Overview

overview

5

Static

static

SecuriteIn...99.exe

windows7-x64

5

SecuriteIn...99.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    46s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2023, 09:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.14307.12199.exe

  • Size

    898KB

  • MD5

    b334a0c29b5e559b17da1d12040f3e2f

  • SHA1

    23e73f5b76aae753529d75d9cb993cc5d0884b38

  • SHA256

    5718c580c8854ea0d8785b26989e890c56f9e5fb9a58a0f1debc4bf71d869a9b

  • SHA512

    b66368371a34ab33462c74df9ba80fea3930edde17077494d6a7e306960687340c50234f8d262228264548c970e68b4db129046745111d5cf30269e48de98e33

  • SSDEEP

    24576:bXP6F0fPXPyXzIq2XYK2KAAQvOYiMpqG4yPa:uWfPXPyX8q2oHKAAQvOYZq

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.14307.12199.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.14307.12199.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.14307.12199.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.14307.12199.exe"
      2⤵
        PID:1192
      • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.14307.12199.exe
        "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.14307.12199.exe"
        2⤵
          PID:1828
        • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.14307.12199.exe
          "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.14307.12199.exe"
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1652

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1308-54-0x0000000000C30000-0x0000000000D16000-memory.dmp

        Filesize

        920KB

        Download

      • memory/1308-55-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1308-56-0x00000000005B0000-0x00000000005C4000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1308-57-0x0000000000A60000-0x0000000000A6A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/1308-58-0x0000000007D80000-0x0000000007E06000-memory.dmp

        Filesize

        536KB

        Download

      • memory/1308-59-0x0000000004610000-0x000000000465C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/1652-60-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/1652-61-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/1652-63-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/1652-65-0x0000000000400000-0x000000000042F000-memory.dmp

        Filesize

        188KB

        Download

      • memory/1652-66-0x0000000000840000-0x0000000000B43000-memory.dmp

        Filesize

        3.0MB

        Download