Overview

overview

7

Static

static

3

SecuriteIn...06.exe

windows7-x64

7

SecuriteIn...06.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    25-03-2024 11:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.GenericKD.72064331.20544.29306.exe

  • Size

    3.6MB

  • MD5

    a7609e0f7ca5481ec2693ab6d779bbf6

  • SHA1

    334c909ef79fbcd74d659ba77e851d24bd556474

  • SHA256

    5be374c07abb0eaf554e553892894b3adef43aeda7460c12bc18178a546ccd9f

  • SHA512

    4374a98a90ea6c043b8e9767c552b364409f728180924e59b178ae61471b2daa07d457d2da618de221e6b742226562a0a7b1f52c2e2c56d60496c696543c2b1e

  • SSDEEP

    49152:YlOhBCfLUjME9UI7JJqWun8s3gt9LoHwjvTyXdC8fZOO:YCF9FtgTOvLMCzO

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.72064331.20544.29306.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.72064331.20544.29306.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:352
    • C:\Users\Admin\AppData\Local\Temp\Thien Nguyen Productions Framework.exe
      "C:\Users\Admin\AppData\Local\Temp\Thien Nguyen Productions Framework.exe" "\\.\pipe\FSC Utilities Plugin" "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.72064331.20544.29306.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar20E0.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Thien Nguyen Productions Framework.exe
    Filesize

    1.6MB

    MD5

    2c567b0c6317abaa6c43ebb39146552b

    SHA1

    1e89cdfa16bfc7036da15d0b8e0eb13228851e61

    SHA256

    1c8c2b3179d38d520b223e00ad5d1be0820c96652a579a46a3ad542820c4f461

    SHA512

    d8553a778279100ec01c194169540b5f6e3b3dc1fa146f31cc6c9dc5f920d0ba51c94423836b22d45dd3f085a17562a0460197545990511729271cba83cae078

    Download Submit

  • C:\Users\Admin\AppData\Roaming\FSC Utilities Plugin by Thien Nguyen\Environment.ini
    Filesize

    474B

    MD5

    e6007ddcb477d42412170e0156055cef

    SHA1

    3ecdc671b9547eee4bc4957e0603d9a184453fb9

    SHA256

    be81c504de3d2bbf534e73c0e89240b4590bb5f5b7cc5877a7e25ae9c8ef46d0

    SHA512

    83055b4f98661b0cf3af5925f7a145db7f48184c5e2765e6710b9f136ab11c06ead8317642a2e8bd27209fb5ad1b5e25074b027b9b97a62b55bbcdb2261845ec

    Download Submit

  • C:\Users\Admin\AppData\Roaming\FSC Utilities Plugin by Thien Nguyen\Profiles.ini
    Filesize

    60B

    MD5

    edbb4f96a38d6da14604488dd837b9c4

    SHA1

    8df083f6509ec2b4d38a0a24a844b64129cb9763

    SHA256

    834b565f173405f321437ee1b8fb496c0344f1339a50a40357864c0b2486d8cb

    SHA512

    3be209166dab8a675befc31cddd92e35e6c52a53f46ab6a73cf149f030f7d8dd1aba4f89ac8eda71c84a2a76bfce3f5846ec484962c89bc923c3089e2aceaf4e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\FSC Utilities Plugin by Thien Nguyen\Settings.ini
    Filesize

    68B

    MD5

    b2e216b466317e21dc938dcc5183f38d

    SHA1

    7b8aa5d340f6e129a3def3273363cc172d22622f

    SHA256

    b6693af03d8171440fc5fe4f4b9d659d396b30f4d6ebc9b58bef00d48cd97085

    SHA512

    9ab39aac078606d526e8acaaf5851ef5243d0daa3096d053eca73cf86edeeb0fde1999f9e861d4d840b4bce464505fd7efac1db0f95039667b1a38950909a7c4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\FSC Utilities Plugin by Thien Nguyen\data\Profile_Default.ini
    Filesize

    368B

    MD5

    4a893d35935fc4d2e3fc833a2cc3d657

    SHA1

    bceff8ef5670c0009da768d002ecec86bb2aca9a

    SHA256

    b751211963cbc569367995a80c2b3b9c1e68f0046027000c8d91c40795d2576a

    SHA512

    8ea50c33b238b9ab2184811fdb78f8313ce6264504d6440700c160c68924f6384f4511cfa5854feb17244fd1d97f64dde096f4604cb5011a9779ac0011f721d1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\FSC Utilities Plugin by Thien Nguyen\skin\fscup_footer.png
    Filesize

    2KB

    MD5

    fd438357674ede5a130a44a45064338d

    SHA1

    fbdceb6b3b3cc1fdb23516a992ce5cbba7c313fe

    SHA256

    579efe03b622dab59f4c93bdc3a103efc9023bab5b19fa9addd8a9cfaea76705

    SHA512

    1658c885fd71a5c1d042037aeecc638cd6ad74c96711ea5d2a5dfb90edfdbe2bd956d80deac876d76f227faefc39231619965100769f39d405599df9a20c8cad

    Download Submit

  • C:\Users\Admin\AppData\Roaming\FSC Utilities Plugin by Thien Nguyen\skin\fscup_header.png
    Filesize

    15KB

    MD5

    1560338db5246e4e5cc4a0de4847d80d

    SHA1

    1e74f45ff6976e01ea8e87a820eda8b9b807e18e

    SHA256

    4fcf053ecee2352207f7a7e5951401da9f97924bc7ab06c0c54e5c8451882e54

    SHA512

    9d4a13f08a7e2cdccaa0f1bbd891c01d66727fa7e8e76ca4f38ea0bf384927896e5a117d0855fc149099e1c1cea77e70ddbcf086f594b231ffcbdc0662c62f42

    Download Submit

  • memory/352-7-0x0000000002160000-0x0000000002260000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/352-8-0x0000000002160000-0x0000000002260000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/352-12-0x0000000002160000-0x0000000002260000-memory.dmp

    Filesize

    1024KB

    Download