Overview

overview

7

Static

static

3

SecuriteIn...99.exe

windows7-x64

5

SecuriteIn...99.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 14:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.MSIL.Crypt.19699.exe

  • Size

    681KB

  • MD5

    2c6646286a2e2682229fa060c1d16374

  • SHA1

    4b78d96b33e9da1a3f819d04945a6e20e26ff955

  • SHA256

    01f69aee0b89173efd74b9ab64b4f6b9a2f4810ec1778983d71ed4c8ed5824b7

  • SHA512

    f37fa9350e713a25c51d752870d63341c1486e01de5b8aff234ab294429443f072dbd41b6b1ffd9389cea7e70e62cf691a5a31ed5c47fe48bcfca881ae970e3b

  • SSDEEP

    12288:+Gk0OTKGZrQQE97YCdjhrZiVdO7KOviMIgtCG2PdgHodcp7iJ2gfpZlNK2dmbVCt:6VDzCdRZ7jggtCG2Pkn

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MSIL.Crypt.19699.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MSIL.Crypt.19699.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\wbpGajDkhWs.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2848
    • C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wbpGajDkhWs" /XML "C:\Users\Admin\AppData\Local\Temp\tmpA1CB.tmp"
      2⤵
      • Creates scheduled task(s)
      PID:2308
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MSIL.Crypt.19699.exe
      C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.MSIL.Crypt.19699.exe
      2⤵
        PID:2672

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\tmpA1CB.tmp
      Filesize

      1KB

      MD5

      531c827e3461e76b3d02fca82b259f62

      SHA1

      b7cc1f64f58846c768c771c86fcb63df43ca64aa

      SHA256

      c1fdc40de74c89cdf65b903c9e37653c6a922b6e8c35da6f5128ebe81452bc7c

      SHA512

      3d80a738ce378011feed41738dabf017e6b0b294e2f941ec3b03edd14fac1d9058f6bde04f853ab918b22293481c5b270512a906698532e36c3986554fcaa076

      Download Submit

    • memory/2400-23-0x000007FEF50D0000-0x000007FEF5ABC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2400-1-0x000007FEF50D0000-0x000007FEF5ABC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2400-2-0x0000000002410000-0x0000000002490000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2400-3-0x0000000000180000-0x000000000019A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2400-4-0x00000000001A0000-0x00000000001B2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2400-5-0x00000000001B0000-0x00000000001C0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2400-6-0x000000001BB80000-0x000000001BBEE000-memory.dmp

      Filesize

      440KB

      Download

    • memory/2400-7-0x000007FEF50D0000-0x000007FEF5ABC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2400-8-0x0000000002410000-0x0000000002490000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2400-0-0x000000013F5C0000-0x000000013F66E000-memory.dmp

      Filesize

      696KB

      Download

    • memory/2672-18-0x000007FFFFFD9000-0x000007FFFFFDA000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2848-22-0x00000000025D0000-0x00000000025D8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2848-20-0x000000001B290000-0x000000001B572000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2848-24-0x000007FEEC9C0000-0x000007FEED35D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2848-25-0x0000000002920000-0x00000000029A0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2848-26-0x000007FEEC9C0000-0x000007FEED35D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2848-27-0x0000000002920000-0x00000000029A0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2848-29-0x0000000002920000-0x00000000029A0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2848-30-0x000007FEEC9C0000-0x000007FEED35D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2848-28-0x0000000002920000-0x00000000029A0000-memory.dmp

      Filesize

      512KB

      Download