5bf3863bd0b4af59a4cdf9b9080b60c827cc19e368beae60ea3930adf12ddec0

Analysis

max time kernel
132s
max time network
136s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
30-06-2023 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
Size

12.1MB
MD5

0ef4e3af8936e03be74afa2395286301
SHA1

273dd0dde838b7878b2870c8a4e2f1fb0d91e6fd
SHA256

5bf3863bd0b4af59a4cdf9b9080b60c827cc19e368beae60ea3930adf12ddec0
SHA512

6938a111a124bc82d8d0576dc7769170974575ba2c545c53424a7285e6da242dc39f722920adfba88c472ba88313b6e0d682183a6fdb15df1ba98f5cf723c79a
SSDEEP

393216:nzbN0o5te8ZBAVVrXcC73WQGb7wWHeigBlRaJFLQM:nzhFlBAVVrXcCybM3gLQ

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe

pid	process
1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe

description pid process

Token: SeDebugPrivilege 1392 SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe

description	pid	process
Token: SeDebugPrivilege	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe

Suspicious use of WriteProcessMemory 40 IoCs

Processes:

SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  2⤵
  PID:1668
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  2⤵
  PID:1672
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  2⤵
  PID:2024
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  2⤵
  PID:1712
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  2⤵
  PID:1680
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  2⤵
  PID:924
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  2⤵
  PID:1944
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  2⤵
  PID:432
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  2⤵
  PID:2036
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
  2⤵
  PID:1348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1392-54-0x00000000000F0000-0x0000000000D0C000-memory.dmp

Filesize
12.1MB

Download
memory/1392-55-0x0000000001150000-0x0000000001190000-memory.dmp

Filesize
256KB

Download
memory/1392-56-0x0000000001150000-0x0000000001190000-memory.dmp

Filesize
256KB

Download
memory/1392-57-0x0000000006520000-0x0000000006624000-memory.dmp

Filesize
1.0MB

Download
memory/1392-58-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-59-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-61-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-63-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-67-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-65-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-69-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-71-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-73-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-75-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-77-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-79-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-81-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-83-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-85-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-89-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-87-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-91-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-95-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-93-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-99-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-97-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-103-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-101-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-105-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-107-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-111-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-109-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-113-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-115-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-117-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-119-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-121-0x0000000006520000-0x000000000661E000-memory.dmp

Filesize
1016KB

Download
memory/1392-1380-0x0000000004D30000-0x0000000004D9A000-memory.dmp

Filesize
424KB

Download
memory/1392-1381-0x00000000058A0000-0x00000000058EC000-memory.dmp

Filesize
304KB

Download
memory/1392-1382-0x0000000002A80000-0x0000000002A81000-memory.dmp

Filesize
4KB

Download

description	pid	process	target process
PID 1392 wrote to memory of 1668	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1668	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1668	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1668	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1672	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1672	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1672	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1672	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 2024	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 2024	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 2024	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 2024	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1712	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1712	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1712	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1712	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1680	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1680	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1680	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1680	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 924	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 924	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 924	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 924	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1944	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1944	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1944	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1944	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 432	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 432	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 432	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 432	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 2036	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 2036	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 2036	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 2036	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1348	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1348	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1348	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe
PID 1392 wrote to memory of 1348	1392	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe	SecuriteInfo.com.Win32.DropperX-gen.28420.31272.exe