664f6d15f9e438c10f7ee9f7c257b1f26a40afef71773feae104d6d80cfa30ac

General

Target

SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe
Size

2.7MB
MD5

4c1ad2fbee9ea9dcc5bd6b32d9c53e3a
SHA1

70df3c1a7a43d1fa0918dde6bbe8ddc30b112b3a
SHA256

664f6d15f9e438c10f7ee9f7c257b1f26a40afef71773feae104d6d80cfa30ac
SHA512

f6951f30db0ea0d08788500b69be01ef465cf16c0849f7173b5770f9a9f493ed3729de54ad7a332ba242fca31947e3065da86f3757440bd068dfa9f6247b0621
SSDEEP

49152:rLLcZQrCPzysUwAhWXjjyZK/4J6qRys8V7RjCYLLoO6xMCUfdTfwfE:rUSCmsRA4XsNAq38V75CU4Uf28

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

pid	Process
4252	rundll32.exe
4252	rundll32.exe
3660	rundll32.exe
3660	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings	SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 4160	4728	SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe	82
PID 4728 wrote to memory of 4160	4728	SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe	82
PID 4728 wrote to memory of 4160	4728	SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe	82
PID 4160 wrote to memory of 4252	4160	control.exe	84
PID 4160 wrote to memory of 4252	4160	control.exe	84
PID 4160 wrote to memory of 4252	4160	control.exe	84
PID 4252 wrote to memory of 4280	4252	rundll32.exe	87
PID 4252 wrote to memory of 4280	4252	rundll32.exe	87
PID 4280 wrote to memory of 3660	4280	RunDll32.exe	88
PID 4280 wrote to memory of 3660	4280	RunDll32.exe	88
PID 4280 wrote to memory of 3660	4280	RunDll32.exe	88

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.InjectorX-gen.7339.2835.exe"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\H7UU.CPl",
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4160
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\H7UU.CPl",
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:4252
  - - C:\Windows\system32\RunDll32.exe
      C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\H7UU.CPl",
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4280
    - - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\H7UU.CPl",
        5⤵
        Loads dropped DLL
        
        PID:3660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\H7UU.CPl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
C:\Users\Admin\AppData\Local\Temp\h7uU.cpl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
C:\Users\Admin\AppData\Local\Temp\h7uU.cpl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
C:\Users\Admin\AppData\Local\Temp\h7uU.cpl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
C:\Users\Admin\AppData\Local\Temp\h7uU.cpl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
C:\Users\Admin\AppData\Local\Temp\h7uU.cpl

Filesize
2.2MB

MD5
8e23330a15bb6ac13c3965fe83946bd5

SHA1
b4a146453fcb2d69d995bce8e956fef66c1b68bf

SHA256
cda5fda41cbb92838011138eca0c0c123c4223c2c73eba52451311dcbcf81b4c

SHA512
27ca7a476b7eab9933c4285dd3464cd7582b8e873118f9584b20350c0d8411006b21c3a4772746bbaaa356d7f8e9911667d971bd72587835aad9e0e6fe1b2437

Download Submit
memory/3660-32-0x0000000002A60000-0x0000000002B41000-memory.dmp

Filesize
900KB

Download
memory/3660-29-0x0000000002A60000-0x0000000002B41000-memory.dmp

Filesize
900KB

Download
memory/3660-28-0x0000000002960000-0x0000000002A59000-memory.dmp

Filesize
996KB

Download
memory/3660-26-0x0000000002410000-0x0000000002639000-memory.dmp

Filesize
2.2MB

Download
memory/3660-25-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download
memory/3660-24-0x0000000002410000-0x0000000002639000-memory.dmp

Filesize
2.2MB

Download
memory/3660-33-0x0000000002A60000-0x0000000002B41000-memory.dmp

Filesize
900KB

Download
memory/4252-13-0x0000000002260000-0x0000000002266000-memory.dmp

Filesize
24KB

Download
memory/4252-21-0x0000000002CF0000-0x0000000002DD1000-memory.dmp

Filesize
900KB

Download
memory/4252-20-0x0000000002CF0000-0x0000000002DD1000-memory.dmp

Filesize
900KB

Download
memory/4252-17-0x0000000002CF0000-0x0000000002DD1000-memory.dmp

Filesize
900KB

Download
memory/4252-16-0x0000000002BF0000-0x0000000002CE9000-memory.dmp

Filesize
996KB

Download
memory/4252-14-0x00000000026A0000-0x00000000028C9000-memory.dmp

Filesize
2.2MB

Download
memory/4252-12-0x00000000026A0000-0x00000000028C9000-memory.dmp

Filesize
2.2MB

Download

Analysis

Sharing