1f2f38766e7ed058845430f9a50b1e5a924632a248570b5d34be000633ed7165

Analysis

max time kernel
141s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.Dorv.20162.exe
Size

2.6MB
MD5

cae45149321a94c1677620f539b48642
SHA1

a3a325b4cb8ac5420c9dc9718ffebc6eead74bc3
SHA256

1f2f38766e7ed058845430f9a50b1e5a924632a248570b5d34be000633ed7165
SHA512

5e293869fbad31892805ac72d7051573edee1432151bde2aacbac5f605a7a14bf413f219d9d998caf062a40f6f658c87c938fcb0c31a7d326a72634f20e2a8c7
SSDEEP

49152:ZPU92dMYNc70530EXdURjcerptI2LkvBMsbgOacKkgHc8pN:uQ2YNc70URwkpCSLsbGPPN

Score

7^/10

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000600000002320e-20.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
4840	SecuriteInfo.com.Trojan.Dorv.20162.tmp

Loads dropped DLL 4 IoCs

pid	Process
4840	SecuriteInfo.com.Trojan.Dorv.20162.tmp
4840	SecuriteInfo.com.Trojan.Dorv.20162.tmp
4840	SecuriteInfo.com.Trojan.Dorv.20162.tmp
4840	SecuriteInfo.com.Trojan.Dorv.20162.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4840	SecuriteInfo.com.Trojan.Dorv.20162.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 4840	3208	SecuriteInfo.com.Trojan.Dorv.20162.exe	83
PID 3208 wrote to memory of 4840	3208	SecuriteInfo.com.Trojan.Dorv.20162.exe	83
PID 3208 wrote to memory of 4840	3208	SecuriteInfo.com.Trojan.Dorv.20162.exe	83

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Dorv.20162.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Dorv.20162.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Users\Admin\AppData\Local\Temp\is-NI5OP.tmp\SecuriteInfo.com.Trojan.Dorv.20162.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-NI5OP.tmp\SecuriteInfo.com.Trojan.Dorv.20162.tmp" /SL5="$50118,2218981,139776,C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Dorv.20162.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:4840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-NI5OP.tmp\SecuriteInfo.com.Trojan.Dorv.20162.tmp

Filesize
1.2MB

MD5
30625d674945acbe08c37dd26a6d04c2

SHA1
356012b1562ab8509c68d82197b7016f0029d192

SHA256
b9523e92d20b8279560405b6c931048bba529bab102202a53d1216e360ef45f2

SHA512
d33c7d59353b9538187c8cf4b274ee9ac3c886fd16c3e61ec8b417de8e59d39d44c9def3fd88c725e6e85dfa822837aa52597b55c39cd023924bae1dcd1ce5a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SOGBC.tmp\ItDownload.dll

Filesize
200KB

MD5
d82a429efd885ca0f324dd92afb6b7b8

SHA1
86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

SHA256
b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

SHA512
5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SOGBC.tmp\WaterLib.dll

Filesize
123KB

MD5
b4ae1b26b68545a823f067738a6877f9

SHA1
a90a812cac906afb2fbe2a400746de67c845ecb0

SHA256
57ec9023fddd0e0dedffc93bae937442eebd648a4d14383b22fb1a787582cbbc

SHA512
64b6e3ac5eba6231dabe61b73feb8bbeb2015cf871858aa0163fbc84b41912f8453aa16d6939f4d82f235929dbe333c5534965ceb2c83c67720f5f336ca3ccef

Download Submit
memory/3208-2-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3208-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3208-31-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4840-35-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/4840-44-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-25-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-30-0x00000000063D0000-0x00000000063D1000-memory.dmp

Filesize
4KB

Download
memory/4840-16-0x0000000003440000-0x000000000347C000-memory.dmp

Filesize
240KB

Download
memory/4840-32-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/4840-34-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-33-0x0000000003440000-0x000000000347C000-memory.dmp

Filesize
240KB

Download
memory/4840-7-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/4840-39-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-40-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-26-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-48-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-52-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-56-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-60-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-64-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-68-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-72-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-76-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-80-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-84-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download
memory/4840-88-0x0000000006170000-0x00000000061C7000-memory.dmp

Filesize
348KB

Download