Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
05-12-2022 10:38
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe
Resource
win7-20220901-en
General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe
-
Size
661KB
-
MD5
b8462af1afb6c95d62624002fcc05726
-
SHA1
5173feb0360d628a1fd33e00b8860cfe576dff3a
-
SHA256
672b918c5c82cfed617eeca2ab662854d2e9feef0031f7a72025962f3ee867ca
-
SHA512
11c25ed18165ffa232828bcbf772d403c16406f85891ed4f6783ba021a9677d9f49628179f8ce9d385974da8ca62054891da25efd6be4092283350f45455636f
-
SSDEEP
12288:4PuYd+V6b1momPZefNteeJB6s6IvcyOHQ4iPz1r+9Mvp0ThGv2Rg9PuYd+V6b:4PuYd+V6bIomxiNdwuA2F+9MvOmQiPuI
Malware Config
Extracted
formbook
n2hm
XCeG4IxNKbAl
YzJWbnC+El84nA==
KAJcdmP8yEcO5LXPCFF42Wfb
I+J+xYO95GJQWVU=
GtgxPPv3FmQmhw==
Og9NYF4xEl+j7vGTR93xvg==
506Cg07bsT0G6yK+A96H0h35V+JLkwI=
wAYXFN+pSFIXgQ==
ijzLI/f+FmQmhw==
UfT2PweNm+w8
GQWVw5aZnfF/kS5e
30BKYjua9zcA7gAwsPUngLnjyrBNEgo=
AM65OrmyFmQmhw==
VSlTVxISZ4J/kS5e
GGKj6K33SRh6e0/YzT5nQGlK5CXRqw==
B9H98cUUfX+AWOqiTA==
MxVffWOIoVnM37zrd2sTaOY=
z6bxCgG/mGhR7oDzQA==
pQgSLSRi6AK3M/PdArpX
6rRRsYuSnXx/kS5e
tJRNn0ias3Yw
7c4NEQLSp/R/kS5e
TJmwu5Aa/IuRHtoXXQ==
TLoRUygkiJQE5GoRji0aff0=
Y83qB/DsQFYeZzahj6pYqw==
Bup2q3PHFmQmhw==
cDTa78WEWaYMdoDdArpX
28Rw4MRMnjT52raaTR5KhtMJYa8=
WydpZS7v/4XubCZuhkdxP2OAKdyK68u6
B+osKudaL8yAV/K/VAH3T+Q=
qVz9Y0QD3TGeM/PdArpX
+r49VzlFXLpFegdyc4q5ow==
gsXk990afa1hl6ATTA==
XkblOQWRaet/kS5e
4TNPSf2OcfNk9cfPCFF42Wfb
NaIIUEoRdKYr
ITSqBfn5FmQmhw==
KPRUmWnqxVE0hERFtyo=
VLzd1qk6E5wNcQ49KnmhAoT3Ok5roMK4kQ==
65jM2pKJ8EIST04=
I3+JoYVgYgDiv3O15Ntvw0On/sJroMK4kQ==
C+YhNzH20aCpy8MqVw==
yBZRl4HdPn+RHtoXXQ==
pGQATg0mMfntSBR9c4q5ow==
YUKFixIRdKYr
Hv+C4cZTOMAKV+/dArpX
MVW+PJpyCVA=
FX2AJYBFYbgk
/cX1CsjSpvU+
fWoThWagDVhBHt4yMjWQifM=
/vCd69xrS8QwuCt/yD8=
GvAsSzbCRxplG582TKzVug==
S6zlGfJ6DFc4TBNUvig=
k0z/QwnTpfR/kS5e
KPofKfkPcoRqxowFuWWNhvM=
Xrj+JvENc3yBln4OUw==
ScTatpYj/IKRHtoXXQ==
vLRdwbLyTpzFn+dAR93xvg==
mLTJe/eFp2kxl69W
Cbr5/dRQbio2P/e8ay0aff0=
xooviWn51V7DI7mMOwWT4lCIJUlf
l0t7fTmLqSCAuIYIVA==
06xFejwYMSkbfETTiNT21O0=
bWzTF+1nS4kxlydW
madamkikkiey.net
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exedescription pid process target process PID 832 set thread context of 580 832 SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exepid process 580 SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exedescription pid process target process PID 832 wrote to memory of 580 832 SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe PID 832 wrote to memory of 580 832 SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe PID 832 wrote to memory of 580 832 SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe PID 832 wrote to memory of 580 832 SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe PID 832 wrote to memory of 580 832 SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe PID 832 wrote to memory of 580 832 SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe PID 832 wrote to memory of 580 832 SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/580-63-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/580-60-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/580-61-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/580-64-0x00000000004012B0-mapping.dmp
-
memory/580-66-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/580-67-0x0000000000401000-0x000000000042F000-memory.dmpFilesize
184KB
-
memory/580-68-0x0000000000870000-0x0000000000B73000-memory.dmpFilesize
3.0MB
-
memory/832-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmpFilesize
8KB
-
memory/832-56-0x0000000000230000-0x000000000024A000-memory.dmpFilesize
104KB
-
memory/832-57-0x0000000000210000-0x000000000021E000-memory.dmpFilesize
56KB
-
memory/832-58-0x0000000005240000-0x00000000052B0000-memory.dmpFilesize
448KB
-
memory/832-59-0x00000000009D0000-0x0000000000A04000-memory.dmpFilesize
208KB
-
memory/832-54-0x00000000013A0000-0x000000000144C000-memory.dmpFilesize
688KB