664f6d15f9e438c10f7ee9f7c257b1f26a40afef71773feae104d6d80cfa30ac

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
26-08-2023 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe
Size

2.7MB
MD5

4c1ad2fbee9ea9dcc5bd6b32d9c53e3a
SHA1

70df3c1a7a43d1fa0918dde6bbe8ddc30b112b3a
SHA256

664f6d15f9e438c10f7ee9f7c257b1f26a40afef71773feae104d6d80cfa30ac
SHA512

f6951f30db0ea0d08788500b69be01ef465cf16c0849f7173b5770f9a9f493ed3729de54ad7a332ba242fca31947e3065da86f3757440bd068dfa9f6247b0621
SSDEEP

49152:rLLcZQrCPzysUwAhWXjjyZK/4J6qRys8V7RjCYLLoO6xMCUfdTfwfE:rUSCmsRA4XsNAq38V75CU4Uf28

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
1892	rundll32.exe
1892	rundll32.exe
1892	rundll32.exe
1892	rundll32.exe
1540	rundll32.exe
1540	rundll32.exe
1540	rundll32.exe
1540	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 1656	1112	SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe	28
PID 1112 wrote to memory of 1656	1112	SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe	28
PID 1112 wrote to memory of 1656	1112	SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe	28
PID 1112 wrote to memory of 1656	1112	SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe	28
PID 1656 wrote to memory of 1892	1656	control.exe	29
PID 1656 wrote to memory of 1892	1656	control.exe	29
PID 1656 wrote to memory of 1892	1656	control.exe	29
PID 1656 wrote to memory of 1892	1656	control.exe	29
PID 1656 wrote to memory of 1892	1656	control.exe	29
PID 1656 wrote to memory of 1892	1656	control.exe	29
PID 1656 wrote to memory of 1892	1656	control.exe	29
PID 1892 wrote to memory of 2416	1892	rundll32.exe	30
PID 1892 wrote to memory of 2416	1892	rundll32.exe	30
PID 1892 wrote to memory of 2416	1892	rundll32.exe	30
PID 1892 wrote to memory of 2416	1892	rundll32.exe	30
PID 2416 wrote to memory of 1540	2416	RunDll32.exe	31
PID 2416 wrote to memory of 1540	2416	RunDll32.exe	31
PID 2416 wrote to memory of 1540	2416	RunDll32.exe	31
PID 2416 wrote to memory of 1540	2416	RunDll32.exe	31
PID 2416 wrote to memory of 1540	2416	RunDll32.exe	31
PID 2416 wrote to memory of 1540	2416	RunDll32.exe	31
PID 2416 wrote to memory of 1540	2416	RunDll32.exe	31

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\H7UU.CPl",
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1656
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\H7UU.CPl",
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1892
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\H7UU.CPl",
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2416
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\H7UU.CPl",
        5⤵
        Loads dropped DLL
        
        PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\H7UU.CPl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
\Users\Admin\AppData\Local\Temp\h7uU.cpl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
\Users\Admin\AppData\Local\Temp\h7uU.cpl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
\Users\Admin\AppData\Local\Temp\h7uU.cpl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
\Users\Admin\AppData\Local\Temp\h7uU.cpl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
\Users\Admin\AppData\Local\Temp\h7uU.cpl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
\Users\Admin\AppData\Local\Temp\h7uU.cpl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
\Users\Admin\AppData\Local\Temp\h7uU.cpl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
\Users\Admin\AppData\Local\Temp\h7uU.cpl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
memory/1540-23-0x0000000002500000-0x0000000002729000-memory.dmp

Filesize
2.2MB

Download
memory/1540-26-0x0000000002000000-0x00000000020F9000-memory.dmp

Filesize
996KB

Download
memory/1540-31-0x0000000002100000-0x00000000021E1000-memory.dmp

Filesize
900KB

Download
memory/1540-30-0x0000000002100000-0x00000000021E1000-memory.dmp

Filesize
900KB

Download
memory/1540-27-0x0000000002100000-0x00000000021E1000-memory.dmp

Filesize
900KB

Download
memory/1540-24-0x0000000000140000-0x0000000000146000-memory.dmp

Filesize
24KB

Download
memory/1540-22-0x0000000002500000-0x0000000002729000-memory.dmp

Filesize
2.2MB

Download
memory/1892-10-0x00000000023B0000-0x00000000025D9000-memory.dmp

Filesize
2.2MB

Download
memory/1892-9-0x0000000000180000-0x0000000000186000-memory.dmp

Filesize
24KB

Download
memory/1892-8-0x00000000023B0000-0x00000000025D9000-memory.dmp

Filesize
2.2MB

Download
memory/1892-16-0x0000000001FB0000-0x0000000002091000-memory.dmp

Filesize
900KB

Download
memory/1892-12-0x0000000001EB0000-0x0000000001FA9000-memory.dmp

Filesize
996KB

Download
memory/1892-13-0x0000000001FB0000-0x0000000002091000-memory.dmp

Filesize
900KB

Download
memory/1892-17-0x0000000001FB0000-0x0000000002091000-memory.dmp

Filesize
900KB

Download
memory/1892-32-0x0000000000180000-0x0000000000186000-memory.dmp

Filesize
24KB

Download