ff6659a755191c8fd5e3ee078e1096107218e54dbcc976fe872f4fb66dde90d3

Analysis

max time kernel
122s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 04:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Program.Unwanted.4781.3655.26675.exe
Size

2.3MB
MD5

159c8d20114317a91ce7209103f3fb18
SHA1

a1674a9a4be1a658883aa4ed763d4db9439c7a89
SHA256

ff6659a755191c8fd5e3ee078e1096107218e54dbcc976fe872f4fb66dde90d3
SHA512

469c582dfe4a3c4998dd541e9c219447621e02469461cf5800a309bdb20d3c95038d55a23525400474a80ce4fceeb208e36917ed451e5e26c18c4e4b7f32818a
SSDEEP

49152:1/9QqosPzveZJqJmH6h5m8z0SZP/gb6FLMUSFAShAqCq4PBk0:d9TPz2ZJqJm18z0SZP/46FzlPBV

Score

6^/10

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 2 IoCs

pid	Process
2680	SecuriteInfo.com.Program.Unwanted.4781.3655.26675.exe
2680	SecuriteInfo.com.Program.Unwanted.4781.3655.26675.exe

Modifies system certificate store 2 TTPs 5 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	SecuriteInfo.com.Program.Unwanted.4781.3655.26675.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	SecuriteInfo.com.Program.Unwanted.4781.3655.26675.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	SecuriteInfo.com.Program.Unwanted.4781.3655.26675.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	SecuriteInfo.com.Program.Unwanted.4781.3655.26675.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	SecuriteInfo.com.Program.Unwanted.4781.3655.26675.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4781.3655.26675.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4781.3655.26675.exe"
1⤵
- Loads dropped DLL
- Modifies system certificate store
PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab9F7C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9F9E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0afe144e-d38f-4c04-9FEB-F570D6DB3EDE}\BackgroundProgressBar.jpg

Filesize
71KB

MD5
29700888b7ea41a1f463b61526a0241e

SHA1
33d2a6ef7bf057419d235a44e48c3b250404cb69

SHA256
bc49d3f7101fea836c1989393e1573a70e98af4a9984e6e8dfcab8c92e54eaf6

SHA512
50af8d2eedf71dbce6b0c5be8372154e71f5f91353d51aa23de20e36cc7b9113dea6a4b2fc0db58bbf4fbfba6c8745e60adc99192c32a8facf2050b1ac1c299a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0afe144e-d38f-4c04-9FEB-F570D6DB3EDE}\Binary.tmp

Filesize
772KB

MD5
b9cd7d15337dac99e9d5552308bba4e6

SHA1
c0613eba615e59161fea302fa97179786c70ee8e

SHA256
43e3134efd4fcefe161cba92bb8658a5bd1cc761839da95b700043bceeec1290

SHA512
042f5774196e69ede6d4ee20cdf2a27c05074f447b243caa14f202f060f3ae1609d24dd49a4236746991f3e825f5702855d6dcc763faa8cea40cc2a24dbf2650

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0afe144e-d38f-4c04-9FEB-F570D6DB3EDE}\Dialog.inf

Filesize
1KB

MD5
1166d190baa6eba1d18f82bba32733d5

SHA1
ca862d4dd8fdcf40b085dab0a1c79ea934bd64c0

SHA256
6f3d20f0a53766f96c69a1bdf4b3ced635a8b7cfe611670bcd5fff687122a380

SHA512
a04451a429623573aca466cd3eabdcd0c28631ba9c9efe39fea0d98cd832ce1b421bd7da46182bc3bb143c726373dbfa743bdf6e5325d0319c11823255bd03aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0afe144e-d38f-4c04-9FEB-F570D6DB3EDE}\Dialog.png

Filesize
4KB

MD5
de33be0ba2b7845352a41cc47f3b3be8

SHA1
02aa8dad616380dc9c2c7ba264579b8ff4f89f9b

SHA256
c43eb8bd105f71243c8a886a2b2704152da5022bf3544bcd4109ce54121905d1

SHA512
339e95c706ca7f4f208a7b8f0220ef48d3bf6efdab12b0945bd6509e78f3760a954eb30edd26b4f8290c65811e8aacd9deefe2667d3306ca1fac965a2f928784

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0afe144e-d38f-4c04-9FEB-F570D6DB3EDE}\EnglishUS.001

Filesize
5KB

MD5
d5ea71aa2b1d4cead79c0a2a06b6f508

SHA1
43de95efa716c1433d433201501130583751fb91

SHA256
e6241d4064e79845dd683d458884760aec06e59ad78360ac59f85392cbc94a4b

SHA512
49ee9deea564a90bad70b6ec09aff80ee36f156a90e082d9db6b3c4a63f8a2df821a33b7d1ba63611d7e01c44a498a85db5a91a13a7f3520402a10ead93acf72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0afe144e-d38f-4c04-9FEB-F570D6DB3EDE}\Neutral.001

Filesize
711KB

MD5
b018065519a80141e0bbda4b7f237eea

SHA1
d50f0e789b3cf5040a795385b947a72f5a8d61dd

SHA256
2b5eb4d0742550b9d8e119d269e2f74c1dad4e469edb90496edad04053afaf0b

SHA512
5d5431154fabf4b19d78bc688bcc416e4a66b9136a5bb03bb7f7509d6abb44f4235bfd304c3c42297436ad16c3dff02cb72c710420fcbda53fe10d5213e66ec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0afe144e-d38f-4c04-9FEB-F570D6DB3EDE}\NewUI.thm

Filesize
1KB

MD5
8fcbd3d93f09436d1c58d9a940d94644

SHA1
0f958673e39e021dd9c164aecc04f88d6b50aff5

SHA256
0f299e1df2d22d97c5665b6f8ea0d81050ce9525d345f29887d7a683f548a431

SHA512
07c893e2b2e86dd22d65aa8e6910c56d8d892975761ff8e1c0c5d89132e8975fd2fea9a1d23f7f6fece2cee91053dce94635bdb73ddddadba632bbb422c747f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0afe144e-d38f-4c04-9FEB-F570D6DB3EDE}\NewUI.tmp

Filesize
282KB

MD5
9d2605f51c53470213edb41a6816950c

SHA1
3048db0711bb080c6284fb4fa988b3544e70fa94

SHA256
60160212ba4e852879d1d70e7169b9bc00f9e8c67403b6f72596216602b8d0ba

SHA512
8e1ab527f6b76d99747738755b38cca6f4ee06dbbfe0d04f0fb868b736899e92f07d1292a818e1c6fe808da283655cbc2efcb10df69adfea147cb27143566227

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0afe144e-d38f-4c04-9FEB-F570D6DB3EDE}\ProgressBar.png

Filesize
3KB

MD5
a5a62f3bdf8abcb440e3942c5e5d9684

SHA1
daf1398c0e505fa24489c5e6c723a51930d4701f

SHA256
1ba12eba76e89e47dfa8b0102216c580a2b88978dad9b20c7c4c5da513528471

SHA512
244c7261560875e9ed0caf0e3307fa2219d2aed46066cfbad408e8f76551225bcac09ac73c945e1199efd502b312dc2e64789c3f0a50b7f5b79441e1efe1a8aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0afe144e-d38f-4c04-9FEB-F570D6DB3EDE}\button.png

Filesize
1KB

MD5
36bda24d7d33be593fb68bb2811ec9db

SHA1
ec1514448ef4c1584088541203cb2f360b69c463

SHA256
9c073d5d666040dd7eb50b12f6392e7a432c0d6ab7d05142e482a9dfe5228686

SHA512
013e3048fb51957b6dd62231d3fae0e2425658997ca20585565f1246401ad228d5efdbf9435b32c63bdcbe10b153be83f7909ca9e4c3c6451e8486ae6ecb87ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0afe144e-d38f-4c04-9FEB-F570D6DB3EDE}\setup.cfg

Filesize
80KB

MD5
8ff2231e6ae7173bf6f6c195bb4adb79

SHA1
db81a49a3bd16087dcd2ee7ba15142056419f309

SHA256
c26dd574019ce5c2b499c9d754fd366c8b971e2cc5b09ce31808cc9fb5c5287e

SHA512
ab0bce9683465448d3e5e57686ebcba1c52d2a3c8e47150dfc0eccec8f9222ec86f3ec56f3048b6b6532997a8f3047474a9e6144acfc341867e11ec2ab0e4697

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0afe144e-d38f-4c04-9FEB-F570D6DB3EDE}\slideshow.cab

Filesize
640KB

MD5
a3252e89121b9ad38f0f11ed4ff198c0

SHA1
fc20a2a6db675e36febae6adfd22c45d8d725ea3

SHA256
30afae91e067294c773e418d7b99485ffffd34518156fde79eb70ec91e943c46

SHA512
c58af70ae82759dde0674ec1053486dcafa593e4ad6e61338c0acffb37b4c80f3df42563c2c7b37eaa12aacef677caa83690745b58c283a0da863f8ce07e28a1

Download Submit
\Users\Admin\AppData\Local\Temp\{0afe144e-d38f-4c04-9FEB-F570D6DB3EDE}\EnglishUS.lng

Filesize
28KB

MD5
85a0f83356fd661fab0a296f69a5aa89

SHA1
0373caad007b28f48e59ce319fa64324fff54a36

SHA256
3dd902b1e778147f25bc511606665d669dcf63f5ee91f61fbe74479f9eb2d866

SHA512
81dd90fad5aaaf6c2a16a5dadbca4c75a45f674740e8e1c595927922d0bb31d3a35c56cec63dceb3bc418993e5c32e4e5015d49c357c0f5188e56ae04f1b9f28

Download Submit
\Users\Admin\AppData\Local\Temp\{0afe144e-d38f-4c04-9FEB-F570D6DB3EDE}\NewUI.dll

Filesize
475KB

MD5
69ae2c900632af2437786c7d65504667

SHA1
7c7cb3ec6aa1aa0d1d8b3b213c85fb510b38a663

SHA256
05f85ff76f8bb96424c0df7378661c3c1349f0de393ac7ff9c87b2779366c1d6

SHA512
e4842cf29a7fc9fa5f3b9bb06824e19a834603918aec4799cef44b0a77460f62f00cc44ebe4196f160306ce934c9b6dce396857a2a5f466bd8c2fd9bb590827f

Download Submit