Overview

overview

10

Static

static

3

SecuriteIn...06.exe

windows7-x64

10

SecuriteIn...06.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/03/2024, 05:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win32.RATX-gen.10106.exe

  • Size

    835KB

  • MD5

    fffd00554f9eff0313f8ee3eb48c6673

  • SHA1

    ef6bdf24d50780c9d9eda13ef7e226e3f3ac1c0d

  • SHA256

    331d7e76582739e0f13e1405aced8b89f977a595c80c2e481ae74b4189141760

  • SHA512

    a81404b167bed36133bd17278a2b7155707d91c18d2afeb16f7f9f9c2315a404873454427fa879f534a13d23475eb7c25b3f388c31d8f01bc79171b088c3f9b4

  • SSDEEP

    12288:2ipwLdPgOY1kUMuYN/FKaHrQd0S10DsJs2WzCGRmXTWLRcMgEXjwRZQP0eX:2iuIOY2jNIaW0S+7zCw4IbwRaPd

Score
10/10
neshtapersistencespywarestealer

Malware Config

Signatures

  • Detect Neshta payload 5 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.10106.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.10106.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:220
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.10106.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.RATX-gen.10106.exe"
      2⤵
      • Checks computer location settings
      • Modifies system executable filetype association
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Modifies registry class
      PID:3708
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4424 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:5012

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe
            Filesize

            2.4MB

            MD5

            005bb61690dfa6bf5cde063e7488d5c7

            SHA1

            8440e257e01c9496214092feebb1329be6d4f1cb

            SHA256

            c07241f48669ea70c07ea6240a986b2237427e442787ba1e26162e3728f8a56d

            SHA512

            83471d56a43e6a5d79ab7d2faf6eada2833e8812a919e9bbeefec9aa3c427527a7c03505e01969d2bfabbf91f5545535f9c46bc6ce0861f86553333adabcdbf2

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\3582-490\SecuriteInfo.com.Win32.RATX-gen.10106.exe
            Filesize

            794KB

            MD5

            68b71afc055924b3bc95817458ca35de

            SHA1

            aa83e9254af37d0da319df3da00e79ed871f860e

            SHA256

            817973d53046e32bb25613201c54a25d929e73f5270f343fe09ac62e8fbb982a

            SHA512

            f324b8ea9029ad79c626400560b4f37fc96cd4e7d21b5ff04c9f89f33bb83785f166247d3fa035ed0efad52c5f15ad52237ce74acc86230f0305df374664be47

            Download Submit

          • memory/220-10-0x0000000005EA0000-0x0000000005F2C000-memory.dmp

            Filesize

            560KB

            Download

          • memory/220-11-0x0000000008B60000-0x0000000008BFC000-memory.dmp

            Filesize

            624KB

            Download

          • memory/220-4-0x0000000005AE0000-0x0000000005AF0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/220-5-0x0000000005AA0000-0x0000000005AAA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/220-6-0x0000000005A90000-0x0000000005AA6000-memory.dmp

            Filesize

            88KB

            Download

          • memory/220-7-0x0000000074CB0000-0x0000000075460000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/220-8-0x0000000005CF0000-0x0000000005CFC000-memory.dmp

            Filesize

            48KB

            Download

          • memory/220-9-0x0000000005D10000-0x0000000005D1E000-memory.dmp

            Filesize

            56KB

            Download

          • memory/220-0-0x0000000074CB0000-0x0000000075460000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/220-3-0x0000000005AF0000-0x0000000005B82000-memory.dmp

            Filesize

            584KB

            Download

          • memory/220-1-0x0000000000FC0000-0x0000000001096000-memory.dmp

            Filesize

            856KB

            Download

          • memory/220-2-0x0000000006000000-0x00000000065A4000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/220-18-0x0000000074CB0000-0x0000000075460000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/3708-15-0x0000000000400000-0x000000000041B000-memory.dmp

            Filesize

            108KB

            Download

          • memory/3708-14-0x0000000000400000-0x000000000041B000-memory.dmp

            Filesize

            108KB

            Download

          • memory/3708-13-0x0000000000400000-0x000000000041B000-memory.dmp

            Filesize

            108KB

            Download

          • memory/3708-12-0x0000000000400000-0x000000000041B000-memory.dmp

            Filesize

            108KB

            Download

          • memory/3708-69-0x0000000000400000-0x000000000041B000-memory.dmp

            Filesize

            108KB

            Download