7647574b1d788d2912ff03fc949d8be3567217c4fc04832ac02deb2777e68905

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
12/11/2023, 13:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.BScope.Trojan.Downloader.5816.exe
Size

4.9MB
MD5

c454fe8e2691de3d7ffed3db180ffb57
SHA1

9127fcf60633441cd21a628f6b5c8cc9bec1321d
SHA256

7647574b1d788d2912ff03fc949d8be3567217c4fc04832ac02deb2777e68905
SHA512

c57ef163612e968b5242e70266fbcf994d1f90bfbc089687e5e8cd5b71675866e81d058aeb19d856128f5393429e3865b7b6847d10e62a4a48390e720b6825c9
SSDEEP

98304:e462yEgfFhs5yNup/w2zYyieOF2DI+5tUBQiH/kdqtRAP4Z0rLS1DfJGCyH:SEgfFMNBOF2ce+Q2/fiPs0r6DBG5H

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2812	SecuriteInfo.com.BScope.Trojan.Downloader.5816.tmp

Loads dropped DLL 3 IoCs

pid	Process
812	SecuriteInfo.com.BScope.Trojan.Downloader.5816.exe
2812	SecuriteInfo.com.BScope.Trojan.Downloader.5816.tmp
2812	SecuriteInfo.com.BScope.Trojan.Downloader.5816.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 812 wrote to memory of 2812	812	SecuriteInfo.com.BScope.Trojan.Downloader.5816.exe	28
PID 812 wrote to memory of 2812	812	SecuriteInfo.com.BScope.Trojan.Downloader.5816.exe	28
PID 812 wrote to memory of 2812	812	SecuriteInfo.com.BScope.Trojan.Downloader.5816.exe	28
PID 812 wrote to memory of 2812	812	SecuriteInfo.com.BScope.Trojan.Downloader.5816.exe	28
PID 812 wrote to memory of 2812	812	SecuriteInfo.com.BScope.Trojan.Downloader.5816.exe	28
PID 812 wrote to memory of 2812	812	SecuriteInfo.com.BScope.Trojan.Downloader.5816.exe	28
PID 812 wrote to memory of 2812	812	SecuriteInfo.com.BScope.Trojan.Downloader.5816.exe	28

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BScope.Trojan.Downloader.5816.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BScope.Trojan.Downloader.5816.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:812
- C:\Users\Admin\AppData\Local\Temp\is-Q160D.tmp\SecuriteInfo.com.BScope.Trojan.Downloader.5816.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-Q160D.tmp\SecuriteInfo.com.BScope.Trojan.Downloader.5816.tmp" /SL5="$4014C,4859300,53248,C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BScope.Trojan.Downloader.5816.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-Q160D.tmp\SecuriteInfo.com.BScope.Trojan.Downloader.5816.tmp

Filesize
669KB

MD5
9e348e107d6142976076f932cfa6b8f9

SHA1
88764d272dd79db1b8f9852f61f14b56d2aaa3dd

SHA256
cec520fea60581e6cdebd5cc0af8b7bf2def78f5a7d1d8530cdf8662816e2d41

SHA512
675345304e1e3f25846a96a470848b5b8cfaf99bd4114e01e5b0ae880bc3f9acbec825b6fb1e31f098f07b12951bc27d0453aa3a4796691b5f1b1583b0373439

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-Q160D.tmp\SecuriteInfo.com.BScope.Trojan.Downloader.5816.tmp

Filesize
669KB

MD5
9e348e107d6142976076f932cfa6b8f9

SHA1
88764d272dd79db1b8f9852f61f14b56d2aaa3dd

SHA256
cec520fea60581e6cdebd5cc0af8b7bf2def78f5a7d1d8530cdf8662816e2d41

SHA512
675345304e1e3f25846a96a470848b5b8cfaf99bd4114e01e5b0ae880bc3f9acbec825b6fb1e31f098f07b12951bc27d0453aa3a4796691b5f1b1583b0373439

Download Submit
\Users\Admin\AppData\Local\Temp\is-D1CD7.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-D1CD7.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-Q160D.tmp\SecuriteInfo.com.BScope.Trojan.Downloader.5816.tmp

Filesize
669KB

MD5
9e348e107d6142976076f932cfa6b8f9

SHA1
88764d272dd79db1b8f9852f61f14b56d2aaa3dd

SHA256
cec520fea60581e6cdebd5cc0af8b7bf2def78f5a7d1d8530cdf8662816e2d41

SHA512
675345304e1e3f25846a96a470848b5b8cfaf99bd4114e01e5b0ae880bc3f9acbec825b6fb1e31f098f07b12951bc27d0453aa3a4796691b5f1b1583b0373439

Download Submit
memory/812-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/812-20-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2812-7-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2812-19-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads