Overview

overview

10

Static

static

SecuriteIn...01.exe

windows7-x64

10

SecuriteIn...01.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-12-2022 08:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.PackedNET.1701.5400.1001.exe

  • Size

    1.0MB

  • MD5

    d8896273f6e3976c0051d2985fca39d3

  • SHA1

    ffa987faeda3e9d6a912b63dbd8fb7adf105fa8f

  • SHA256

    773e21380e7b28202c6c142d4562bcfd733de46ffa3e63a1351dd2860c065a94

  • SHA512

    8f90bf50ec129b11e06dc7f48f13399a4b59d67f2daf6043a5fcd5d6b9f6dd584a9bc86a7586056720c79ed834b5b2f31ae2c52018c2d4678f02de5a4fc00d38

  • SSDEEP

    24576:TrqkTiwAAgEEY4BjH04VwMQJXP7XLBRFPG1e/1:HTQpfVwMMP7XL7Fu1eN

Score
10/10
formbookfh8pratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

fh8p

Decoy

51F23EN4Txw0zl7VSV72h3U1

r51e7umgAYu/WtxeMGHnGxLw2sBpOeZJ

IQ38brXAkQLFMYHztA==

ZsVI1+ZC1m5iov4xpA==

3sltsjJTHbqCqj4yzxAxSg==

cd/wV6bAp00lenVgURspAmkDrXpY

FPiMqs88TyH2LcbQ

B+tfkhM6CKKnkwHY

3UG4Fv6Z1YbVcKhGADQ=

7HWXwp4acUvZid/eOwbUBPCsF+4=

cFmdzrE0gUTDYnlFzxAxSg==

NZ68/khRFLankwHY

iwOpJcLSmHX2LcbQ

Riu+/F9kYTgDK5SAc0Rmsmcs

F2wn+jKjVAwF

Z77ISAWVozHM7Xs/XIK5

V71c6sFWuV6uagGJWMUBxCs=

JvYlUje3B95h+Ts+jv61WcvMdO4AdzSVjQ==

fOMJf5pQ2nKHJn3XzxAxSg==

5k9hflzYDY/GQnjazxAxSg==

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.1701.5400.1001.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.1701.5400.1001.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.1701.5400.1001.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.1701.5400.1001.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1192-137-0x0000000000000000-mapping.dmp
    Download
  • memory/1192-138-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1192-140-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1192-141-0x0000000000401000-0x000000000042F000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1192-142-0x0000000001850000-0x0000000001B9A000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/4452-132-0x00000000001F0000-0x0000000000304000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/4452-133-0x0000000005380000-0x0000000005924000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/4452-134-0x0000000004CC0000-0x0000000004D52000-memory.dmp
    Filesize

    584KB

    Download
  • memory/4452-135-0x0000000004CB0000-0x0000000004CBA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/4452-136-0x0000000008A70000-0x0000000008B0C000-memory.dmp
    Filesize

    624KB

    Download