5bf3863bd0b4af59a4cdf9b9080b60c827cc19e368beae60ea3930adf12ddec0

Analysis

max time kernel
111s
max time network
115s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
01-07-2023 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfocomWin32Dropp.exe
Size

12.1MB
MD5

0ef4e3af8936e03be74afa2395286301
SHA1

273dd0dde838b7878b2870c8a4e2f1fb0d91e6fd
SHA256

5bf3863bd0b4af59a4cdf9b9080b60c827cc19e368beae60ea3930adf12ddec0
SHA512

6938a111a124bc82d8d0576dc7769170974575ba2c545c53424a7285e6da242dc39f722920adfba88c472ba88313b6e0d682183a6fdb15df1ba98f5cf723c79a
SSDEEP

393216:nzbN0o5te8ZBAVVrXcC73WQGb7wWHeigBlRaJFLQM:nzhFlBAVVrXcCybM3gLQ

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1368	SecuriteInfocomWin32Dropp.exe
1368	SecuriteInfocomWin32Dropp.exe
1368	SecuriteInfocomWin32Dropp.exe
1368	SecuriteInfocomWin32Dropp.exe
1368	SecuriteInfocomWin32Dropp.exe
1368	SecuriteInfocomWin32Dropp.exe
1368	SecuriteInfocomWin32Dropp.exe
1368	SecuriteInfocomWin32Dropp.exe
1368	SecuriteInfocomWin32Dropp.exe
1368	SecuriteInfocomWin32Dropp.exe
1368	SecuriteInfocomWin32Dropp.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1368	SecuriteInfocomWin32Dropp.exe

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1952	1368	SecuriteInfocomWin32Dropp.exe	28
PID 1368 wrote to memory of 1952	1368	SecuriteInfocomWin32Dropp.exe	28
PID 1368 wrote to memory of 1952	1368	SecuriteInfocomWin32Dropp.exe	28
PID 1368 wrote to memory of 1952	1368	SecuriteInfocomWin32Dropp.exe	28
PID 1368 wrote to memory of 1220	1368	SecuriteInfocomWin32Dropp.exe	29
PID 1368 wrote to memory of 1220	1368	SecuriteInfocomWin32Dropp.exe	29
PID 1368 wrote to memory of 1220	1368	SecuriteInfocomWin32Dropp.exe	29
PID 1368 wrote to memory of 1220	1368	SecuriteInfocomWin32Dropp.exe	29
PID 1368 wrote to memory of 1712	1368	SecuriteInfocomWin32Dropp.exe	30
PID 1368 wrote to memory of 1712	1368	SecuriteInfocomWin32Dropp.exe	30
PID 1368 wrote to memory of 1712	1368	SecuriteInfocomWin32Dropp.exe	30
PID 1368 wrote to memory of 1712	1368	SecuriteInfocomWin32Dropp.exe	30
PID 1368 wrote to memory of 1688	1368	SecuriteInfocomWin32Dropp.exe	31
PID 1368 wrote to memory of 1688	1368	SecuriteInfocomWin32Dropp.exe	31
PID 1368 wrote to memory of 1688	1368	SecuriteInfocomWin32Dropp.exe	31
PID 1368 wrote to memory of 1688	1368	SecuriteInfocomWin32Dropp.exe	31
PID 1368 wrote to memory of 2012	1368	SecuriteInfocomWin32Dropp.exe	32
PID 1368 wrote to memory of 2012	1368	SecuriteInfocomWin32Dropp.exe	32
PID 1368 wrote to memory of 2012	1368	SecuriteInfocomWin32Dropp.exe	32
PID 1368 wrote to memory of 2012	1368	SecuriteInfocomWin32Dropp.exe	32
PID 1368 wrote to memory of 840	1368	SecuriteInfocomWin32Dropp.exe	33
PID 1368 wrote to memory of 840	1368	SecuriteInfocomWin32Dropp.exe	33
PID 1368 wrote to memory of 840	1368	SecuriteInfocomWin32Dropp.exe	33
PID 1368 wrote to memory of 840	1368	SecuriteInfocomWin32Dropp.exe	33
PID 1368 wrote to memory of 1924	1368	SecuriteInfocomWin32Dropp.exe	34
PID 1368 wrote to memory of 1924	1368	SecuriteInfocomWin32Dropp.exe	34
PID 1368 wrote to memory of 1924	1368	SecuriteInfocomWin32Dropp.exe	34
PID 1368 wrote to memory of 1924	1368	SecuriteInfocomWin32Dropp.exe	34
PID 1368 wrote to memory of 1048	1368	SecuriteInfocomWin32Dropp.exe	35
PID 1368 wrote to memory of 1048	1368	SecuriteInfocomWin32Dropp.exe	35
PID 1368 wrote to memory of 1048	1368	SecuriteInfocomWin32Dropp.exe	35
PID 1368 wrote to memory of 1048	1368	SecuriteInfocomWin32Dropp.exe	35
PID 1368 wrote to memory of 1768	1368	SecuriteInfocomWin32Dropp.exe	36
PID 1368 wrote to memory of 1768	1368	SecuriteInfocomWin32Dropp.exe	36
PID 1368 wrote to memory of 1768	1368	SecuriteInfocomWin32Dropp.exe	36
PID 1368 wrote to memory of 1768	1368	SecuriteInfocomWin32Dropp.exe	36
PID 1368 wrote to memory of 844	1368	SecuriteInfocomWin32Dropp.exe	37
PID 1368 wrote to memory of 844	1368	SecuriteInfocomWin32Dropp.exe	37
PID 1368 wrote to memory of 844	1368	SecuriteInfocomWin32Dropp.exe	37
PID 1368 wrote to memory of 844	1368	SecuriteInfocomWin32Dropp.exe	37

C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  2⤵
  PID:1952
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  2⤵
  PID:1220
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  2⤵
  PID:1712
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  2⤵
  PID:1688
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  2⤵
  PID:2012
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  2⤵
  PID:840
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  2⤵
  PID:1924
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  2⤵
  PID:1048
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  2⤵
  PID:1768
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfocomWin32Dropp.exe
  2⤵
  PID:844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1368-54-0x00000000001C0000-0x0000000000DDC000-memory.dmp

Filesize
12.1MB

Download
memory/1368-55-0x0000000004EA0000-0x0000000004EE0000-memory.dmp

Filesize
256KB

Download
memory/1368-56-0x0000000004EA0000-0x0000000004EE0000-memory.dmp

Filesize
256KB

Download
memory/1368-57-0x00000000064B0000-0x00000000065B4000-memory.dmp

Filesize
1.0MB

Download
memory/1368-58-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-59-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-61-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-63-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-65-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-67-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-69-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-71-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-73-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-75-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-77-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-79-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-81-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-83-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-85-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-87-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-89-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-91-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-93-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-95-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-97-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-99-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-101-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-103-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-105-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-107-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-109-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-111-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-113-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-115-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-117-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-119-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-121-0x00000000064B0000-0x00000000065AE000-memory.dmp

Filesize
1016KB

Download
memory/1368-1380-0x0000000000F90000-0x0000000000F91000-memory.dmp

Filesize
4KB

Download
memory/1368-1381-0x0000000002C00000-0x0000000002C6A000-memory.dmp

Filesize
424KB

Download
memory/1368-1382-0x0000000005B50000-0x0000000005B9C000-memory.dmp

Filesize
304KB

Download