Analysis
-
max time kernel
150s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 23:31
Behavioral task
behavioral1
Sample
SecuriteInfo.com.FileRepMalware.9786.25455.exe
Resource
win7-20220812-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.FileRepMalware.9786.25455.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
SecuriteInfo.com.FileRepMalware.9786.25455.exe
-
Size
528KB
-
MD5
5a88d8e2be02b85a62a4ac969406b643
-
SHA1
8cf4575add13e7e7fe5d70fb014f0857890a2414
-
SHA256
36ab6110a522e29709f6f3d85c800a8965dd8d222e361a5c7f31d5b85e671d6a
-
SHA512
0efe0bda29031c07d574182bde11da3cf333b47066b0161c243281b44f748906036af295d892bb817d5d5ce197d22f7d4658688f27df7e2fcdbde2ad9b76797b
-
SSDEEP
12288:Ho5mh631p5TsYkg0dWQ02SZ2s6DgGC4i8Rx5I8u4y55t:I5J1p5QaUtszqRpIt5t
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 1 IoCs
Processes:
SecuriteInfo.com.FileRepMalware.9786.25455.exedescription ioc process File opened for modification C:\WINDOWS\system32\drivers\etc\hosts SecuriteInfo.com.FileRepMalware.9786.25455.exe -
Processes:
resource yara_rule behavioral1/memory/1920-55-0x0000000000400000-0x0000000000585000-memory.dmp vmprotect behavioral1/memory/1920-57-0x0000000000400000-0x0000000000585000-memory.dmp vmprotect -
Processes:
SecuriteInfo.com.FileRepMalware.9786.25455.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main SecuriteInfo.com.FileRepMalware.9786.25455.exe -
Modifies Internet Explorer start page 1 TTPs 1 IoCs
Processes:
SecuriteInfo.com.FileRepMalware.9786.25455.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://www.wz123.com/?nuli" SecuriteInfo.com.FileRepMalware.9786.25455.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
SecuriteInfo.com.FileRepMalware.9786.25455.exepid process 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
SecuriteInfo.com.FileRepMalware.9786.25455.exedescription pid process Token: SeDebugPrivilege 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
SecuriteInfo.com.FileRepMalware.9786.25455.exepid process 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe 1920 SecuriteInfo.com.FileRepMalware.9786.25455.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.FileRepMalware.9786.25455.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.FileRepMalware.9786.25455.exe"1⤵
- Drops file in Drivers directory
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1920