Overview

overview

10

Static

static

SecuriteIn...49.exe

windows7-x64

10

SecuriteIn...49.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2022 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe

  • Size

    661KB

  • MD5

    b8462af1afb6c95d62624002fcc05726

  • SHA1

    5173feb0360d628a1fd33e00b8860cfe576dff3a

  • SHA256

    672b918c5c82cfed617eeca2ab662854d2e9feef0031f7a72025962f3ee867ca

  • SHA512

    11c25ed18165ffa232828bcbf772d403c16406f85891ed4f6783ba021a9677d9f49628179f8ce9d385974da8ca62054891da25efd6be4092283350f45455636f

  • SSDEEP

    12288:4PuYd+V6b1momPZefNteeJB6s6IvcyOHQ4iPz1r+9Mvp0ThGv2Rg9PuYd+V6b:4PuYd+V6bIomxiNdwuA2F+9MvOmQiPuI

Score
10/10
formbookn2hmratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Campaign

n2hm

Decoy

XCeG4IxNKbAl

YzJWbnC+El84nA==

KAJcdmP8yEcO5LXPCFF42Wfb

I+J+xYO95GJQWVU=

GtgxPPv3FmQmhw==

Og9NYF4xEl+j7vGTR93xvg==

506Cg07bsT0G6yK+A96H0h35V+JLkwI=

wAYXFN+pSFIXgQ==

ijzLI/f+FmQmhw==

UfT2PweNm+w8

GQWVw5aZnfF/kS5e

30BKYjua9zcA7gAwsPUngLnjyrBNEgo=

AM65OrmyFmQmhw==

VSlTVxISZ4J/kS5e

GGKj6K33SRh6e0/YzT5nQGlK5CXRqw==

B9H98cUUfX+AWOqiTA==

MxVffWOIoVnM37zrd2sTaOY=

z6bxCgG/mGhR7oDzQA==

pQgSLSRi6AK3M/PdArpX

6rRRsYuSnXx/kS5e

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:832
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.2588.21949.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/580-63-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/580-60-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/580-61-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/580-64-0x00000000004012B0-mapping.dmp
    Download
  • memory/580-66-0x0000000000400000-0x000000000042F000-memory.dmp
    Filesize

    188KB

    Download
  • memory/580-67-0x0000000000401000-0x000000000042F000-memory.dmp
    Filesize

    184KB

    Download
  • memory/580-68-0x0000000000870000-0x0000000000B73000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/832-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/832-56-0x0000000000230000-0x000000000024A000-memory.dmp
    Filesize

    104KB

    Download
  • memory/832-57-0x0000000000210000-0x000000000021E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/832-58-0x0000000005240000-0x00000000052B0000-memory.dmp
    Filesize

    448KB

    Download
  • memory/832-59-0x00000000009D0000-0x0000000000A04000-memory.dmp
    Filesize

    208KB

    Download
  • memory/832-54-0x00000000013A0000-0x000000000144C000-memory.dmp
    Filesize

    688KB

    Download