Overview

overview

10

Static

static

SecuriteIn...34.exe

windows7-x64

10

SecuriteIn...34.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    45s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2022 08:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.15138.11934.exe

  • Size

    574KB

  • MD5

    86c10e4e706dc6cabdca6a256914618f

  • SHA1

    0846b6ded598fda3d551c109f9fc1308a7cf2571

  • SHA256

    45fe03f1377e4f9dda19c68d7d29f051e1af299a6c6b0603fe25e79d69422e37

  • SHA512

    ac72a540f9aa78fd069f451b92c3c2d7259ef5e95c1c7ce2dab6ff216bd8ab982271a3c749a3716aff75cf0d5b00da20de1c2f38b91cddf050e3c082485abb45

  • SSDEEP

    12288:Kq+RYMqK60dw91na41WNd3Fzdi+2XeNHjoO+nX:Kq4YZ0d8l1WnP

Score
10/10
formbookndgiratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ndgi

Decoy

vuicotvxrejp3il.xyz

w3fa6.net

sappuno02.com

konstruksirumah.xyz

usalifehealth.com

and1f.xyz

atenmentfstinfdow.beauty

primepipe.net

roundhouseny.com

alexandermcqueen.icu

transporteavalos.com

spankmetaverse.xyz

jhccowholesale.com

bielefeldgebaeudereinigung.com

saintraphaelschool.com

larifaa.online

dejabrew.info

izabelaeraphael.com

granniestoneet.com

greensourceseed.com

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Formbook payload 2 IoCs
    rat
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.15138.11934.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.15138.11934.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.15138.11934.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.15138.11934.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1308-60-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1308-61-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1308-64-0x000000000041F180-mapping.dmp
    Download
  • memory/1308-63-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1308-65-0x00000000008F0000-0x0000000000BF3000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/1812-54-0x0000000000330000-0x00000000003C6000-memory.dmp
    Filesize

    600KB

    Download
  • memory/1812-55-0x0000000076091000-0x0000000076093000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1812-56-0x0000000000280000-0x0000000000296000-memory.dmp
    Filesize

    88KB

    Download
  • memory/1812-57-0x00000000002A0000-0x00000000002AE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1812-58-0x0000000005010000-0x0000000005080000-memory.dmp
    Filesize

    448KB

    Download
  • memory/1812-59-0x0000000000570000-0x00000000005A4000-memory.dmp
    Filesize

    208KB

    Download