Overview

overview

3

Static

static

1

SecuriteIn...58.exe

windows7-x64

1

SecuriteIn...58.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-02-2024 22:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan-Downloader.Win64.Rugmi.15694.558.exe

  • Size

    3.8MB

  • MD5

    bae9a139a2062c3e3b42c9c6845ce252

  • SHA1

    d8996c034c02759b858affb432ffb6f4c9ef759a

  • SHA256

    6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028

  • SHA512

    d304438906ca763ae3346fcec7f60508fade1116d0dcc94ccbd9cf16523dc8d084e23ab63baa12a5a739d05e0e23bd923c7c1cd6435b08191e1c12b57c540f5f

  • SSDEEP

    49152:+fisGyCc38nMKTBoeANyvTDNpwP/T0hS1idvMd81XWrWC7WA94UQX:XsKc33ydwTv0F1Z

Score
3/10

Malware Config

Signatures

  • Program crash 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Downloader.Win64.Rugmi.15694.558.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Downloader.Win64.Rugmi.15694.558.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4588
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 1736
      2⤵
      • Program crash
      PID:4900
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 1612
      2⤵
      • Program crash
      PID:3192
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 1584
      2⤵
      • Program crash
      PID:3736
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 1632
      2⤵
      • Program crash
      PID:4512
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 760
      2⤵
      • Program crash
      PID:896
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4588 -ip 4588
    1⤵
      PID:3660
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4588 -ip 4588
      1⤵
        PID:3404
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4588 -ip 4588
        1⤵
          PID:776
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4588 -ip 4588
          1⤵
            PID:4496
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4588 -ip 4588
            1⤵
              PID:4304

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/4588-9-0x0000000000400000-0x00000000007C8000-memory.dmp
              Filesize

              3.8MB

              Download
            • memory/4588-10-0x00000000740E0000-0x000000007425B000-memory.dmp
              Filesize

              1.5MB

              Download