Analysis
-
max time kernel
100s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
01-12-2022 15:35
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe
Resource
win7-20221111-en
General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe
-
Size
1002KB
-
MD5
523dc49d6c29ff597f7fae946ce4ad86
-
SHA1
33207d35ffe3bc6b19ffc016b06432c43961e791
-
SHA256
213fbce6c1598d4cd9a54ec4008f6d531f317e81ed125a046ac1812ab8181f53
-
SHA512
22d7c0c67f299717787653ca00e80843027fa95aae3fb2b890e2b2419f1bd4d6539a0dde889d64171c83f2f06d1d311b6505a973b69b68743ecd1aae71b9b16c
-
SSDEEP
24576:WTiwAAgEEY4b57gcMOUaRsXsbWWsF6NRW:WTQp17gcfZKsbJsoNR
Malware Config
Extracted
formbook
n2hm
XCeG4IxNKbAl
YzJWbnC+El84nA==
KAJcdmP8yEcO5LXPCFF42Wfb
I+J+xYO95GJQWVU=
GtgxPPv3FmQmhw==
Og9NYF4xEl+j7vGTR93xvg==
506Cg07bsT0G6yK+A96H0h35V+JLkwI=
wAYXFN+pSFIXgQ==
ijzLI/f+FmQmhw==
UfT2PweNm+w8
GQWVw5aZnfF/kS5e
30BKYjua9zcA7gAwsPUngLnjyrBNEgo=
AM65OrmyFmQmhw==
VSlTVxISZ4J/kS5e
GGKj6K33SRh6e0/YzT5nQGlK5CXRqw==
B9H98cUUfX+AWOqiTA==
MxVffWOIoVnM37zrd2sTaOY=
z6bxCgG/mGhR7oDzQA==
pQgSLSRi6AK3M/PdArpX
6rRRsYuSnXx/kS5e
tJRNn0ias3Yw
7c4NEQLSp/R/kS5e
TJmwu5Aa/IuRHtoXXQ==
TLoRUygkiJQE5GoRji0aff0=
Y83qB/DsQFYeZzahj6pYqw==
Bup2q3PHFmQmhw==
cDTa78WEWaYMdoDdArpX
28Rw4MRMnjT52raaTR5KhtMJYa8=
WydpZS7v/4XubCZuhkdxP2OAKdyK68u6
B+osKudaL8yAV/K/VAH3T+Q=
qVz9Y0QD3TGeM/PdArpX
+r49VzlFXLpFegdyc4q5ow==
gsXk990afa1hl6ATTA==
XkblOQWRaet/kS5e
4TNPSf2OcfNk9cfPCFF42Wfb
NaIIUEoRdKYr
ITSqBfn5FmQmhw==
KPRUmWnqxVE0hERFtyo=
VLzd1qk6E5wNcQ49KnmhAoT3Ok5roMK4kQ==
65jM2pKJ8EIST04=
I3+JoYVgYgDiv3O15Ntvw0On/sJroMK4kQ==
C+YhNzH20aCpy8MqVw==
yBZRl4HdPn+RHtoXXQ==
pGQATg0mMfntSBR9c4q5ow==
YUKFixIRdKYr
Hv+C4cZTOMAKV+/dArpX
MVW+PJpyCVA=
FX2AJYBFYbgk
/cX1CsjSpvU+
fWoThWagDVhBHt4yMjWQifM=
/vCd69xrS8QwuCt/yD8=
GvAsSzbCRxplG582TKzVug==
S6zlGfJ6DFc4TBNUvig=
k0z/QwnTpfR/kS5e
KPofKfkPcoRqxowFuWWNhvM=
Xrj+JvENc3yBln4OUw==
ScTatpYj/IKRHtoXXQ==
vLRdwbLyTpzFn+dAR93xvg==
mLTJe/eFp2kxl69W
Cbr5/dRQbio2P/e8ay0aff0=
xooviWn51V7DI7mMOwWT4lCIJUlf
l0t7fTmLqSCAuIYIVA==
06xFejwYMSkbfETTiNT21O0=
bWzTF+1nS4kxlydW
madamkikkiey.net
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exedescription pid process target process PID 1632 set thread context of 1172 1632 SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exepid process 1172 SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exedescription pid process target process PID 1632 wrote to memory of 1172 1632 SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe PID 1632 wrote to memory of 1172 1632 SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe PID 1632 wrote to memory of 1172 1632 SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe PID 1632 wrote to memory of 1172 1632 SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe PID 1632 wrote to memory of 1172 1632 SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe PID 1632 wrote to memory of 1172 1632 SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe PID 1632 wrote to memory of 1172 1632 SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.21343.8462.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1172
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1172-64-0x00000000004012B0-mapping.dmp
-
memory/1172-60-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/1172-61-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/1172-63-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/1172-66-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/1172-67-0x0000000000401000-0x000000000042F000-memory.dmpFilesize
184KB
-
memory/1172-68-0x0000000000840000-0x0000000000B43000-memory.dmpFilesize
3.0MB
-
memory/1632-55-0x00000000757B1000-0x00000000757B3000-memory.dmpFilesize
8KB
-
memory/1632-56-0x00000000002D0000-0x00000000002E6000-memory.dmpFilesize
88KB
-
memory/1632-57-0x00000000002F0000-0x00000000002FE000-memory.dmpFilesize
56KB
-
memory/1632-58-0x0000000007DD0000-0x0000000007E66000-memory.dmpFilesize
600KB
-
memory/1632-59-0x0000000004F00000-0x0000000004F5C000-memory.dmpFilesize
368KB
-
memory/1632-54-0x00000000010E0000-0x00000000011E2000-memory.dmpFilesize
1.0MB