cd7f3e7bc9f55c0018b0db329c5fdaf13e2e295cf10eee13c8b580f47e871e1c

Analysis

max time kernel
31s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.exe
Size

4.7MB
MD5

7db918e235c3f239b6d99e68e8dac93c
SHA1

e6f607d356166edf3f044afd340845f5bf255d4c
SHA256

cd7f3e7bc9f55c0018b0db329c5fdaf13e2e295cf10eee13c8b580f47e871e1c
SHA512

7b2f0324605a5a13cd7e3a5b0729220ff7cfea336172aeca09b867053c9910c165e5d4f828939544bf0e007310ab122974edeab4c5d4cc626c914b789ec344f9
SSDEEP

98304:Q529odJEHJswzNf9edrWiAz7CTfE8LnOI07AViGY23+w482mjgWcH8o4dm8:AduH3f98C5vqy7lBg4Nmjg1H8o4dD

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
3948	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
1528	jsonstdapi.exe
2064	jsonstdapi.exe

Loads dropped DLL 3 IoCs

pid	Process
3948	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
3948	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
3948	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 51 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-K4M7R.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-0H9U8.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-LRVFM.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-0GQRK.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-MAIKV.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\stuff\is-4MJC0.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File opened for modification	C:\Program Files (x86)\JSON Stdandart API\jsonstdapi.exe	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-JV814.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File opened for modification	C:\Program Files (x86)\JSON Stdandart API\unins000.dat	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-2AHP4.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-BUK8B.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-74BPU.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-FJUL4.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-4CNAT.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-L8RB6.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\unins000.dat	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-2KCM8.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-UCEF6.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-H3DL9.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-8MM63.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-OEG58.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-A71ND.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\stuff\is-AGJ6C.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-JN2JF.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-LSNMI.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-VGT71.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-MS1RJ.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-OMLDQ.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-3NG67.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-HF50A.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-UBB15.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\stuff\is-VJAT9.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-NCTNL.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-N9E25.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\plugins\internal\is-OF9O6.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\stuff\is-CNE1F.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-RL9G2.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-GDRP5.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-UL3H0.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-5NBF0.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-1I051.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-7OM11.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\lessmsi\is-VSTMU.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-RJN95.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\is-U1D8K.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-G31LU.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-I8AR4.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-66RGM.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\plugins\internal\is-21E05.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\bin\x86\is-8NNTN.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
File created	C:\Program Files (x86)\JSON Stdandart API\is-LASB0.tmp	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp

Runs net.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3948	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 3948	2348	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.exe	17
PID 2348 wrote to memory of 3948	2348	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.exe	17
PID 2348 wrote to memory of 3948	2348	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.exe	17
PID 3948 wrote to memory of 1856	3948	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp	29
PID 3948 wrote to memory of 1856	3948	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp	29
PID 3948 wrote to memory of 1856	3948	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp	29
PID 3948 wrote to memory of 1528	3948	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp	25
PID 3948 wrote to memory of 1528	3948	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp	25
PID 3948 wrote to memory of 1528	3948	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp	25
PID 1856 wrote to memory of 3816	1856	net.exe	27
PID 1856 wrote to memory of 3816	1856	net.exe	27
PID 1856 wrote to memory of 3816	1856	net.exe	27
PID 3948 wrote to memory of 2064	3948	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp	26
PID 3948 wrote to memory of 2064	3948	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp	26
PID 3948 wrote to memory of 2064	3948	SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp	26

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Users\Admin\AppData\Local\Temp\is-2J7OU.tmp\SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-2J7OU.tmp\SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp" /SL5="$8011E,4660056,54272,C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3948
- - C:\Program Files (x86)\JSON Stdandart API\jsonstdapi.exe
    "C:\Program Files (x86)\JSON Stdandart API\jsonstdapi.exe" -i
    3⤵
    - Executes dropped EXE
    PID:1528
- - C:\Program Files (x86)\JSON Stdandart API\jsonstdapi.exe
    "C:\Program Files (x86)\JSON Stdandart API\jsonstdapi.exe" -s
    3⤵
    - Executes dropped EXE
    PID:2064
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\system32\net.exe" helpmsg 30
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1856

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 helpmsg 30
1⤵
PID:3816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-2J7OU.tmp\SecuriteInfo.com.Trojan-Dropper.Win32.Agent.12415.23003.tmp

Filesize
92KB

MD5
6a3dd53ba7c28000750f604133b072cc

SHA1
d0c20f11b02fbdce077bdd68520a78801c6f75d7

SHA256
b11b4b425f2b1f0469bcce0c308b91cc0fb955becd26f1fc26ec8c405f2f04e5

SHA512
465f90dff2170b5ae61fccf9538a9fb713d08cb521ce124c4dfe48b7a8e0ece8f84f09e61a59d0e5d88f451683bf1eb7af9a7c280a589cc1f6e07c1e73696514

Download Submit
memory/1528-129-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/1528-125-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/1528-126-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/1528-130-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-141-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-167-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-183-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-180-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-177-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-173-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-136-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-170-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-133-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-140-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-144-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-147-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-150-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-151-0x0000000002A10000-0x0000000002AB2000-memory.dmp

Filesize
648KB

Download
memory/2064-157-0x0000000002A10000-0x0000000002AB2000-memory.dmp

Filesize
648KB

Download
memory/2064-156-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-160-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-163-0x0000000000400000-0x0000000000591000-memory.dmp

Filesize
1.6MB

Download
memory/2064-164-0x0000000002A10000-0x0000000002AB2000-memory.dmp

Filesize
648KB

Download
memory/2348-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2348-134-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2348-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3948-137-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/3948-135-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/3948-10-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download