e002d5bbf4a98ac6d80a3a6277fe76b13b7ebdfdfb374495161180694886e6f2

Analysis

max time kernel
152s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 08:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.W32.Backdoor.OGTY-3206.20752.7802.exe
Size

26.2MB
MD5

e15642b40008a827258873bfeea59407
SHA1

45d136f50d4fbd3d8a840d1a5f85c64718ac96c8
SHA256

e002d5bbf4a98ac6d80a3a6277fe76b13b7ebdfdfb374495161180694886e6f2
SHA512

23b506992687af0aa7aa65f98fc16c155f54dfe614b10b0855bc00be8c3c6f11e122f94b5dba2eed96195bde53d14c57b4b3d3d63e5b41af33770483c09bece3
SSDEEP

786432:Of6xp+5NBvQBHox396Fr6x/DiqLCZwXi6tIp:ONpRxtq65DTWRLp

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2544	AcroRd32.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinSxS\Manifests\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.Manifest	SecuriteInfo.com.W32.Backdoor.OGTY-3206.20752.7802.exe
File opened for modification	C:\Windows\WinSxS\Manifests\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.Manifest	SecuriteInfo.com.W32.Backdoor.OGTY-3206.20752.7802.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 2544	3096	SecuriteInfo.com.W32.Backdoor.OGTY-3206.20752.7802.exe	90
PID 3096 wrote to memory of 2544	3096	SecuriteInfo.com.W32.Backdoor.OGTY-3206.20752.7802.exe	90
PID 3096 wrote to memory of 2544	3096	SecuriteInfo.com.W32.Backdoor.OGTY-3206.20752.7802.exe	90

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.Backdoor.OGTY-3206.20752.7802.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.Backdoor.OGTY-3206.20752.7802.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3096
- C:\Users\Admin\AppData\Roaming\Thinstall\Adobe Reader 9 Lite\4000005400002i\AcroRd32.exe
  "C:\Users\Admin\AppData\Roaming\Thinstall\Adobe Reader 9 Lite\4000005400002i\AcroRd32.exe"
  2⤵
  - Executes dropped EXE
  PID:2544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Thinstall\Adobe Reader 9 Lite\4000005400002i\AcroRd32.exe

Filesize
1.1MB

MD5
34ca5003ca31a6dd968b14af5ce5eed4

SHA1
8fd9a1030d45bcdb7650350ed6dac14b2bb0e0a7

SHA256
443efea07a1d3d3c22a73624837e7ef9fc7c67117c960a7a6029f5c778df8de7

SHA512
5707f1699864ec601eae9281c5d32e17e7d6f02335ab325ba16ea8fdf8e83981eb5c78fa72b5d3d4ca0ac12e4f03b0cdbc08bd4accb9c08e1a8871318b8817f5

Download Submit
C:\Users\Admin\AppData\Roaming\Thinstall\Adobe Reader 9 Lite\Registry.rw.lck

Filesize
36B

MD5
2f3127f13d3ca3de166cffea54fefe1c

SHA1
eaa281070d2088d703ee9f0d11180583fb82ce8d

SHA256
827ef390878808d6f93a46f8c44a49396c6a07f6b12a7c2ac278b611fbd789db

SHA512
50f29cb35f5f2753230c682d265be534d0ee88490fbb37dff170da894e2abb144984602d6f4c998060cd8d3aa322e3ac26b6b71a13a99116205fa1901b2ab8f5

Download Submit
C:\Users\Admin\AppData\Roaming\Thinstall\Adobe Reader 9 Lite\Registry.rw.tvr

Filesize
4KB

MD5
29a9593fc5a51471efe2d8cc2ebfdb2a

SHA1
20c72d6613d095f263c9c4f60e72fe51ff48b7c6

SHA256
6ef3f08b832a8f26c15526c0e0603ec3268f289109c8f63e6e6f2adbd14c407b

SHA512
52b810ff6a64177572fac2cb90aa29fe0f0c89cf8a42dade84a79d5acc9e8bef88e37419ea3ae84d13bdbd02cd77476bbf9d52d5c8399032d2c5100f3a8be0d3

Download Submit
memory/2544-55-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-39-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/2544-735-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/2544-89-0x0000000076700000-0x00000000768A0000-memory.dmp

Filesize
1.6MB

Download
memory/2544-88-0x0000000000010000-0x0000000000135000-memory.dmp

Filesize
1.1MB

Download
memory/2544-86-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-56-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-85-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-84-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-58-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-81-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-26-0x00000000020F0000-0x0000000002264000-memory.dmp

Filesize
1.5MB

Download
memory/2544-27-0x00000000020F0000-0x0000000002264000-memory.dmp

Filesize
1.5MB

Download
memory/2544-28-0x00000000020F0000-0x0000000002264000-memory.dmp

Filesize
1.5MB

Download
memory/2544-25-0x0000000000010000-0x0000000000135000-memory.dmp

Filesize
1.1MB

Download
memory/2544-29-0x00000000020F0000-0x0000000002264000-memory.dmp

Filesize
1.5MB

Download
memory/2544-30-0x00000000020F0000-0x0000000002264000-memory.dmp

Filesize
1.5MB

Download
memory/2544-31-0x00000000020F0000-0x0000000002264000-memory.dmp

Filesize
1.5MB

Download
memory/2544-32-0x00000000020F0000-0x0000000002264000-memory.dmp

Filesize
1.5MB

Download
memory/2544-33-0x00000000020F0000-0x0000000002264000-memory.dmp

Filesize
1.5MB

Download
memory/2544-34-0x00000000020F0000-0x0000000002264000-memory.dmp

Filesize
1.5MB

Download
memory/2544-79-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-75-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-70-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-38-0x0000000000010000-0x0000000000135000-memory.dmp

Filesize
1.1MB

Download
memory/2544-46-0x0000000075E20000-0x0000000075E9A000-memory.dmp

Filesize
488KB

Download
memory/2544-47-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-49-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-50-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-51-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-52-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-53-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-54-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-73-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-72-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-62-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-71-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-59-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-60-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-61-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-57-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-63-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-64-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-65-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-66-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-67-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-68-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/2544-69-0x0000000002B50000-0x0000000003E74000-memory.dmp

Filesize
19.1MB

Download
memory/3096-9-0x0000000002320000-0x0000000002494000-memory.dmp

Filesize
1.5MB

Download
memory/3096-18-0x0000000076FE0000-0x0000000076FE1000-memory.dmp

Filesize
4KB

Download
memory/3096-4-0x0000000002320000-0x0000000002494000-memory.dmp

Filesize
1.5MB

Download
memory/3096-74-0x0000000076700000-0x00000000768A0000-memory.dmp

Filesize
1.6MB

Download
memory/3096-0-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/3096-76-0x00000000750A0000-0x00000000750C4000-memory.dmp

Filesize
144KB

Download
memory/3096-77-0x0000000075E20000-0x0000000075E9A000-memory.dmp

Filesize
488KB

Download
memory/3096-1-0x0000000002320000-0x0000000002494000-memory.dmp

Filesize
1.5MB

Download
memory/3096-78-0x0000000076910000-0x0000000076EC3000-memory.dmp

Filesize
5.7MB

Download
memory/3096-80-0x0000000076EE0000-0x0000000076FC3000-memory.dmp

Filesize
908KB

Download
memory/3096-2-0x0000000002320000-0x0000000002494000-memory.dmp

Filesize
1.5MB

Download
memory/3096-82-0x0000000075DD0000-0x0000000075E15000-memory.dmp

Filesize
276KB

Download
memory/3096-83-0x00000000762B0000-0x00000000762B6000-memory.dmp

Filesize
24KB

Download
memory/3096-3-0x0000000002320000-0x0000000002494000-memory.dmp

Filesize
1.5MB

Download
memory/3096-22-0x000000007FE40000-0x000000007FE50000-memory.dmp

Filesize
64KB

Download
memory/3096-11-0x0000000002320000-0x0000000002494000-memory.dmp

Filesize
1.5MB

Download
memory/3096-8-0x0000000002320000-0x0000000002494000-memory.dmp

Filesize
1.5MB

Download
memory/3096-7-0x0000000002320000-0x0000000002494000-memory.dmp

Filesize
1.5MB

Download
memory/3096-6-0x0000000002320000-0x0000000002494000-memory.dmp

Filesize
1.5MB

Download
memory/3096-190-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/3096-192-0x0000000076700000-0x00000000768A0000-memory.dmp

Filesize
1.6MB

Download
memory/3096-5-0x0000000002320000-0x0000000002494000-memory.dmp

Filesize
1.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads