d1a7c0fe0e6f2790d8603cd7b6dfd10f6f340165eec003b4be8a5b68515f9023 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

SecuriteIn...21.msi

windows7-x64

7

SecuriteIn...21.msi

windows10-2004-x64

7

Sharing

General

Target

SecuriteInfo.com.HEUR.Trojan.Win32.Agent.gen.28945.7721.msi
Size

12.8MB
Sample

230215-s6kp1acd2t
MD5

22499f67ab91bdc43967a3ffd9d4a73a
SHA1

4a660bb1421d3df423702f630c3bde242967def0
SHA256

d1a7c0fe0e6f2790d8603cd7b6dfd10f6f340165eec003b4be8a5b68515f9023
SHA512

78de900d4dcff4f9113829dc521d498e233d68fe2258d0df0a0c1853e436588993fe4ef7fa35fa242e38cbd4374775897310aa1a59ba884a3b7b6961124f42c9
SSDEEP

393216:guJ6RO06ATsQq6IUKqwm1JL8Wl6TJPqsDs:SR/6m27LZm1xFUJPq

Score

7^/10

discovery

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.HEUR.Trojan.Win32.Agent.gen.28945.7721.msi

Resource

win7-20221111-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.HEUR.Trojan.Win32.Agent.gen.28945.7721.msi

Resource

win10v2004-20220812-en

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.HEUR.Trojan.Win32.Agent.gen.28945.7721.msi
- Size
  
  12.8MB
- MD5
  
  22499f67ab91bdc43967a3ffd9d4a73a
- SHA1
  
  4a660bb1421d3df423702f630c3bde242967def0
- SHA256
  
  d1a7c0fe0e6f2790d8603cd7b6dfd10f6f340165eec003b4be8a5b68515f9023
- SHA512
  
  78de900d4dcff4f9113829dc521d498e233d68fe2258d0df0a0c1853e436588993fe4ef7fa35fa242e38cbd4374775897310aa1a59ba884a3b7b6961124f42c9
- SSDEEP
  
  393216:guJ6RO06ATsQq6IUKqwm1JL8Wl6TJPqsDs:SR/6m27LZm1xFUJPq
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy