Overview

overview

10

Static

static

SecuriteIn...62.exe

windows7-x64

10

SecuriteIn...62.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    100s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 15:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe

  • Size

    1002KB

  • MD5

    523dc49d6c29ff597f7fae946ce4ad86

  • SHA1

    33207d35ffe3bc6b19ffc016b06432c43961e791

  • SHA256

    213fbce6c1598d4cd9a54ec4008f6d531f317e81ed125a046ac1812ab8181f53

  • SHA512

    22d7c0c67f299717787653ca00e80843027fa95aae3fb2b890e2b2419f1bd4d6539a0dde889d64171c83f2f06d1d311b6505a973b69b68743ecd1aae71b9b16c

  • SSDEEP

    24576:WTiwAAgEEY4b57gcMOUaRsXsbWWsF6NRW:WTQp17gcfZKsbJsoNR

Score
10/10
formbookn2hmratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

n2hm

Decoy

XCeG4IxNKbAl

YzJWbnC+El84nA==

KAJcdmP8yEcO5LXPCFF42Wfb

I+J+xYO95GJQWVU=

GtgxPPv3FmQmhw==

Og9NYF4xEl+j7vGTR93xvg==

506Cg07bsT0G6yK+A96H0h35V+JLkwI=

wAYXFN+pSFIXgQ==

ijzLI/f+FmQmhw==

UfT2PweNm+w8

GQWVw5aZnfF/kS5e

30BKYjua9zcA7gAwsPUngLnjyrBNEgo=

AM65OrmyFmQmhw==

VSlTVxISZ4J/kS5e

GGKj6K33SRh6e0/YzT5nQGlK5CXRqw==

B9H98cUUfX+AWOqiTA==

MxVffWOIoVnM37zrd2sTaOY=

z6bxCgG/mGhR7oDzQA==

pQgSLSRi6AK3M/PdArpX

6rRRsYuSnXx/kS5e

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1172-64-0x00000000004012B0-mapping.dmp
    Download
  • memory/1172-60-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1172-61-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1172-63-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1172-66-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1172-67-0x0000000000401000-0x000000000042F000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1172-68-0x0000000000840000-0x0000000000B43000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/1632-55-0x00000000757B1000-0x00000000757B3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1632-56-0x00000000002D0000-0x00000000002E6000-memory.dmp
    Filesize

    88KB

    Download
  • memory/1632-57-0x00000000002F0000-0x00000000002FE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1632-58-0x0000000007DD0000-0x0000000007E66000-memory.dmp
    Filesize

    600KB

    Download
  • memory/1632-59-0x0000000004F00000-0x0000000004F5C000-memory.dmp
    Filesize

    368KB

    Download
  • memory/1632-54-0x00000000010E0000-0x00000000011E2000-memory.dmp
    Filesize

    1.0MB

    Download