Overview

overview

10

Static

static

SecuriteIn...69.exe

windows7-x64

10

SecuriteIn...69.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    102s
  • max time network
    42s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2022 17:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.9174.17369.exe

  • Size

    794KB

  • MD5

    577fefe1aeb087c6a32cc4f5419a981a

  • SHA1

    6a8fe3fcd7e19deb22898fdd9595ddbc6efb939b

  • SHA256

    c57a9475d4b8d7811ab189f35fed2acf525f175a77d59a791157d9d52c47b4aa

  • SHA512

    d377b0025f6fd2ef024868ed39facf7203a4fc0506b4e9ed8152bf045253d9d2a57b8a974258473faff90a2b47660b0bfc9b62851d52225ece0123e4148a021c

  • SSDEEP

    12288:dXg6hPKYmFMxemC9G8VcnnjB39/XcFBJyS70kfNws:9g8PKzMoZ9G8qjB3VXc7JOkVws

Score
10/10
formbookp7fgratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

p7fg

Decoy

tYMoF3q831D0aEC4NHHtcl8=

aPEPgLZDsRSCB+RIWTQ=

pqxGyfUYHHgCjldLXAZD4Q==

DpXy2isV0rOfQF8=

FRm9nt1X8hqLaxIIV65dymbqQ8E=

APeyl4TsLxXP04qK

jmbnTU6ZmMSCvDC8Ooa4

bDvPnagKVZAKFEKK3F5e6w==

7cdf2MYiZsNx+hlU00EuY1I=

JFn/bGDIJgMQ1ouI

UlTsY1SAt6ldBkA=

0I2WBzdNT6obuytW1Q==

CclSR6/pCHs61gN2vNMLc1c=

4pXCqvR8xPN0epgMUy8jpB9LnpO0vGugvw==

VyVIrKQBQGwmaBlVVzI=

uoWcGpTsGlMQ1ouI

YGUG55uwuiSy

vowciX211Tb3P5yrGyM=

X1xuWGKzsQaDCORIWTQ=

XGyU9UK/F075DNQAkQaYnZOQ

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.9174.17369.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.9174.17369.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.9174.17369.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.9174.17369.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1116-61-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1116-69-0x0000000000880000-0x0000000000B83000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/1116-68-0x0000000000401000-0x000000000042E000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1116-67-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1116-65-0x00000000004012B0-mapping.dmp

    Download

  • memory/1116-64-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1116-62-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1976-57-0x00000000005F0000-0x0000000000602000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1976-60-0x0000000005B10000-0x0000000005B6A000-memory.dmp

    Filesize

    360KB

    Download

  • memory/1976-59-0x0000000009AD0000-0x0000000009B64000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1976-58-0x0000000005960000-0x000000000596C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1976-54-0x0000000001230000-0x00000000012FE000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1976-56-0x00000000002A0000-0x00000000002B2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1976-55-0x00000000762B1000-0x00000000762B3000-memory.dmp

    Filesize

    8KB

    Download