Overview

overview

10

Static

static

SecuriteIn...41.exe

windows7-x64

10

SecuriteIn...41.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    54s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 17:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.PackedNET.389.22386.8541.exe

  • Size

    552KB

  • MD5

    b715de27a553217c49d78c598bb21369

  • SHA1

    881f25a7c5c4f20d503a60d2824ab9df0382bf7b

  • SHA256

    95f44db4638c9a3804bffdb3c202b3de5a503a3847606dec40996524af217faf

  • SHA512

    cf1ce92ebc822e4c9de9cb329f3bf5bf80430a6e7e4fdc6ecf84a06ffd818599339724d29ef85e97919c3b0183dbcd0c365b37c90660a8efb0f6e848f4850df2

  • SSDEEP

    12288:gWoHX/RF7mXZF6rslyyGG8arnuTeokpcaTy+yHKoN9jq:XOjSSr3yGmzaUyRj9j

Score
10/10
formbooktz8tratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

tz8t

Decoy

ny77rjODcxSfmMf2

Ro4c30aR3N8pqxgoKOH0nKpZ1DM=

Xz784MkvjnVyiOwsbwxpwblQv47KIw==

8E5DQ8nbaEVgDiQqlbCmBos=

n+Jwl1GgHG8xHU1BsHDG

KImMWN0zhg/fESvJ2Nc=

4NkRrZjFCmbstx7pIg==

kephKeYrhstVQqQYSObEksSLgDY=

pepRAInR/Ngl0ybL/xL+xaOJc2GUt9g=

0LcrLqfr4sQR9hDlIg==

WfSuYQ9im6fudNHAuU4qnBQwqlKg

SxQnURRzi2WtMVt/vNk=

iz4tST2moq0zPngkKg==

eLUdrzCjBM/pmw6rqF8sBRjLcc9OFtA=

+4qzyKMNHP4/6UoaVVp6VWhKbi8=

JOxXem3SKvkKf7xTTOdC9p8FMA==

anepSdQmIC6nN2795qU6Bm/qXvZ9x3a9

5k32ENdAijGAfu5OggFjy5Q=

2us845cGIIQ7LZEBArySuEk53z4=

Y48EB4G+/0vY3h9NmaVhJP9bv47KIw==

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.22386.8541.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.22386.8541.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.22386.8541.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.22386.8541.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1080-64-0x00000000004012B0-mapping.dmp
    Download
  • memory/1080-60-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1080-61-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1080-63-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1080-66-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/1080-67-0x0000000000401000-0x000000000042F000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1080-68-0x0000000000930000-0x0000000000C33000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/1980-55-0x0000000075981000-0x0000000075983000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1980-56-0x00000000008F0000-0x0000000000906000-memory.dmp
    Filesize

    88KB

    Download
  • memory/1980-57-0x0000000000A00000-0x0000000000A0E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1980-58-0x0000000004D30000-0x0000000004DA0000-memory.dmp
    Filesize

    448KB

    Download
  • memory/1980-59-0x0000000004550000-0x0000000004584000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1980-54-0x0000000000180000-0x000000000020A000-memory.dmp
    Filesize

    552KB

    Download