Overview

overview

10

Static

static

SecuriteIn...85.exe

windows7-x64

1

SecuriteIn...85.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    62s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2022 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe

  • Size

    860KB

  • MD5

    8b25a4752062e84aebc58310bb34b1a6

  • SHA1

    a438e1909734943a1d6e469de1c5cfd6c645d44c

  • SHA256

    98703e71dc16e27293e0ad64b57db76a8a9344c1eee9c92762aa5392ea9690c4

  • SHA512

    5290963be9b29a7c245837c8a0c52eca84b6ee8444c60170eb8d0b441cdbf4d1fd4238a5973a22e5e4122f679f1976b24ec6b747f6c0f1db84eb5030d057fcbc

  • SSDEEP

    12288:Y30ci+kg586aWHffogoZyULzVm/x9JvnB7NQbxmrM0OP6YXCN:o0Z+B5O8fozZyGzwx9J/xM046Y

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe"
      2⤵
        PID:1940
      • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe
        "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe"
        2⤵
          PID:1528
        • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe
          "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe"
          2⤵
            PID:944
          • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe
            "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe"
            2⤵
              PID:1688
            • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe
              "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PackedNET.389.5617.8285.exe"
              2⤵
                PID:240

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1612-54-0x0000000000350000-0x000000000042E000-memory.dmp
              Filesize

              888KB

              Download
            • memory/1612-55-0x0000000076681000-0x0000000076683000-memory.dmp
              Filesize

              8KB

              Download
            • memory/1612-56-0x00000000005A0000-0x00000000005B6000-memory.dmp
              Filesize

              88KB

              Download
            • memory/1612-57-0x00000000005C0000-0x00000000005CE000-memory.dmp
              Filesize

              56KB

              Download
            • memory/1612-58-0x0000000007EF0000-0x0000000007F78000-memory.dmp
              Filesize

              544KB

              Download
            • memory/1612-59-0x0000000004540000-0x000000000458E000-memory.dmp
              Filesize

              312KB

              Download