c303616d780c3193a2f4c69c8f0cd3798c88e930c751706974411eeb59570d92

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.exe
Size

18.5MB
MD5

d88588548ae36dbe15a49f87409157c3
SHA1

431bd9cc80e68d2c1e433dd09b5078a72487b3f0
SHA256

c303616d780c3193a2f4c69c8f0cd3798c88e930c751706974411eeb59570d92
SHA512

b37f46f28c87acee4f1ce96275e9ef9eb792d2465440ecbd4a0396e2856648bf3810ed97029c1db484b0c09d757572cad85b4c7dcf9b802f41794153c191c61a
SSDEEP

393216:litqcnVNBdHtmdDPBLp11SQ++w3ApmcxWDHcpx/HQLcXjGXXM:liYcZQPrSD+RpmtHOxPgcXjGXXM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5028	SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.tmp

Loads dropped DLL 3 IoCs

pid	Process
5028	SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.tmp
5028	SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.tmp
5028	SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	29	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5028	SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.tmp
5028	SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 5028	216	SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.exe	88
PID 216 wrote to memory of 5028	216	SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.exe	88
PID 216 wrote to memory of 5028	216	SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.exe	88

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:216
- C:\Users\Admin\AppData\Local\Temp\is-LBEV9.tmp\SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-LBEV9.tmp\SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.tmp" /SL5="$40218,18980826,121344,C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:5028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-HVERH.tmp\idp.dll

Filesize
232KB

MD5
6e89f7adffca40402859b4d7ccde0d62

SHA1
b1d9e4c6b2866b7dc883924718e55148944dbc99

SHA256
c4400dfd9f4f67033e74042f192da448d4cdd0ab294167439f548e78009dfaba

SHA512
522aa6bee953e57ef413029045c3dc4109c23e46e20368317f8f6f26fdfba7df5d5aca33f0aee7c1da04eb67aff5e2f81d7d25d710be03376c932139b456794e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HVERH.tmp\itdownload.dll

Filesize
201KB

MD5
a8cbc54e3d34e4367796f9d18d9995ab

SHA1
9fb7e5e3881e4da2f161ae22aff430d664637bcc

SHA256
1161b9ad40153549732bc657899ed22a3fb9cdf4e1e7b20cd139b8e6eec80182

SHA512
2db0bf5c5123dd337866f9896ede9b7bfc05f84e076df8da5ae3d2ebd5351231d12a23a3d7962c1fa9bea5fcec539d21a25aebd1deb65d5b51c453d639105e7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LBEV9.tmp\SecuriteInfo.com.W32.Relevant.AI.gen.Eldorado.16350.31576.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
memory/216-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/216-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/216-18-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/5028-16-0x0000000003350000-0x000000000338C000-memory.dmp

Filesize
240KB

Download
memory/5028-6-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/5028-19-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/5028-20-0x0000000003350000-0x000000000338C000-memory.dmp

Filesize
240KB

Download
memory/5028-24-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/5028-26-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/5028-27-0x0000000003350000-0x000000000338C000-memory.dmp

Filesize
240KB

Download