cc209c28e4d78068b131d1c4c278be88cbdf7d5cf1c5363ebfea28e523112111

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.DropperX-gen.22837.exe
Size

10KB
MD5

ee27646b11ea5a3a6423ff98775831e3
SHA1

ae272f6dc8e2ddd2350db152c65e1cd747cad780
SHA256

cc209c28e4d78068b131d1c4c278be88cbdf7d5cf1c5363ebfea28e523112111
SHA512

d16757130f75c3e1e9d31490b93e5b33f8b05c72891cee56b4e61fe83bb3d19daca91fcaebecaebc9c3dc3a4eb0ba2652000b68395232cd11362a54785700bd5
SSDEEP

192:c2+tUAUg0/4pIKjOt2wUehEr964QmbRu47iH:c2oM4pIKjO79hS64Qci

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2492	MetaAccounts.exe

Loads dropped DLL 2 IoCs

pid	Process
2504	SecuriteInfo.com.Win32.DropperX-gen.22837.exe
2492	MetaAccounts.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 4 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	MetaAccounts.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	MetaAccounts.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec5290f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae474040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	MetaAccounts.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	MetaAccounts.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2504	SecuriteInfo.com.Win32.DropperX-gen.22837.exe
Token: SeDebugPrivilege	2492	MetaAccounts.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2492	2504	SecuriteInfo.com.Win32.DropperX-gen.22837.exe	31
PID 2504 wrote to memory of 2492	2504	SecuriteInfo.com.Win32.DropperX-gen.22837.exe	31
PID 2504 wrote to memory of 2492	2504	SecuriteInfo.com.Win32.DropperX-gen.22837.exe	31
PID 2504 wrote to memory of 2492	2504	SecuriteInfo.com.Win32.DropperX-gen.22837.exe	31

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.22837.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.22837.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Users\Admin\AppData\Local\Temp\MetaAccounts.exe
  "C:\Users\Admin\AppData\Local\Temp\MetaAccounts.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\ControlzEx.dll

Filesize
244KB

MD5
37dbeb3e804d61cefed67d1a60dde873

SHA1
31fb981cc429cd24066363160e49c85fd74df8db

SHA256
f15d89d9720eedb94c09b1db32ca6a514e9eff2906da91396ffd7f877714911e

SHA512
7279e2354a9e1a583098bc9f6ff9ec05bb2b526ca151265d4c8c2bb42edd15b3d157425bc76e01b9f0e03cb1c87cb46bc94f9a1f47dc2a79daee784d6122f3fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\MahApps.Metro.dll

Filesize
1.8MB

MD5
def7c665a47c39bd24cdea8a809a59c0

SHA1
c90b2575d9ddc5dc700bc04c0ac3c862180decc4

SHA256
7ef6f8bbd94397b1637785ab3c20ddcf6709be0320cf7a969e8c15870554c2c2

SHA512
3eecc39ea7b8d079d771348927f715b252778aca878c03af312062e0ae7957146b40a198fba4a5e54a7228f1dcd1fe91074fdc32dacf4a35e8cc46d068f1dc20

Download Submit
C:\Users\Admin\AppData\Local\Temp\MetaAccounts.exe.config

Filesize
3KB

MD5
6d91a979c5dcf4c6ab91c4e12c846ec7

SHA1
265f0242169c891e399d37d4efe00e1e3ba2daba

SHA256
5f0454e9885564c0baa42c608a134d4a74aeede1765f17cb48c53c62cfda59ba

SHA512
cece2615f855f4c94727926fb3d381596bc0f11f5237152f1ea31d4409d3ab1e6b11e53b4a279913d719aec955e5141d6b65ee206a1743939da5f46badad51f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft.Bcl.AsyncInterfaces.dll

Filesize
26KB

MD5
970b6e6478ae3ab699f277d77de0cd19

SHA1
5475cb28998d419b4714343ffa9511ff46322ac2

SHA256
5dc372a10f345b1f00ec6a8fa1a2ce569f7e5d63e4f1f8631be367e46bfa34f4

SHA512
f3ad2088c5d3fcb770c6d8212650eed95507e107a34f9468ca9db99defd8838443a95e0b59a5a6cb65a18ebbc529110c5348513a321b44223f537096c6d7d6e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft.Xaml.Behaviors.dll

Filesize
141KB

MD5
ec5a1abee150abe698689211b07cd1ec

SHA1
affc3cb47da8fe76986d271cdc3e7ea345cc04e5

SHA256
b864da9d88414877cea9b1a016146265a5fb9d0e12f4dbb1dccc0cc998119a54

SHA512
a2b55b4ffc3f11546ed8d3457e98b986c089e25229bd687da35d45d63e4860722e8b13826d3a3daa1be843cf3a4ae3da4cf9b6fdcb5d1a4948648537e683789f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Newtonsoft.Json.dll

Filesize
695KB

MD5
715a1fbee4665e99e859eda667fe8034

SHA1
e13c6e4210043c4976dcdc447ea2b32854f70cc6

SHA256
c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

SHA512
bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\PuppeteerSharp.dll

Filesize
613KB

MD5
884506cdf2f3b66006002fba1acc7525

SHA1
0ad292e9f52a436b2163cb2f38bec08c043043d1

SHA256
dd03d9fd3d431f2a87fbadd160e6920989629bc9d66ecf0409fa0ed6c139b575

SHA512
54f59bdecddfe687e1c2dbf39e82810b2bf8e75f97af4d4e376edce9217156740868a552866c54ae1ef05d4ecc6635dc61f8219a3b3ed9e3cb7f5117fcf7c717

Download Submit
C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

Filesize
392KB

MD5
147328def2e79a86d7335a661eecc051

SHA1
98ff30131d77cf28807d50b97cc92cc8655e235c

SHA256
7442d48a24c1747cb17d80e95c4d7343de16e14a252484ace3be3fae55b1d641

SHA512
d26f6627f09cab90ae545df68f2df006f0beb988cfadb16f6af56a454e854a9b9c10d2ce787052b80536f9d05b7286d57e42f361f54944e20df99b3c1c49aefb

Download Submit
C:\Users\Admin\AppData\Local\Temp\System.Threading.Tasks.Extensions.dll

Filesize
25KB

MD5
e1e9d7d46e5cd9525c5927dc98d9ecc7

SHA1
2242627282f9e07e37b274ea36fac2d3cd9c9110

SHA256
4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6

SHA512
da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC03A.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\x64\SQLite.Interop.dll

Filesize
704KB

MD5
35221f55b729b1630ca1c32a7be0878d

SHA1
b6c7963e0c7715766cb27402fa4a19a7de89e363

SHA256
e7c9f7877e7123bfe6adec30bc527aa84cb322cba3ba4d382ffca155ab9c12b1

SHA512
0e21edb47b620cfabcc69dc55ff7a641d6c428f75ba8fdb8e77ae1ba0954002e86afd9b77c567a2de0ea03920df49156c94d4cbee7be9f8aad1b19f369d9054c

Download Submit
\Users\Admin\AppData\Local\Temp\MetaAccounts.exe

Filesize
849KB

MD5
09db975c2aa349ddaaacdf95bbac88ec

SHA1
8f8949b8ff4db691d3a12ec94a31822e07e50081

SHA256
e1d21ff20fe5bf4b004cefde8c4bcd11d788a963e8e09090c914aa84559ca55d

SHA512
ff6894715b0e87546500e2bd0a24d6bfec99631d83ce35a610bea37c050eaa2fa7412deac061410c4e06c1ea59dfa6693f432513f727b29db93977a9b1a03639

Download Submit
\Users\Admin\AppData\Local\Temp\x64\SQLite.Interop.dll

Filesize
391KB

MD5
1a1b3490c7c0edf71adcd90bb7f6acef

SHA1
3a9bfd71cd10e368e9cda38b7680387b8845c887

SHA256
3ac5f1f3a36aa147db4155499beb1e7aaab9245e0f525bb0002cedf12152adea

SHA512
45dda601c746d96f17c65f10cf1dfafa606779f982a16c0613767983104255944427067c14ab4d7a336db1a09394f2c595994f9efeac2d4dafe6e6117dadacff

Download Submit
memory/2492-482-0x000000001BA50000-0x000000001BA92000-memory.dmp

Filesize
264KB

Download
memory/2492-480-0x000000001BB20000-0x000000001BBA0000-memory.dmp

Filesize
512KB

Download
memory/2492-471-0x0000000002360000-0x0000000002400000-memory.dmp

Filesize
640KB

Download
memory/2492-472-0x0000000000650000-0x000000000066A000-memory.dmp

Filesize
104KB

Download
memory/2492-467-0x000000001C0C0000-0x000000001C2CC000-memory.dmp

Filesize
2.0MB

Download
memory/2492-474-0x0000000000540000-0x000000000054A000-memory.dmp

Filesize
40KB

Download
memory/2492-466-0x000007FEF50C0000-0x000007FEF5AAC000-memory.dmp

Filesize
9.9MB

Download
memory/2492-476-0x0000000000680000-0x000000000068A000-memory.dmp

Filesize
40KB

Download
memory/2492-465-0x000000013F890000-0x000000013F968000-memory.dmp

Filesize
864KB

Download
memory/2492-478-0x000000001B4D0000-0x000000001B582000-memory.dmp

Filesize
712KB

Download
memory/2492-479-0x000000001BB20000-0x000000001BBA0000-memory.dmp

Filesize
512KB

Download
memory/2492-469-0x000000001C2D0000-0x000000001C63C000-memory.dmp

Filesize
3.4MB

Download
memory/2492-499-0x000007FEF50C0000-0x000007FEF5AAC000-memory.dmp

Filesize
9.9MB

Download
memory/2492-490-0x000000001C640000-0x000000001C665000-memory.dmp

Filesize
148KB

Download
memory/2492-487-0x000000001BAA0000-0x000000001BB04000-memory.dmp

Filesize
400KB

Download
memory/2492-485-0x000000001B620000-0x000000001B648000-memory.dmp

Filesize
160KB

Download
memory/2504-40-0x0000000073F20000-0x000000007460E000-memory.dmp

Filesize
6.9MB

Download
memory/2504-41-0x0000000004B30000-0x0000000004B70000-memory.dmp

Filesize
256KB

Download
memory/2504-2-0x0000000004B30000-0x0000000004B70000-memory.dmp

Filesize
256KB

Download
memory/2504-1-0x0000000073F20000-0x000000007460E000-memory.dmp

Filesize
6.9MB

Download
memory/2504-0-0x0000000001360000-0x0000000001368000-memory.dmp

Filesize
32KB

Download
memory/2504-463-0x0000000073F20000-0x000000007460E000-memory.dmp

Filesize
6.9MB

Download