Analysis
-
max time kernel
42s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
05-12-2022 15:32
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe
Resource
win10v2004-20220812-en
General
-
Target
SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe
-
Size
1.1MB
-
MD5
9a0b108728953eb056acabd5838eb96f
-
SHA1
30c00233cb6c7a838aaca427764daec8e8f861bc
-
SHA256
1223d62bc266486dd7cae8cad10de9ef5b60fa1a7dd9113723613758d38845b8
-
SHA512
2b0880aac549d13546daa3aee8087f3ece2f74be4e2817a0529e5a0ad6e38ff134606387f9df19a709b771bd772abc5ec55aba18ae829dd92599e48d9f50347a
-
SSDEEP
24576:FYAMOoEzlK3c8wwmx4Q1xNBR4maitt4f8OSKwz7NGIm:FFoEOmuExNBOvKtGSKwfNa
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exepid process 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exedescription pid process Token: SeDebugPrivilege 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exedescription pid process target process PID 1048 wrote to memory of 888 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 888 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 888 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 888 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 860 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 860 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 860 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 860 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 768 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 768 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 768 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 768 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 1380 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 1380 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 1380 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 1380 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 468 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 468 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 468 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe PID 1048 wrote to memory of 468 1048 SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.HacktoolX-gen.28418.13356.exe"{path}"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1048-54-0x00000000003C0000-0x00000000004DE000-memory.dmpFilesize
1.1MB
-
memory/1048-55-0x00000000759F1000-0x00000000759F3000-memory.dmpFilesize
8KB
-
memory/1048-56-0x00000000003B0000-0x00000000003C2000-memory.dmpFilesize
72KB
-
memory/1048-57-0x00000000053A0000-0x000000000543C000-memory.dmpFilesize
624KB
-
memory/1048-58-0x0000000005490000-0x00000000054E8000-memory.dmpFilesize
352KB