Overview
overview
10Static
static
3eeeeeeeeee...00.exe
windows7-x64
eeeeeeeeee...00.exe
windows10-2004-x64
eeeeeeeeee...um.exe
windows7-x64
10eeeeeeeeee...um.exe
windows10-2004-x64
10eeeeeeeeee...ug.exe
windows7-x64
6eeeeeeeeee...ug.exe
windows10-2004-x64
6eeeeeeeeee...le.exe
windows7-x64
1eeeeeeeeee...le.exe
windows10-2004-x64
1eeeeeeeeee...er.exe
windows7-x64
7eeeeeeeeee...er.exe
windows10-2004-x64
7eeeeeeeeee...us.exe
windows7-x64
1eeeeeeeeee...us.exe
windows10-2004-x64
1MEMZ 3.0/MEMZ.bat
windows7-x64
7MEMZ 3.0/MEMZ.bat
windows10-2004-x64
7MEMZ 3.0/MEMZ.exe
windows7-x64
6MEMZ 3.0/MEMZ.exe
windows10-2004-x64
7eeeeeeeeee...MZ.bat
windows7-x64
7eeeeeeeeee...MZ.bat
windows10-2004-x64
7eeeeeeeeee...MZ.exe
windows7-x64
6eeeeeeeeee...MZ.exe
windows10-2004-x64
7eeeeeeeeee...ld.exe
windows7-x64
3eeeeeeeeee...ld.exe
windows10-2004-x64
3eeeeeeeeee....A.exe
windows7-x64
6eeeeeeeeee....A.exe
windows10-2004-x64
6eeeeeeeeee...al.exe
windows7-x64
7eeeeeeeeee...al.exe
windows10-2004-x64
8eeeeeeeeee...15.exe
windows7-x64
3eeeeeeeeee...15.exe
windows10-2004-x64
3eeeeeeeeee...al.exe
windows7-x64
7eeeeeeeeee...al.exe
windows10-2004-x64
8eeeeeeeeee...0r.exe
windows7-x64
10eeeeeeeeee...0r.exe
windows10-2004-x64
10Resubmissions
15-09-2024 23:12
240915-27aqvsxhjq 815-09-2024 23:02
240915-21efgaxake 815-09-2024 22:58
240915-2xypyaxdkj 315-09-2024 22:56
240915-2wn44sxcpk 315-09-2024 22:43
240915-2np2fawhpr 315-09-2024 22:42
240915-2m3k5swhmk 1015-09-2024 22:33
240915-2gqdmawbja 815-09-2024 22:27
240915-2de4gswekk 715-09-2024 22:15
240915-16esravenh 10Analysis
-
max time kernel
1800s -
max time network
1561s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
10-03-2024 21:52
Static task
static1
Behavioral task
behavioral1
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/000/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/000/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/ColorBug/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/ColorBug/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/DesktopPuzzle/[email protected]
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral8
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/DesktopPuzzle/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral10
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Happy Antivirus/[email protected]
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral12
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Happy Antivirus/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
MEMZ 3.0/MEMZ.bat
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
MEMZ 3.0/MEMZ.bat
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
MEMZ 3.0/MEMZ.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
MEMZ 3.0/MEMZ.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral18
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/NavaShield/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/NavaShield/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Petya.A/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Petya.A/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral26
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Defender 2015/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Defender 2015/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/WannaCrypt0r/[email protected]
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/WannaCrypt0r/[email protected]
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
-
Size
904KB
-
MD5
0315c3149c7dc1d865dc5a89043d870d
-
SHA1
f74546dda99891ca688416b1a61c9637b3794108
-
SHA256
90c2c3944fa8933eefc699cf590ed836086deb31ee56ec71b5651fd978a352c9
-
SHA512
7168dc244f0e400fa302801078e3faec8cdd2d3cb3b8baaab0a1b3c0929d7cf41e54bfbe530ad5ce96a6b63761f7866d26aaae788c3138c34294174091478112
-
SSDEEP
24576:bnQv6Dyxn2Qx0KHizHWKxHuyCcZFyXR1tG:2OE2QtCzhh/7R
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
pid Process 2544 Security Central.exe 2556 Security Central.exe -
Loads dropped DLL 5 IoCs
pid Process 2384 [email protected] 2544 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral25/memory/2384-2-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2384-4-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2384-5-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2384-6-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2384-20-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-22-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-25-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-27-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-29-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-28-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-36-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-37-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-38-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-39-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-40-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-43-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-44-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-45-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-46-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-47-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-48-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-49-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-50-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-51-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-52-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-53-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-54-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-55-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-56-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-57-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-58-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-59-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-60-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-61-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-62-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-63-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-64-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-65-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-66-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-67-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-68-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-69-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-70-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-71-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-72-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-73-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-74-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-75-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-76-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-77-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-78-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-79-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-80-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-81-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-82-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-83-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-84-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-85-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-86-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-87-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-88-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-89-0x0000000000400000-0x0000000000A35000-memory.dmp upx behavioral25/memory/2556-90-0x0000000000400000-0x0000000000A35000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Security Central = "C:\\Program Files (x86)\\Security Central\\Security Central.exe" Security Central.exe -
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\G: Security Central.exe File opened (read-only) \??\I: Security Central.exe File opened (read-only) \??\J: Security Central.exe File opened (read-only) \??\K: Security Central.exe File opened (read-only) \??\O: Security Central.exe File opened (read-only) \??\U: Security Central.exe File opened (read-only) \??\N: Security Central.exe File opened (read-only) \??\R: Security Central.exe File opened (read-only) \??\S: Security Central.exe File opened (read-only) \??\V: Security Central.exe File opened (read-only) \??\L: Security Central.exe File opened (read-only) \??\M: Security Central.exe File opened (read-only) \??\P: Security Central.exe File opened (read-only) \??\T: Security Central.exe File opened (read-only) \??\W: Security Central.exe File opened (read-only) \??\Y: Security Central.exe File opened (read-only) \??\E: Security Central.exe File opened (read-only) \??\H: Security Central.exe File opened (read-only) \??\Q: Security Central.exe File opened (read-only) \??\X: Security Central.exe File opened (read-only) \??\Z: Security Central.exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 2408 set thread context of 2384 2408 [email protected] 28 PID 2544 set thread context of 2556 2544 Security Central.exe 30 -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\Security Central\Security Central.exe [email protected] -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2556 Security Central.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 1012 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1012 AUDIODG.EXE Token: 33 1012 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1012 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 37 IoCs
pid Process 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe -
Suspicious use of SendNotifyMessage 37 IoCs
pid Process 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2408 [email protected] 2544 Security Central.exe 2556 Security Central.exe 2556 Security Central.exe -
Suspicious use of WriteProcessMemory 22 IoCs
description pid Process procid_target PID 2408 wrote to memory of 2384 2408 [email protected] 28 PID 2408 wrote to memory of 2384 2408 [email protected] 28 PID 2408 wrote to memory of 2384 2408 [email protected] 28 PID 2408 wrote to memory of 2384 2408 [email protected] 28 PID 2408 wrote to memory of 2384 2408 [email protected] 28 PID 2408 wrote to memory of 2384 2408 [email protected] 28 PID 2408 wrote to memory of 2384 2408 [email protected] 28 PID 2408 wrote to memory of 2384 2408 [email protected] 28 PID 2408 wrote to memory of 2384 2408 [email protected] 28 PID 2384 wrote to memory of 2544 2384 [email protected] 29 PID 2384 wrote to memory of 2544 2384 [email protected] 29 PID 2384 wrote to memory of 2544 2384 [email protected] 29 PID 2384 wrote to memory of 2544 2384 [email protected] 29 PID 2544 wrote to memory of 2556 2544 Security Central.exe 30 PID 2544 wrote to memory of 2556 2544 Security Central.exe 30 PID 2544 wrote to memory of 2556 2544 Security Central.exe 30 PID 2544 wrote to memory of 2556 2544 Security Central.exe 30 PID 2544 wrote to memory of 2556 2544 Security Central.exe 30 PID 2544 wrote to memory of 2556 2544 Security Central.exe 30 PID 2544 wrote to memory of 2556 2544 Security Central.exe 30 PID 2544 wrote to memory of 2556 2544 Security Central.exe 30 PID 2544 wrote to memory of 2556 2544 Security Central.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Security Central\[email protected]"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Security Central\[email protected]"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408 -
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Security Central\[email protected]"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Security Central\[email protected]"2⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2384 -
C:\Program Files (x86)\Security Central\Security Central.exe"C:\Program Files (x86)\Security Central\Security Central.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544 -
C:\Program Files (x86)\Security Central\Security Central.exe"C:\Program Files (x86)\Security Central\Security Central.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2556
-
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2dc1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1012
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
904KB
MD50315c3149c7dc1d865dc5a89043d870d
SHA1f74546dda99891ca688416b1a61c9637b3794108
SHA25690c2c3944fa8933eefc699cf590ed836086deb31ee56ec71b5651fd978a352c9
SHA5127168dc244f0e400fa302801078e3faec8cdd2d3cb3b8baaab0a1b3c0929d7cf41e54bfbe530ad5ce96a6b63761f7866d26aaae788c3138c34294174091478112
-
Filesize
662KB
MD501b0f3ffaa760f71214df26d5828f7b5
SHA1921f9700f8f030de1067c45cc1652c3e31fea13d
SHA256d64d5750e1ebc20b5be978477fda6300c57068d21141b0ea76549ce6d85b08f3
SHA512e8e06ae5afed2133d45d3972166be5ed6c30ee7d732bcc9e41ed2151382bacb02d5041f5b54a3b73ba6a687ba70e9c0dbaad76019c46f8f7057b8f88c977cd1d
-
Filesize
691KB
MD5a258e49263c528a14d0c681e68aebc0a
SHA16708c67a82ad0de1f64316ee74e44f2be27645ff
SHA25686af6c300a14db000e545912e6b7bf24b055796a62749cef6dc56691d06e4d83
SHA51207485ccedc67c56c95e1b2adabf750bd7cfc4d604e4641d63c3a5628f8937e0d57a3541568a9e645c0b2adab8da2aa1be12f4521d97e9e07fdf26b01ae6dd384
-
Filesize
606KB
MD52d815efb91f009e63f92b04ab9fcc815
SHA1ab3e3b5ad2fdfeadb436e9f81cc6edd8d5e59b3c
SHA25690a67188f0f447b120124dd43ed5fa10393d865476e0d4600b7d15e0c57f899a
SHA512844f02c010499f9966a4f4162d20b206abe62cde0b0721b347d819a679b006d0cd34c1b7077f04df079d365878ee7d8fb4e091f1c04088a026034bf3e7d7f6e5
-
Filesize
411KB
MD58edfb31fdb778484d432e2c04df8f141
SHA1073340d14e8610c40a726123ddeebe4b30609211
SHA256b443763155e7b4ae39d2825518fd21976d776b617596f9d978257ab4081e6cec
SHA51206281ca9b1178158f8a8a711257b70322ff0dd31c88ad25e555d62c192078b4c2f61beaf7dd046aad4ec0371f7e193d79ab0724da3a523d41a2c6851be32641d
-
Filesize
290KB
MD50fa7f75583186fce2e0d66c602c9aab6
SHA13d120f7bc77710a62307e13c4cfdeaa038f7f60b
SHA256c5c6c83ce0058abf7ce8218ac9a607f284765821ee63b6ff9dc5cb3091cf9221
SHA5124f302df54bc39113972c5420303023a8fe832e06ed186a4f57851c8ffa1015dcb7b44212a8b6288f2942e279f0fcaf9b3f866e41010047773e0c9f099bb85b1c
-
Filesize
243KB
MD522a97806d48c30966ac6dbae23296295
SHA1f340a2dd610e8660b5f343422b57f205ef950a1a
SHA2568eb673971275d8f0b5470206815e42e1cb2587a12ae3cdbc0b8b2377f8fed096
SHA51293cef5ded77d7a99ce8272553598402e39e740ae132d2e40ed3c30c9234519b450bf6f30cabae3f3e920f997072b902a9e4aff28c92a75c02f1393cc56576898