Analysis
-
max time kernel
47s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
08-11-2022 10:47
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.MSIL_Agent.DSJ.gen.Eldorado.11406.11467.exe
Resource
win7-20220901-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.MSIL_Agent.DSJ.gen.Eldorado.11406.11467.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
17 signatures
150 seconds
General
-
Target
SecuriteInfo.com.W32.MSIL_Agent.DSJ.gen.Eldorado.11406.11467.exe
-
Size
22KB
-
MD5
1310646bc42b16eb07ffe30fe7ffc2cc
-
SHA1
9b24e599bfdb6ea1f31594400b155daba1e33c5f
-
SHA256
8a07f89b4dee439c3440a9aea91436c3d73f0e07504a0b841b9ac56cb423aca0
-
SHA512
b2ebbb5a836c3ea5c00ba84272b9463d30eded1e955eace75b15f4f1431c5f421b64b40d6cc568ab417358a83fa5c5a0fa4592c33a19c195f69f64764cb017ca
-
SSDEEP
384:ftxafuqsQniJnOUYjxJhT7KSENddXLH51NnnjLYbjmjI:fdoKnXLH51NnnkyjI
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 588 1552 WerFault.exe 25 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1552 SecuriteInfo.com.W32.MSIL_Agent.DSJ.gen.Eldorado.11406.11467.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1552 wrote to memory of 588 1552 SecuriteInfo.com.W32.MSIL_Agent.DSJ.gen.Eldorado.11406.11467.exe 26 PID 1552 wrote to memory of 588 1552 SecuriteInfo.com.W32.MSIL_Agent.DSJ.gen.Eldorado.11406.11467.exe 26 PID 1552 wrote to memory of 588 1552 SecuriteInfo.com.W32.MSIL_Agent.DSJ.gen.Eldorado.11406.11467.exe 26 PID 1552 wrote to memory of 588 1552 SecuriteInfo.com.W32.MSIL_Agent.DSJ.gen.Eldorado.11406.11467.exe 26
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.MSIL_Agent.DSJ.gen.Eldorado.11406.11467.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.MSIL_Agent.DSJ.gen.Eldorado.11406.11467.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1552 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 11362⤵
- Program crash
PID:588
-