cc209c28e4d78068b131d1c4c278be88cbdf7d5cf1c5363ebfea28e523112111

Analysis

max time kernel
139s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.DropperX-gen.22837.exe
Size

10KB
MD5

ee27646b11ea5a3a6423ff98775831e3
SHA1

ae272f6dc8e2ddd2350db152c65e1cd747cad780
SHA256

cc209c28e4d78068b131d1c4c278be88cbdf7d5cf1c5363ebfea28e523112111
SHA512

d16757130f75c3e1e9d31490b93e5b33f8b05c72891cee56b4e61fe83bb3d19daca91fcaebecaebc9c3dc3a4eb0ba2652000b68395232cd11362a54785700bd5
SSDEEP

192:c2+tUAUg0/4pIKjOt2wUehEr964QmbRu47iH:c2oM4pIKjO79hS64Qci

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation	SecuriteInfo.com.Win32.DropperX-gen.22837.exe

Executes dropped EXE 1 IoCs

pid	Process
3716	MetaAccounts.exe

Loads dropped DLL 1 IoCs

pid	Process
3716	MetaAccounts.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4516	SecuriteInfo.com.Win32.DropperX-gen.22837.exe
Token: SeDebugPrivilege	3716	MetaAccounts.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4516 wrote to memory of 3716	4516	SecuriteInfo.com.Win32.DropperX-gen.22837.exe	94
PID 4516 wrote to memory of 3716	4516	SecuriteInfo.com.Win32.DropperX-gen.22837.exe	94

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.22837.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.DropperX-gen.22837.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4516
- C:\Users\Admin\AppData\Local\Temp\MetaAccounts.exe
  "C:\Users\Admin\AppData\Local\Temp\MetaAccounts.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:3716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ControlzEx.dll

Filesize
244KB

MD5
37dbeb3e804d61cefed67d1a60dde873

SHA1
31fb981cc429cd24066363160e49c85fd74df8db

SHA256
f15d89d9720eedb94c09b1db32ca6a514e9eff2906da91396ffd7f877714911e

SHA512
7279e2354a9e1a583098bc9f6ff9ec05bb2b526ca151265d4c8c2bb42edd15b3d157425bc76e01b9f0e03cb1c87cb46bc94f9a1f47dc2a79daee784d6122f3fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\MahApps.Metro.dll

Filesize
3.4MB

MD5
7b0f105e6d64d4ee914d5b48ec9bbe75

SHA1
34d69cb025f1fde595b0670e59b0ada7ec074dba

SHA256
1f3c694ec608fff224e98fba810fe70adbc7e470f56ab617be0b812c5b1113d0

SHA512
e61dcc0a25d542e265be904693363c989e952126bdfe9fc9ccc1c95a0d765dd67970bba2e9d971d796cb4cfa65ccbe54a28eda62cd4853c5eba7fb504c208037

Download Submit
C:\Users\Admin\AppData\Local\Temp\MetaAccounts.exe

Filesize
849KB

MD5
09db975c2aa349ddaaacdf95bbac88ec

SHA1
8f8949b8ff4db691d3a12ec94a31822e07e50081

SHA256
e1d21ff20fe5bf4b004cefde8c4bcd11d788a963e8e09090c914aa84559ca55d

SHA512
ff6894715b0e87546500e2bd0a24d6bfec99631d83ce35a610bea37c050eaa2fa7412deac061410c4e06c1ea59dfa6693f432513f727b29db93977a9b1a03639

Download Submit
C:\Users\Admin\AppData\Local\Temp\MetaAccounts.exe.config

Filesize
3KB

MD5
6d91a979c5dcf4c6ab91c4e12c846ec7

SHA1
265f0242169c891e399d37d4efe00e1e3ba2daba

SHA256
5f0454e9885564c0baa42c608a134d4a74aeede1765f17cb48c53c62cfda59ba

SHA512
cece2615f855f4c94727926fb3d381596bc0f11f5237152f1ea31d4409d3ab1e6b11e53b4a279913d719aec955e5141d6b65ee206a1743939da5f46badad51f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft.Bcl.AsyncInterfaces.dll

Filesize
26KB

MD5
970b6e6478ae3ab699f277d77de0cd19

SHA1
5475cb28998d419b4714343ffa9511ff46322ac2

SHA256
5dc372a10f345b1f00ec6a8fa1a2ce569f7e5d63e4f1f8631be367e46bfa34f4

SHA512
f3ad2088c5d3fcb770c6d8212650eed95507e107a34f9468ca9db99defd8838443a95e0b59a5a6cb65a18ebbc529110c5348513a321b44223f537096c6d7d6e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft.Xaml.Behaviors.dll

Filesize
141KB

MD5
ec5a1abee150abe698689211b07cd1ec

SHA1
affc3cb47da8fe76986d271cdc3e7ea345cc04e5

SHA256
b864da9d88414877cea9b1a016146265a5fb9d0e12f4dbb1dccc0cc998119a54

SHA512
a2b55b4ffc3f11546ed8d3457e98b986c089e25229bd687da35d45d63e4860722e8b13826d3a3daa1be843cf3a4ae3da4cf9b6fdcb5d1a4948648537e683789f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Newtonsoft.Json.dll

Filesize
695KB

MD5
715a1fbee4665e99e859eda667fe8034

SHA1
e13c6e4210043c4976dcdc447ea2b32854f70cc6

SHA256
c5c83bbc1741be6ff4c490c0aee34c162945423ec577c646538b2d21ce13199e

SHA512
bf9744ccb20f8205b2de39dbe79d34497b4d5c19b353d0f95e87ea7ef7fa1784aea87e10efcef11e4c90451eaa47a379204eb0533aa3018e378dd3511ce0e8ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\PuppeteerSharp.dll

Filesize
613KB

MD5
884506cdf2f3b66006002fba1acc7525

SHA1
0ad292e9f52a436b2163cb2f38bec08c043043d1

SHA256
dd03d9fd3d431f2a87fbadd160e6920989629bc9d66ecf0409fa0ed6c139b575

SHA512
54f59bdecddfe687e1c2dbf39e82810b2bf8e75f97af4d4e376edce9217156740868a552866c54ae1ef05d4ecc6635dc61f8219a3b3ed9e3cb7f5117fcf7c717

Download Submit
C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

Filesize
392KB

MD5
147328def2e79a86d7335a661eecc051

SHA1
98ff30131d77cf28807d50b97cc92cc8655e235c

SHA256
7442d48a24c1747cb17d80e95c4d7343de16e14a252484ace3be3fae55b1d641

SHA512
d26f6627f09cab90ae545df68f2df006f0beb988cfadb16f6af56a454e854a9b9c10d2ce787052b80536f9d05b7286d57e42f361f54944e20df99b3c1c49aefb

Download Submit
C:\Users\Admin\AppData\Local\Temp\System.Threading.Tasks.Extensions.dll

Filesize
25KB

MD5
e1e9d7d46e5cd9525c5927dc98d9ecc7

SHA1
2242627282f9e07e37b274ea36fac2d3cd9c9110

SHA256
4f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6

SHA512
da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11

Download Submit
C:\Users\Admin\AppData\Local\Temp\x64\SQLite.Interop.dll

Filesize
1.7MB

MD5
1288823e8e1fca09bb490ce46988188d

SHA1
b07fe4a5d032296e3a7d0727216af8c1d2166e91

SHA256
6514973856d1767ccb375dcb253400e710fb4f91feb758041d8defe92b1886c5

SHA512
88967f64116951092a54118055eab462082f16676ea7565f42515e88765813b53cdfbba5181318e73b668e04ddd030a0bfcf5cf47936772f68df85488b865acd

Download Submit
memory/3716-436-0x0000018217010000-0x00000182170E8000-memory.dmp

Filesize
864KB

Download
memory/3716-460-0x0000018231740000-0x0000018231750000-memory.dmp

Filesize
64KB

Download
memory/3716-437-0x00007FF841340000-0x00007FF841E01000-memory.dmp

Filesize
10.8MB

Download
memory/3716-440-0x0000018232B30000-0x0000018232E9C000-memory.dmp

Filesize
3.4MB

Download
memory/3716-475-0x00007FF841340000-0x00007FF841E01000-memory.dmp

Filesize
10.8MB

Download
memory/3716-442-0x0000018218E40000-0x0000018218EE0000-memory.dmp

Filesize
640KB

Download
memory/3716-445-0x0000018218C50000-0x0000018218C5A000-memory.dmp

Filesize
40KB

Download
memory/3716-469-0x0000018233E60000-0x0000018233E82000-memory.dmp

Filesize
136KB

Download
memory/3716-443-0x0000018218C60000-0x0000018218C7A000-memory.dmp

Filesize
104KB

Download
memory/3716-468-0x0000018233990000-0x00000182339B6000-memory.dmp

Filesize
152KB

Download
memory/3716-447-0x0000018218C90000-0x0000018218C9A000-memory.dmp

Filesize
40KB

Download
memory/3716-467-0x0000018233F40000-0x0000018233F7A000-memory.dmp

Filesize
232KB

Download
memory/3716-449-0x0000018232880000-0x0000018232932000-memory.dmp

Filesize
712KB

Download
memory/3716-450-0x0000018231740000-0x0000018231750000-memory.dmp

Filesize
64KB

Download
memory/3716-451-0x0000018231740000-0x0000018231750000-memory.dmp

Filesize
64KB

Download
memory/3716-464-0x0000018233E90000-0x0000018233EF4000-memory.dmp

Filesize
400KB

Download
memory/3716-453-0x0000018233910000-0x0000018233952000-memory.dmp

Filesize
264KB

Download
memory/3716-454-0x0000018218D10000-0x0000018218D18000-memory.dmp

Filesize
32KB

Download
memory/3716-455-0x0000018233A20000-0x0000018233ADA000-memory.dmp

Filesize
744KB

Download
memory/3716-456-0x00007FF841340000-0x00007FF841E01000-memory.dmp

Filesize
10.8MB

Download
memory/3716-457-0x0000018231740000-0x0000018231750000-memory.dmp

Filesize
64KB

Download
memory/3716-458-0x0000018231740000-0x0000018231750000-memory.dmp

Filesize
64KB

Download
memory/3716-438-0x0000018231750000-0x000001823195C000-memory.dmp

Filesize
2.0MB

Download
memory/3716-462-0x00000182339C0000-0x00000182339E8000-memory.dmp

Filesize
160KB

Download
memory/4516-3-0x00000000030E0000-0x00000000030F2000-memory.dmp

Filesize
72KB

Download
memory/4516-2-0x0000000001750000-0x000000000175A000-memory.dmp

Filesize
40KB

Download
memory/4516-4-0x00000000058C0000-0x00000000058D0000-memory.dmp

Filesize
64KB

Download
memory/4516-1-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/4516-114-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/4516-125-0x00000000058C0000-0x00000000058D0000-memory.dmp

Filesize
64KB

Download
memory/4516-435-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/4516-0-0x0000000000EA0000-0x0000000000EA8000-memory.dmp

Filesize
32KB

Download