f72ee83436cb1f82366bfaafb14a4c0cb99826c02166fc0bd21fb6e7eb5190c6

Resubmissions

17/02/2024, 15:22

240217-ssaymsgb5v 10

17/02/2024, 08:25

240217-kbabsacg8w 4

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
17/02/2024, 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Adware.Downware.20091.25676.15900.exe
Size

1.7MB
MD5

68a70ef9d99e94926e7231e00e136890
SHA1

5486bb9e8ad619d60e627efb13b1eb474a47c94f
SHA256

f72ee83436cb1f82366bfaafb14a4c0cb99826c02166fc0bd21fb6e7eb5190c6
SHA512

f5b55a4b05ce5598b2997625a659c24ba9b3f6f6bf27da02b2dab07384e062761de906b3c41abb77dd60cfe8dcd6b680ae3595249b046d713ae671b3edabff7c
SSDEEP

24576:O7FUDowAyrTVE3U5FFdj79NTMazaDNfBFLDnDoxJlPWZ67Po6EFd1it8OgqL7X:OBuZrEUz9NwazalBVsPWU7Po6Z8/qL

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2140	SecuriteInfo.com.Adware.Downware.20091.25676.15900.tmp

Loads dropped DLL 2 IoCs

pid	Process
2140	SecuriteInfo.com.Adware.Downware.20091.25676.15900.tmp
2140	SecuriteInfo.com.Adware.Downware.20091.25676.15900.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	8	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3672 wrote to memory of 2140	3672	SecuriteInfo.com.Adware.Downware.20091.25676.15900.exe	84
PID 3672 wrote to memory of 2140	3672	SecuriteInfo.com.Adware.Downware.20091.25676.15900.exe	84
PID 3672 wrote to memory of 2140	3672	SecuriteInfo.com.Adware.Downware.20091.25676.15900.exe	84

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Adware.Downware.20091.25676.15900.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Adware.Downware.20091.25676.15900.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3672
- C:\Users\Admin\AppData\Local\Temp\is-T7A1M.tmp\SecuriteInfo.com.Adware.Downware.20091.25676.15900.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-T7A1M.tmp\SecuriteInfo.com.Adware.Downware.20091.25676.15900.tmp" /SL5="$70178,875149,815616,C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Adware.Downware.20091.25676.15900.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-CI6MC.tmp\Logo.png

Filesize
7KB

MD5
5424804c80db74e1304535141a5392c6

SHA1
6d749f3b59672b0c243690811ec3240ff2eced8e

SHA256
9b7e2ea77e518b50e5dd78e0faec509e791949a7c7f360a967c9ee204a8f1412

SHA512
6c7364b9693ce9cbbdbca60ecef3911dfe3d2d836252d7650d34506d2aa41fc5892028ba93f2619caf7edb06576fddae7e5f91f5844b5c3a47f54ca39f84cc6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CI6MC.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CI6MC.tmp\uTorrent.png

Filesize
9KB

MD5
cd3f5b72f3ecc90e946a38e3822b1d99

SHA1
901af8f4017dc55438b7fca85049039a8aefc136

SHA256
f3eca5d467e45c741e9a072aff31bba4db5e91713631dbc4b735a6032fef43e7

SHA512
ca61fca0b5dafd6fbd8f36fb1e524907bc29350226a7f2e4a22f0f563eb2e8c9cd90fe5e413df379d0aa2fd3a0817ade7bba03a2a07a2559ace9404d31275889

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T7A1M.tmp\SecuriteInfo.com.Adware.Downware.20091.25676.15900.tmp

Filesize
3.0MB

MD5
ea05563cc277258f747f1de0f7a7a740

SHA1
1e01ba7aa914ff64b3d860ecc7b98c1f575f5f2b

SHA256
e1f87b525e1381dbbdda258581d078664acf90de2211df88e543233112be900a

SHA512
7c9baa27e48088183e55352444e41e388dfc74751c1790c0bcaf2e97c9a5ad37c95265061bd6922d9ca1d26390c76e0688d4281b90465ec485a8e42da0f2dbbb

Download Submit
memory/2140-5-0x0000000002800000-0x0000000002801000-memory.dmp

Filesize
4KB

Download
memory/2140-16-0x00000000052E0000-0x00000000052EF000-memory.dmp

Filesize
60KB

Download
memory/2140-27-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/2140-28-0x00000000052E0000-0x00000000052EF000-memory.dmp

Filesize
60KB

Download
memory/2140-32-0x0000000002800000-0x0000000002801000-memory.dmp

Filesize
4KB

Download
memory/3672-0-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/3672-26-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download