Overview

overview

4

Static

static

1

SecuriteIn...90.exe

windows7-x64

4

SecuriteIn...90.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    143s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-04-2024 09:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Program.Unwanted.5387.22209.3690.exe

  • Size

    30.9MB

  • MD5

    f21ac45378def6701936925c94cceaee

  • SHA1

    c783d5565dd9b5ebca3dba635f488f8bc4e2a453

  • SHA256

    fe38389b7c9e5c5522ed3df1c64da2109715481189ae5011f6c8f425554f7dfb

  • SHA512

    9f1568f608bcccc1c82e3f547b0a1f4884ccfe3a3cdc445d457fe5c7ebf34fca39750ad2b9c6419adbe95cb72e758dfdcbb6a585630503b63e75073d526afe41

  • SSDEEP

    786432:UFnShjsZHgskk7aj2xAgODhYc7lCUt9ROXBV:GnShCHg87aj2+gMjMiOXBV

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.5387.22209.3690.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.5387.22209.3690.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2804
    • C:\Users\Admin\AppData\Local\Temp\is-56HF3.tmp\SecuriteInfo.com.Program.Unwanted.5387.22209.3690.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-56HF3.tmp\SecuriteInfo.com.Program.Unwanted.5387.22209.3690.tmp" /SL5="$7011E,31395176,1233408,C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.5387.22209.3690.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\is-56HF3.tmp\SecuriteInfo.com.Program.Unwanted.5387.22209.3690.tmp
    Filesize

    3.4MB

    MD5

    318ec317f2bdd93626a7decee0d8d394

    SHA1

    0e31261c64081bccb853e49a9312d4f5c2d57866

    SHA256

    ce398d19353f44168c9d6cf3cabae95b4c4c963f39a8ac8604e088c3ef01dd18

    SHA512

    9273f4bf46b717a7b2cd9a2aaf68174040bf2bc090341af50ebfa0ba17e30e535979133a0964d4afbfd00052bd03d570474d52139fb457b8d573808788df3306

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-OSTRG.tmp\isskin.dll
    Filesize

    363KB

    MD5

    b31ad1bacfd7c51f35e052b8c7047d44

    SHA1

    ba58ae4a4a28cd2a4c2a7b85d260e105fa6e79de

    SHA256

    117ae53cf3e8bc95e6297a15d8365efd792da04df90744d4e244bbf72075ccc3

    SHA512

    2a4c0d3f7065a9272bd70e8fd121e80d9c4e3d9089285841b245790f4789704c27cb88333ddbf3bbecbc26af926b7ffd7a722352c7f418c84a9087cb1a748368

    Download Submit

  • memory/2052-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2052-15-0x0000000000400000-0x0000000000775000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2052-18-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2804-1-0x0000000000400000-0x000000000053A000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2804-14-0x0000000000400000-0x000000000053A000-memory.dmp

    Filesize

    1.2MB

    Download