Overview

overview

8

Static

static

3

SecuriteIn...00.exe

windows7-x64

3

SecuriteIn...00.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    140s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-03-2024 14:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win32.TrojanX-gen.6000.exe

  • Size

    831KB

  • MD5

    cd2747fbc6e7c4caf42d4d863a69792f

  • SHA1

    ff4aa4aa60373f808b62de5fa2bac4deac817644

  • SHA256

    69d1e288d7a88cca768aaec4cfd0b05d2319c910e1d8a872b40148656d042969

  • SHA512

    2240d6d89c1affe45f30d026cc707c53916f19ecf58204d24e3ac5b245da67fb59847dbc0ddad7adba4ea9afe41047a7bd6dd90a2912257ab6c8800dac8186cc

  • SSDEEP

    12288:yN9d1yTGrYZ9bZAMa504xdrDZKb8ZZvzedCRKd/BadIS67pWfir:cPrYZ9A504xdrDZKb8ZZvzeIQ5BadOh

Score
8/10
persistence

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.TrojanX-gen.6000.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.TrojanX-gen.6000.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:724
    • C:\Users\Admin\AppData\Local\TrioNet\Trio.Net.exe
      "C:\Users\Admin\AppData\Local\TrioNet\Trio.Net.exe" C:\Users\Admin\AppData\Local\TrioNet\Trio.Net.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of AdjustPrivilegeToken
      PID:3560

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\TrioNet\Newtonsoft.Json.dll
    Filesize

    639KB

    MD5

    2b770cea3a15c2b0eb36e9061ac5bc64

    SHA1

    b0c61c2e026fe4ebc2814ada65a6d17e7b0a604f

    SHA256

    1c245f4c85c2ada130bc59942c90b701c24c06edbe3eb25838ed8de4f852535c

    SHA512

    b5ce67a8558f37ffc6b85ee911808466aa3bb0f38dbcf6a221f7adb55e112f18aa7128244aa70bb2c0e36ec6082e94c8654d827c76dee71ae39e6bbdbe824bda

    Download Submit
  • C:\Users\Admin\AppData\Local\TrioNet\RestSharp.dll
    Filesize

    165KB

    MD5

    54842df150e2cff6c457bc51522a7d00

    SHA1

    d4252f823034a87f2b27750aeb5d167fc67f4d32

    SHA256

    0a74d75dfbf2193390969008ec0f6eceb29c8b20363e05192c959b0fac12f231

    SHA512

    0840ba54b2de6aa7ab865f5b792262c09a74c39cb9b9394a7f1737df7e9ffae767cd908f6a0760755a11c70cd7bd35fd6ee516009489e6225cad72c39ad0dc1c

    Download Submit
  • C:\Users\Admin\AppData\Local\TrioNet\Trio.Net.exe
    Filesize

    6KB

    MD5

    e806729db3ae4dc37c042d8f1002a6e2

    SHA1

    d2c53d95fc6588feaa7ca60e389ed014e3c1490a

    SHA256

    85f28d66c4b7b400c7c7a39076c5bea56adfeb2e7bedcbcd5bbef9f759b16bd1

    SHA512

    90041fa3d40b153458d3be9c4e36cdcb36aa294172c7b5d8c875e64b21b4993ceef3611beeac417020dadce408ac5706da26f2f2ac4e7988cf390bfe16241242

    Download Submit
  • C:\Users\Admin\AppData\Local\TrioNet\TrioSdk.Support.dll
    Filesize

    18KB

    MD5

    fe88c0800f0decdcb69c4485a278a707

    SHA1

    0f051a6174cd80b2a8c36885504774b2bb0a460c

    SHA256

    51d00c20fdbd2ebd37d14519114a9660a435120b28a5acac1d7aca9915e4b2eb

    SHA512

    0b6bef9f60cfb020b8aedc778f573d4ce9bcb93030ff62a28377b91663b78cf522087949449f15889d795303bc9619b286f7471ab8952ec017310dce639122bc

    Download Submit
  • memory/724-24-0x0000000074640000-0x0000000074DF0000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/724-0-0x0000000000B80000-0x0000000000C56000-memory.dmp
    Filesize

    856KB

    Download
  • memory/724-1-0x0000000074640000-0x0000000074DF0000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/724-12-0x0000000005690000-0x00000000056A0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/724-2-0x0000000005690000-0x00000000056A0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/724-8-0x0000000074640000-0x0000000074DF0000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/3560-23-0x0000000004B00000-0x0000000004B30000-memory.dmp
    Filesize

    192KB

    Download
  • memory/3560-17-0x0000000000B70000-0x0000000000B7A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/3560-18-0x0000000074640000-0x0000000074DF0000-memory.dmp
    Filesize

    7.7MB

    Download
  • memory/3560-13-0x00000000002F0000-0x00000000002F8000-memory.dmp
    Filesize

    32KB

    Download
  • memory/3560-29-0x0000000004C20000-0x0000000004C30000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3560-28-0x0000000004C30000-0x0000000004CD6000-memory.dmp
    Filesize

    664KB

    Download
  • memory/3560-30-0x0000000005660000-0x0000000005682000-memory.dmp
    Filesize

    136KB

    Download
  • memory/3560-31-0x00000000056A0000-0x00000000059F4000-memory.dmp
    Filesize

    3.3MB

    Download
  • memory/3560-33-0x0000000074640000-0x0000000074DF0000-memory.dmp
    Filesize

    7.7MB

    Download