Overview

overview

10

Static

static

SecuriteIn...46.exe

windows7-x64

3

SecuriteIn...46.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    47s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02-12-2022 06:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win32.CrypterX-gen.12100.1746.exe

  • Size

    1015KB

  • MD5

    17a3633b6f0ddc4b4429163f3469fa81

  • SHA1

    5accb3182865a75312a64e87431278f1072b81ca

  • SHA256

    be6eddee7716fd87a1ff8c8b407bc3895b6acb165ecbaec087f1ebc4914d438c

  • SHA512

    83afc20ba452faccfc1dd7620286e8bcee36ca80d24e4d8613947c2499f5bc0f9e4500b720aa299365c0fdcf4a482a693ad7bc98aad60c6c87183a659fc52a11

  • SSDEEP

    12288:MwmIyhLfp/sVfdcYjBpxInkHKnnM4gngscPUYZYq0FCblKqQjL9QzX7BIBi8pV4c:9mBhS7uIKnMTXJu6UxKLjJQ5B8pnzTx

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.CrypterX-gen.12100.1746.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.CrypterX-gen.12100.1746.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1092
    • C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\CpRpiOTi" /XML "C:\Users\Admin\AppData\Local\Temp\tmpAF53.tmp"
      2⤵
      • Creates scheduled task(s)
      PID:808
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.CrypterX-gen.12100.1746.exe
      "{path}"
      2⤵
        PID:1320
      • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.CrypterX-gen.12100.1746.exe
        "{path}"
        2⤵
          PID:820
        • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.CrypterX-gen.12100.1746.exe
          "{path}"
          2⤵
            PID:1452
          • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.CrypterX-gen.12100.1746.exe
            "{path}"
            2⤵
              PID:1164
            • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.CrypterX-gen.12100.1746.exe
              "{path}"
              2⤵
                PID:2028

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\tmpAF53.tmp
              Filesize

              1KB

              MD5

              c002f66a1c005cb2566be21fca207bb0

              SHA1

              fb97741bd5002597cc7806d295bafcb0aa9719df

              SHA256

              8983762b8ebfacbc1eba586d696dec6bd1f71ec72dc8fa5b10a0efac0e01eaaa

              SHA512

              cc39db487bc07bb270c3d6d033a3d001518bce005aec81f68799bf892cde0a9487ae81ddd789b36990e4e5b384eef80b25c3b33c6374e32249d9c9bd1b7ddfb0

              Download Submit

            • memory/808-59-0x0000000000000000-mapping.dmp

              Download

            • memory/1092-54-0x00000000003F0000-0x00000000004F4000-memory.dmp

              Filesize

              1.0MB

              Download

            • memory/1092-55-0x0000000074C91000-0x0000000074C93000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1092-56-0x0000000000390000-0x00000000003A2000-memory.dmp

              Filesize

              72KB

              Download

            • memory/1092-57-0x0000000005CD0000-0x0000000005D68000-memory.dmp

              Filesize

              608KB

              Download

            • memory/1092-58-0x0000000004F30000-0x0000000004F82000-memory.dmp

              Filesize

              328KB

              Download