Overview

overview

9

Static

static

9

SecuriteIn...24.exe

windows7-x64

9

SecuriteIn...24.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    07-03-2024 05:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe

  • Size

    22.7MB

  • MD5

    bfc65ce21e22544286826e26a5ec45ef

  • SHA1

    e27dc55c11a9b10ca3966f1f7fec14e064c7d717

  • SHA256

    dbea63a5288ad81e108db81ab75b9b78f60469facb9fe7ef768c6a3f7710d5eb

  • SHA512

    9866b4573795264972abf7c31f7056cdc17edc4c249fba487a0c583866991cc168ecb2e8e95c6ed2bb3f9e31bd4f485ae7264e7d555dcccf573417b1b50fc7b3

  • SSDEEP

    393216:4CniWcrE+N29tz2cDhctoqfv42GhoxAq8kZ/Pnin2um6h/rhg03X1nqW4A0ySQyG:fniWc4+N8tkv42GhoxAcs/rhtXdN4wp

Score
9/10
cryptonediscoveryevasionpackertrojan

Malware Config

Signatures

  • CryptOne packer 7 IoCs

    Detects CryptOne packer defined in NCC blogpost.

    cryptonepacker
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BScope.Trojan.InstallCore.736.14024.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Users\Admin\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
      C:\Users\Admin\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2604

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GH_1056.tmp
    Filesize

    893B

    MD5

    388aa031ce9226133d436591bf387a1c

    SHA1

    87de6709cafd46ca946a784dfe57811aa20ca02b

    SHA256

    cf8be59a9eb914c8248ab07bafdd3ecc45cec0e2206dd093673029c324d4a505

    SHA512

    945a256376dbc28f8b7dc37ec36b0279d45baee265497fc9eff9dcc558023880ee30e24c5433240d3926672114afd53e3cc44c324210249cfffd4d5aa329b8a3

    Download Submit
  • C:\Users\Admin\AppData\Roaming\WanWD-xfq-3dmgame\Flash32_29_0_0_171.ocx
    Filesize

    2.6MB

    MD5

    f8af245bfcd1e28fb5547df6097de877

    SHA1

    a2a4627cf7a374e5c95f5f6f5ab1ceb8ce26e8be

    SHA256

    18e2a110494edee3f489a9b4ed52a154ab82cf97a3644a4dcc5532e020e0b61e

    SHA512

    328bb41312554c88b007df637806939c3158312422fec3dbbe701cfc87128438904e72b4fae16d385b67afbd6cb198237d37c5a0a856feb843daee90ece02879

    Download Submit
  • C:\Users\Admin\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
    Filesize

    2.4MB

    MD5

    b7240cad1d0786e899b8a07b27829012

    SHA1

    4c8531df84cbdce53972c7734a3852d937821bb3

    SHA256

    445bf76f934921f1fdd5380e0994d71560eeac597cf43d7a02ee27cd23f324e3

    SHA512

    006d2cb9fda8649cabe6f9afa30bbd68f7025f244c9bf79fe3567f032ebdd1c15fb130cdebe03c1d5b5653bd9a2092b4cbf426add573b06f91b21ad018dd4a46

    Download Submit
  • C:\Users\Admin\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
    Filesize

    2.2MB

    MD5

    95d6269e1e451428dbec6fd65f340799

    SHA1

    fcc0de4cf7b9e97ad8efe298cdb2bf51ca7f216c

    SHA256

    a66c9f7b44dcef7c61c7e2f1310c9e61f92c2b77cedf7bdb1cae0d94a2b92a18

    SHA512

    3e4df803d9e060942aa405e972e12eda3e1f53d1baafb08c3b86e1c3229c955504d71935c66308528e20af6f7b29fe6f425c5b4196ea01f7e9699a1ad6ca1c24

    Download Submit
  • C:\Users\Admin\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
    Filesize

    12.2MB

    MD5

    8c975d422ac650c1453693fdfb35a829

    SHA1

    e159558ca0a323e6609ffc71529c63170bea0eab

    SHA256

    22ad0c85cecb35c928ef99e9289d1c210fa289ea2dd200f1731e361ed19535fd

    SHA512

    0c33705d42351f8eba37d3b8288e5e2839d092070e30555dcf78d6c97c44d24a268e74bfced584cd337d4cf26a0aaef457bd9c1ae1b8bb83741f9f286b718894

    Download Submit
  • C:\Users\Admin\AppData\Roaming\WanWD-xfq-3dmgame\cfg.ini
    Filesize

    167B

    MD5

    83ca3a223ff85522bb7089f88f7b10d0

    SHA1

    ab86a3dda4471691c1e7292f0449aad321cd2dc9

    SHA256

    00a4a5549ac1d4675e63394991d949d21bebebd0bd3dc56b822bf156a1d9bc88

    SHA512

    291ae1f0a23f00aee2e333d531b6a8bb7d26c0306af551832aae7b90a04a43b54bd9f8edf6114a7666f09d8fc0395c30d8657150397bac35d4bad94b5efd91cd

    Download Submit
  • \Users\Admin\AppData\Roaming\WanWD-xfq-3dmgame\Flash32_29_0_0_171.ocx
    Filesize

    2.4MB

    MD5

    f01b373bc02dfbe027e65ad88c007927

    SHA1

    e50d902e0970111be6ec588c939d0919e2982c60

    SHA256

    332d6d9c0933667ca1691ee38039608bc9a3e6138b303154e672e82908075d8f

    SHA512

    40c762039262a5f30a31886d6221ea512d6e3d5d8d022e82c9d27a18fdb2c446bcfc80cfee119c9bbcd08b7a209f765efa2d075d8b0201de6f93cc3e4ef9bb90

    Download Submit
  • \Users\Admin\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
    Filesize

    3.1MB

    MD5

    9b0c7767f5cec429762029cb4f0dd7c6

    SHA1

    48397e4fd416030576a17c767dcce81644b8caf3

    SHA256

    614bc2c355ad3a16aaf8523796c563af7c36e8364dbc12bcaac366311c4102a2

    SHA512

    9f0259c72fcc3e4152a3fb4d32cc7faa567dfd0354862b76d780155f4e63e555b4e321b0d46be508c6e4dfb8b90a3ca42adc5be9e17acc2ec042b8cf7d71bf4b

    Download Submit
  • \Users\Admin\AppData\Roaming\WanWD-xfq-3dmgame\MiniClient.exe
    Filesize

    2.6MB

    MD5

    2279aa2d1b170c159e4e378bc785c029

    SHA1

    3ff4141a85f48353df5a07fe28896bdd0c56cb97

    SHA256

    d3482c5baf89d159cd8b63ac6a947b9ecd08e5b230347805dbb625a1caa3ca46

    SHA512

    17c57fa60e29ddf67b52385616977f0a526d66764e835caf2250319cf127103516da01407b4b9f0a5b999682684cfc7c90fad761e91cc63b10096c5cce794f63

    Download Submit
  • memory/2416-4-0x00000000000B0000-0x00000000000B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-28-0x00000000000C0000-0x00000000000C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2604-58-0x00000000000C0000-0x00000000000C1000-memory.dmp
    Filesize

    4KB

    Download