64119e925a2c5fe96481a18acdab674856490be0a3051e5e4508ac20a83ad42e

Analysis

max time kernel
118s
max time network
132s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.Evo-gen.2912.6588.exe
Size

2.2MB
MD5

129b84fb7ad6599bc881360d512e827d
SHA1

169f4d51483e450281dc198e9d9b3b20e3896063
SHA256

64119e925a2c5fe96481a18acdab674856490be0a3051e5e4508ac20a83ad42e
SHA512

cdaf9c92f76de85afc2cd850b9d10ac0546180b76df90fa47fc1bf7e991af43cc9c11041d01ccf5d44fafcce0ce174331e8221b503e4be90df7af813bb694075
SSDEEP

49152:ufdrf4AJ8DGUehMBNBSHnbaG4XWEucbfntpvSCD7EJ9Q:OrZ2GBhoNBscXducbfbZZ

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2360	rundll32.exe
2360	rundll32.exe
2360	rundll32.exe
2360	rundll32.exe
2540	rundll32.exe
2540	rundll32.exe
2540	rundll32.exe
2540	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2692	2076	SecuriteInfo.com.Win32.Evo-gen.2912.6588.exe	28
PID 2076 wrote to memory of 2692	2076	SecuriteInfo.com.Win32.Evo-gen.2912.6588.exe	28
PID 2076 wrote to memory of 2692	2076	SecuriteInfo.com.Win32.Evo-gen.2912.6588.exe	28
PID 2076 wrote to memory of 2692	2076	SecuriteInfo.com.Win32.Evo-gen.2912.6588.exe	28
PID 2692 wrote to memory of 2140	2692	cmd.exe	30
PID 2692 wrote to memory of 2140	2692	cmd.exe	30
PID 2692 wrote to memory of 2140	2692	cmd.exe	30
PID 2692 wrote to memory of 2140	2692	cmd.exe	30
PID 2140 wrote to memory of 2360	2140	control.exe	31
PID 2140 wrote to memory of 2360	2140	control.exe	31
PID 2140 wrote to memory of 2360	2140	control.exe	31
PID 2140 wrote to memory of 2360	2140	control.exe	31
PID 2140 wrote to memory of 2360	2140	control.exe	31
PID 2140 wrote to memory of 2360	2140	control.exe	31
PID 2140 wrote to memory of 2360	2140	control.exe	31
PID 2360 wrote to memory of 2668	2360	rundll32.exe	34
PID 2360 wrote to memory of 2668	2360	rundll32.exe	34
PID 2360 wrote to memory of 2668	2360	rundll32.exe	34
PID 2360 wrote to memory of 2668	2360	rundll32.exe	34
PID 2668 wrote to memory of 2540	2668	RunDll32.exe	35
PID 2668 wrote to memory of 2540	2668	RunDll32.exe	35
PID 2668 wrote to memory of 2540	2668	RunDll32.exe	35
PID 2668 wrote to memory of 2540	2668	RunDll32.exe	35
PID 2668 wrote to memory of 2540	2668	RunDll32.exe	35
PID 2668 wrote to memory of 2540	2668	RunDll32.exe	35
PID 2668 wrote to memory of 2540	2668	RunDll32.exe	35

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.2912.6588.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.2912.6588.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\LI5VOZAn.BAT
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Windows\SysWOW64\control.exe
    cOntROL "C:\Users\Admin\AppData\Local\Temp\7zSC1878A76\ZMEpN.5"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2140
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSC1878A76\ZMEpN.5"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2360
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zSC1878A76\ZMEpN.5"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2668
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zSC1878A76\ZMEpN.5"
        6⤵
        Loads dropped DLL
        
        PID:2540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSC1878A76\LI5VOzAn.bat

Filesize
27B

MD5
374272bf91dac4bcbf580623bba12e65

SHA1
e4e3261153e2da2405cf95d6cba80aa82c6e411a

SHA256
148e3ddb434fdf0aae295c4774d01e7ab0ee8e16ca2e31a88d8bd9ce5a9bde8c

SHA512
357ed726b9a1747ab63fc711bf87bcded6f87c5d1e8988309250d05b3f117ce092234feb80c47c0a5e15a41afde26a9773f5d03b839d8f05b4134670a4bbc39d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC1878A76\LI5VOzAn.bat

Filesize
27B

MD5
374272bf91dac4bcbf580623bba12e65

SHA1
e4e3261153e2da2405cf95d6cba80aa82c6e411a

SHA256
148e3ddb434fdf0aae295c4774d01e7ab0ee8e16ca2e31a88d8bd9ce5a9bde8c

SHA512
357ed726b9a1747ab63fc711bf87bcded6f87c5d1e8988309250d05b3f117ce092234feb80c47c0a5e15a41afde26a9773f5d03b839d8f05b4134670a4bbc39d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC1878A76\ZMEpN.5

Filesize
2.3MB

MD5
1793a376ca1fed61015affe8439c1b82

SHA1
099a4efb1a45ba6f48fed38c4303b862fb8f9dd4

SHA256
e01db8b3a4b8be201206de49e6c386ca4043a8cfe3933cf1a30cae8e291fa03a

SHA512
8c0a7acdcb16c8634bb42f04524d9231d74545f6600f1ac3bdd329242fa0ae0d9708e2b2de878c0d7e60f4cc9a313b33ff8bc4c317d58495e6e31b298569b8b6

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1878A76\Zmepn.5

Filesize
2.3MB

MD5
1793a376ca1fed61015affe8439c1b82

SHA1
099a4efb1a45ba6f48fed38c4303b862fb8f9dd4

SHA256
e01db8b3a4b8be201206de49e6c386ca4043a8cfe3933cf1a30cae8e291fa03a

SHA512
8c0a7acdcb16c8634bb42f04524d9231d74545f6600f1ac3bdd329242fa0ae0d9708e2b2de878c0d7e60f4cc9a313b33ff8bc4c317d58495e6e31b298569b8b6

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1878A76\Zmepn.5

Filesize
2.3MB

MD5
1793a376ca1fed61015affe8439c1b82

SHA1
099a4efb1a45ba6f48fed38c4303b862fb8f9dd4

SHA256
e01db8b3a4b8be201206de49e6c386ca4043a8cfe3933cf1a30cae8e291fa03a

SHA512
8c0a7acdcb16c8634bb42f04524d9231d74545f6600f1ac3bdd329242fa0ae0d9708e2b2de878c0d7e60f4cc9a313b33ff8bc4c317d58495e6e31b298569b8b6

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1878A76\Zmepn.5

Filesize
2.3MB

MD5
1793a376ca1fed61015affe8439c1b82

SHA1
099a4efb1a45ba6f48fed38c4303b862fb8f9dd4

SHA256
e01db8b3a4b8be201206de49e6c386ca4043a8cfe3933cf1a30cae8e291fa03a

SHA512
8c0a7acdcb16c8634bb42f04524d9231d74545f6600f1ac3bdd329242fa0ae0d9708e2b2de878c0d7e60f4cc9a313b33ff8bc4c317d58495e6e31b298569b8b6

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1878A76\Zmepn.5

Filesize
2.3MB

MD5
1793a376ca1fed61015affe8439c1b82

SHA1
099a4efb1a45ba6f48fed38c4303b862fb8f9dd4

SHA256
e01db8b3a4b8be201206de49e6c386ca4043a8cfe3933cf1a30cae8e291fa03a

SHA512
8c0a7acdcb16c8634bb42f04524d9231d74545f6600f1ac3bdd329242fa0ae0d9708e2b2de878c0d7e60f4cc9a313b33ff8bc4c317d58495e6e31b298569b8b6

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1878A76\Zmepn.5

Filesize
2.3MB

MD5
1793a376ca1fed61015affe8439c1b82

SHA1
099a4efb1a45ba6f48fed38c4303b862fb8f9dd4

SHA256
e01db8b3a4b8be201206de49e6c386ca4043a8cfe3933cf1a30cae8e291fa03a

SHA512
8c0a7acdcb16c8634bb42f04524d9231d74545f6600f1ac3bdd329242fa0ae0d9708e2b2de878c0d7e60f4cc9a313b33ff8bc4c317d58495e6e31b298569b8b6

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1878A76\Zmepn.5

Filesize
2.3MB

MD5
1793a376ca1fed61015affe8439c1b82

SHA1
099a4efb1a45ba6f48fed38c4303b862fb8f9dd4

SHA256
e01db8b3a4b8be201206de49e6c386ca4043a8cfe3933cf1a30cae8e291fa03a

SHA512
8c0a7acdcb16c8634bb42f04524d9231d74545f6600f1ac3bdd329242fa0ae0d9708e2b2de878c0d7e60f4cc9a313b33ff8bc4c317d58495e6e31b298569b8b6

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1878A76\Zmepn.5

Filesize
2.3MB

MD5
1793a376ca1fed61015affe8439c1b82

SHA1
099a4efb1a45ba6f48fed38c4303b862fb8f9dd4

SHA256
e01db8b3a4b8be201206de49e6c386ca4043a8cfe3933cf1a30cae8e291fa03a

SHA512
8c0a7acdcb16c8634bb42f04524d9231d74545f6600f1ac3bdd329242fa0ae0d9708e2b2de878c0d7e60f4cc9a313b33ff8bc4c317d58495e6e31b298569b8b6

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1878A76\Zmepn.5

Filesize
2.3MB

MD5
1793a376ca1fed61015affe8439c1b82

SHA1
099a4efb1a45ba6f48fed38c4303b862fb8f9dd4

SHA256
e01db8b3a4b8be201206de49e6c386ca4043a8cfe3933cf1a30cae8e291fa03a

SHA512
8c0a7acdcb16c8634bb42f04524d9231d74545f6600f1ac3bdd329242fa0ae0d9708e2b2de878c0d7e60f4cc9a313b33ff8bc4c317d58495e6e31b298569b8b6

Download Submit
memory/2360-26-0x00000000026C0000-0x00000000027BC000-memory.dmp

Filesize
1008KB

Download
memory/2360-27-0x00000000026C0000-0x00000000027BC000-memory.dmp

Filesize
1008KB

Download
memory/2360-23-0x00000000026C0000-0x00000000027BC000-memory.dmp

Filesize
1008KB

Download
memory/2360-22-0x00000000025A0000-0x00000000026B9000-memory.dmp

Filesize
1.1MB

Download
memory/2360-17-0x0000000010000000-0x0000000010243000-memory.dmp

Filesize
2.3MB

Download
memory/2360-16-0x0000000000100000-0x0000000000106000-memory.dmp

Filesize
24KB

Download
memory/2540-32-0x00000000000C0000-0x00000000000C6000-memory.dmp

Filesize
24KB

Download
memory/2540-38-0x0000000001E70000-0x0000000001F89000-memory.dmp

Filesize
1.1MB

Download
memory/2540-39-0x00000000026A0000-0x000000000279C000-memory.dmp

Filesize
1008KB

Download
memory/2540-42-0x00000000026A0000-0x000000000279C000-memory.dmp

Filesize
1008KB

Download
memory/2540-43-0x00000000026A0000-0x000000000279C000-memory.dmp

Filesize
1008KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads