
  PID:1136
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe
  "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe"
  2⤵
  PID:1296
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe
  "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe"
  2⤵
  PID:1272
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe
  "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.3428.24765.exe"
  2⤵
  PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-54-0x00000000003C0000-0x0000000000492000-memory.dmp

Filesize
840KB

Download
memory/2000-55-0x00000000754E1000-0x00000000754E3000-memory.dmp

Filesize
8KB

Download
memory/2000-56-0x00000000045E0000-0x00000000045F8000-memory.dmp

Filesize
96KB

Download
memory/2000-57-0x00000000006A0000-0x00000000006AC000-memory.dmp

Filesize
48KB

Download
memory/2000-58-0x0000000005DF0000-0x0000000005E6A000-memory.dmp

Filesize
488KB

Download
memory/2000-59-0x0000000004660000-0x0000000004680000-memory.dmp

Filesize
128KB

Download