formbook | ba13a69fc8a1e72eef1f7147733779653cef8420f2492b4e1c4d73546d654b76

Analysis

max time kernel
95s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2023, 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
Size

936KB
MD5

e9818bdb92bb29bc70855a3060436332
SHA1

d7c511eeca61f564fcfbbac30853b433469d37b7
SHA256

ba13a69fc8a1e72eef1f7147733779653cef8420f2492b4e1c4d73546d654b76
SHA512

d2ec3881dc607ed4e96bc1070288a979d359cde22efb050d33b62cb3257bfa961640cb35b5a2016e896f248d7acb0ccfb359707e30b81330bc63c44cbe6c5a64
SSDEEP

12288:beJcp2l+38aYZDW5dAQAMg9+Iyok7dDwKDxSKD/cEJywyHcoF9oai:becU4

Score

10^/10

formbook m8nt rat spyware stealer trojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

m8nt

Decoy

australianews24.com

ashleyoldham.com

lqxy888.com

giftbasketsplaza.com

3369a.com

cursodeendometriosis.com

whatisayahuasca.net

sskibele.com

bairdtelevision.world

flashmountainflood.com

aprylmarie.online

ox7979.com

richardleniek.com

joinvoyager.club

nebysw.com

bulebush.net

metalroofing.store

landbbookkeeping.com

socialrejectssyndicate.com

opulantsolutions.com

Signatures

Formbook
Formbook is a data stealing malware which is capable of stealing data.
trojan spyware stealer formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
behavioral2/memory/2808-135-0x0000000000400000-0x000000000042F000-memory.dmp	formbook

Suspicious use of SetThreadContext 14 IoCs

description	pid	Process	procid_target
PID 3664 set thread context of 2808	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	84
PID 3664 set thread context of 1988	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	87
PID 3664 set thread context of 4584	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	91
PID 3664 set thread context of 4552	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	93
PID 3664 set thread context of 4084	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	96
PID 3664 set thread context of 4184	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	97
PID 3664 set thread context of 1796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	98
PID 3664 set thread context of 4796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	99
PID 3664 set thread context of 2332	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	101
PID 3664 set thread context of 1568	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	102
PID 3664 set thread context of 3316	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	107
PID 3664 set thread context of 4388	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	108
PID 3664 set thread context of 3512	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	109
PID 3664 set thread context of 4944	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	111

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2184	4944	WerFault.exe	111

Suspicious behavior: EnumeratesProcesses 54 IoCs

pid	Process
2808	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
2808	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
1988	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
1988	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
4584	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
4584	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
4552	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
4552	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
4084	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
4084	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
4184	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
4184	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
1796	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
1796	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
4796	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
4796	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
2332	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
2332	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
1568	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
1568	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3316	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3316	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
4388	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
4388	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3512	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3512	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
4944	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 2808	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	84
PID 3664 wrote to memory of 2808	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	84
PID 3664 wrote to memory of 2808	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	84
PID 3664 wrote to memory of 2808	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	84
PID 3664 wrote to memory of 2808	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	84
PID 3664 wrote to memory of 2808	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	84
PID 3664 wrote to memory of 2808	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	84
PID 3664 wrote to memory of 1988	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	87
PID 3664 wrote to memory of 1988	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	87
PID 3664 wrote to memory of 1988	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	87
PID 3664 wrote to memory of 1988	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	87
PID 3664 wrote to memory of 1988	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	87
PID 3664 wrote to memory of 1988	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	87
PID 3664 wrote to memory of 1988	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	87
PID 3664 wrote to memory of 1392	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	89
PID 3664 wrote to memory of 1392	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	89
PID 3664 wrote to memory of 1392	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	89
PID 3664 wrote to memory of 4196	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	90
PID 3664 wrote to memory of 4196	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	90
PID 3664 wrote to memory of 4196	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	90
PID 3664 wrote to memory of 4584	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	91
PID 3664 wrote to memory of 4584	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	91
PID 3664 wrote to memory of 4584	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	91
PID 3664 wrote to memory of 4584	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	91
PID 3664 wrote to memory of 4584	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	91
PID 3664 wrote to memory of 4584	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	91
PID 3664 wrote to memory of 4584	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	91
PID 3664 wrote to memory of 4552	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	93
PID 3664 wrote to memory of 4552	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	93
PID 3664 wrote to memory of 4552	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	93
PID 3664 wrote to memory of 4552	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	93
PID 3664 wrote to memory of 4552	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	93
PID 3664 wrote to memory of 4552	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	93
PID 3664 wrote to memory of 4552	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	93
PID 3664 wrote to memory of 4084	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	96
PID 3664 wrote to memory of 4084	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	96
PID 3664 wrote to memory of 4084	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	96
PID 3664 wrote to memory of 4084	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	96
PID 3664 wrote to memory of 4084	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	96
PID 3664 wrote to memory of 4084	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	96
PID 3664 wrote to memory of 4084	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	96
PID 3664 wrote to memory of 4184	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	97
PID 3664 wrote to memory of 4184	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	97
PID 3664 wrote to memory of 4184	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	97
PID 3664 wrote to memory of 4184	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	97
PID 3664 wrote to memory of 4184	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	97
PID 3664 wrote to memory of 4184	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	97
PID 3664 wrote to memory of 4184	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	97
PID 3664 wrote to memory of 1796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	98
PID 3664 wrote to memory of 1796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	98
PID 3664 wrote to memory of 1796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	98
PID 3664 wrote to memory of 1796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	98
PID 3664 wrote to memory of 1796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	98
PID 3664 wrote to memory of 1796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	98
PID 3664 wrote to memory of 1796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	98
PID 3664 wrote to memory of 4796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	99
PID 3664 wrote to memory of 4796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	99
PID 3664 wrote to memory of 4796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	99
PID 3664 wrote to memory of 4796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	99
PID 3664 wrote to memory of 4796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	99
PID 3664 wrote to memory of 4796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	99
PID 3664 wrote to memory of 4796	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	99
PID 3664 wrote to memory of 1748	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	100
PID 3664 wrote to memory of 1748	3664	SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe	100

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2808
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1988
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  PID:1392
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  PID:4196
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1796
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  PID:1748
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2332
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  PID:1556
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  PID:4112
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  PID:5092
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3512
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  PID:4772
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46909731.11442.27319.exe
  2⤵
  - Suspicious use of UnmapMainImage
  PID:4944
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 12
    3⤵
    - Program crash
    PID:2184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4944 -ip 4944
1⤵
PID:1016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1568-154-0x0000000001060000-0x00000000013AA000-memory.dmp

Filesize
3.3MB

Download
memory/1796-148-0x00000000012A0000-0x00000000015EA000-memory.dmp

Filesize
3.3MB

Download
memory/1988-138-0x00000000015E0000-0x000000000192A000-memory.dmp

Filesize
3.3MB

Download
memory/2332-152-0x00000000019B0000-0x0000000001CFA000-memory.dmp

Filesize
3.3MB

Download
memory/2808-135-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2808-136-0x0000000001120000-0x000000000146A000-memory.dmp

Filesize
3.3MB

Download
memory/3316-156-0x00000000017C0000-0x0000000001B0A000-memory.dmp

Filesize
3.3MB

Download
memory/3512-160-0x0000000001A30000-0x0000000001D7A000-memory.dmp

Filesize
3.3MB

Download
memory/3664-134-0x0000000005870000-0x000000000590C000-memory.dmp

Filesize
624KB

Download
memory/3664-133-0x0000000000E40000-0x0000000000F30000-memory.dmp

Filesize
960KB

Download
memory/4084-144-0x00000000017A0000-0x0000000001AEA000-memory.dmp

Filesize
3.3MB

Download
memory/4184-146-0x0000000001440000-0x000000000178A000-memory.dmp

Filesize
3.3MB

Download
memory/4388-158-0x00000000013E0000-0x000000000172A000-memory.dmp

Filesize
3.3MB

Download
memory/4552-142-0x00000000011D0000-0x000000000151A000-memory.dmp

Filesize
3.3MB

Download
memory/4584-140-0x00000000019A0000-0x0000000001CEA000-memory.dmp

Filesize
3.3MB

Download
memory/4796-150-0x0000000001560000-0x00000000018AA000-memory.dmp

Filesize
3.3MB

Download