7b1c50294a076221786aeaaa76237a02a25d61302c6fb797a203b01fcec973a2

Analysis

max time kernel
108s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
21/05/2023, 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Heuristic.HEUR.AGEN.1313961.12879.17745.exe
Size

7.7MB
MD5

180c8d6096cc9f6457dd5c4b3863d7f7
SHA1

c97a2dc7412b12bef8ef5ecc2795c7b3ce54f4e9
SHA256

7b1c50294a076221786aeaaa76237a02a25d61302c6fb797a203b01fcec973a2
SHA512

d89cdc0d1b02e86cb91b8ef644c0187ab6a3f0a14763885e4f8452a7cb93bbb059893a1f720a977550d2093a813dff94d9d829c2862c3999cf2e5adcde7882c6
SSDEEP

98304:8JbaVIJpUZ/AdzLsj/0ngsUtOuk6Ir2Qs3BSBDShyJiDt9/:82SmMsj8nwEukE5griDtZ

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
876	DesktopDocuments-ver8.1.9.4.exe

Loads dropped DLL 1 IoCs

pid	Process
2008	SecuriteInfo.com.Heuristic.HEUR.AGEN.1313961.12879.17745.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Windows\CurrentVersion\Run	SecuriteInfo.com.Heuristic.HEUR.AGEN.1313961.12879.17745.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Windows\CurrentVersion\Run\DesktopDocuments-ver8.1.9.4 = "C:\\ProgramData\\DesktopDocuments-ver8.1.9.4\\DesktopDocuments-ver8.1.9.4.exe"	SecuriteInfo.com.Heuristic.HEUR.AGEN.1313961.12879.17745.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 876	2008	SecuriteInfo.com.Heuristic.HEUR.AGEN.1313961.12879.17745.exe	28
PID 2008 wrote to memory of 876	2008	SecuriteInfo.com.Heuristic.HEUR.AGEN.1313961.12879.17745.exe	28
PID 2008 wrote to memory of 876	2008	SecuriteInfo.com.Heuristic.HEUR.AGEN.1313961.12879.17745.exe	28

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Heuristic.HEUR.AGEN.1313961.12879.17745.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Heuristic.HEUR.AGEN.1313961.12879.17745.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2008
- C:\ProgramData\DesktopDocuments-ver8.1.9.4\DesktopDocuments-ver8.1.9.4.exe
  C:\ProgramData\DesktopDocuments-ver8.1.9.4\DesktopDocuments-ver8.1.9.4.exe
  2⤵
  - Executes dropped EXE
  PID:876

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\DesktopDocuments-ver8.1.9.4\DesktopDocuments-ver8.1.9.4.exe

Filesize
757.7MB

MD5
054e5051810bbdf2cb346c144aebbe42

SHA1
b9ceaf9ed603b5266297169e3bff9b9d4dce8684

SHA256
702cbb3865056f81c6db6052b0ec941e3188b2a7c11e90353dc858eec85e1067

SHA512
60edc73d3b00cb7fc9b02daff275eb7f49caa0dff4457c20b7886595b95277b46ed711deec626b0949aa64b00893481af5dc1804c5b451f393c32e11fa6881d7

Download Submit
\ProgramData\DesktopDocuments-ver8.1.9.4\DesktopDocuments-ver8.1.9.4.exe

Filesize
757.7MB

MD5
054e5051810bbdf2cb346c144aebbe42

SHA1
b9ceaf9ed603b5266297169e3bff9b9d4dce8684

SHA256
702cbb3865056f81c6db6052b0ec941e3188b2a7c11e90353dc858eec85e1067

SHA512
60edc73d3b00cb7fc9b02daff275eb7f49caa0dff4457c20b7886595b95277b46ed711deec626b0949aa64b00893481af5dc1804c5b451f393c32e11fa6881d7

Download Submit
memory/876-62-0x000000013FAB0000-0x0000000140260000-memory.dmp

Filesize
7.7MB

Download
memory/2008-54-0x000000013FD10000-0x00000001404C0000-memory.dmp

Filesize
7.7MB

Download