fef656d6889a0f1cf5606183370b2fd0be6c539ab26904aaf927c48c3b5c1a8f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-06-2024 04:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.Dh-A.17036.13754.exe
Size

12KB
MD5

f54ea905fd028e9c3af2e94174dd511f
SHA1

3030da94013e5acd88ecdd51df30f20ea8ee56a7
SHA256

fef656d6889a0f1cf5606183370b2fd0be6c539ab26904aaf927c48c3b5c1a8f
SHA512

38856261a05b558239b7ea951e74b5332dff95799a93e8075291fee07e26066291b63a1d4a685e5e3921f2c66ad6db98cb4bf1c8f84523b4e6138f79008fe85f
SSDEEP

192:KVoT5SYGiyj6i3i3uDxcu76l81A9RBpZ5a2yViQeGVwWlJdxqHue:HZG5H3o+6BBAUQraWlJj+

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 13 IoCs

pid	Process
3588	240603042008452.exe
4632	242603042018218.exe
2424	242603042027859.exe
3768	242603042037327.exe
1164	242603042047812.exe
2484	242603042105046.exe
216	242603042116405.exe
1276	242603042126468.exe
1528	242603042137327.exe
964	242603042146968.exe
2596	242603042156812.exe
2536	242603042209187.exe
4372	242603042219109.exe

Suspicious use of WriteProcessMemory 52 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 3540	1876	SecuriteInfo.com.Win32.Dh-A.17036.13754.exe	93
PID 1876 wrote to memory of 3540	1876	SecuriteInfo.com.Win32.Dh-A.17036.13754.exe	93
PID 3540 wrote to memory of 3588	3540	cmd.exe	94
PID 3540 wrote to memory of 3588	3540	cmd.exe	94
PID 3588 wrote to memory of 1388	3588	240603042008452.exe	97
PID 3588 wrote to memory of 1388	3588	240603042008452.exe	97
PID 1388 wrote to memory of 4632	1388	cmd.exe	98
PID 1388 wrote to memory of 4632	1388	cmd.exe	98
PID 4632 wrote to memory of 3900	4632	242603042018218.exe	99
PID 4632 wrote to memory of 3900	4632	242603042018218.exe	99
PID 3900 wrote to memory of 2424	3900	cmd.exe	100
PID 3900 wrote to memory of 2424	3900	cmd.exe	100
PID 2424 wrote to memory of 4548	2424	242603042027859.exe	103
PID 2424 wrote to memory of 4548	2424	242603042027859.exe	103
PID 4548 wrote to memory of 3768	4548	cmd.exe	104
PID 4548 wrote to memory of 3768	4548	cmd.exe	104
PID 3768 wrote to memory of 4440	3768	242603042037327.exe	105
PID 3768 wrote to memory of 4440	3768	242603042037327.exe	105
PID 4440 wrote to memory of 1164	4440	cmd.exe	106
PID 4440 wrote to memory of 1164	4440	cmd.exe	106
PID 1164 wrote to memory of 1960	1164	242603042047812.exe	108
PID 1164 wrote to memory of 1960	1164	242603042047812.exe	108
PID 1960 wrote to memory of 2484	1960	cmd.exe	109
PID 1960 wrote to memory of 2484	1960	cmd.exe	109
PID 2484 wrote to memory of 4716	2484	242603042105046.exe	110
PID 2484 wrote to memory of 4716	2484	242603042105046.exe	110
PID 4716 wrote to memory of 216	4716	cmd.exe	111
PID 4716 wrote to memory of 216	4716	cmd.exe	111
PID 216 wrote to memory of 2160	216	242603042116405.exe	112
PID 216 wrote to memory of 2160	216	242603042116405.exe	112
PID 2160 wrote to memory of 1276	2160	cmd.exe	113
PID 2160 wrote to memory of 1276	2160	cmd.exe	113
PID 1276 wrote to memory of 4180	1276	242603042126468.exe	114
PID 1276 wrote to memory of 4180	1276	242603042126468.exe	114
PID 4180 wrote to memory of 1528	4180	cmd.exe	115
PID 4180 wrote to memory of 1528	4180	cmd.exe	115
PID 1528 wrote to memory of 4852	1528	242603042137327.exe	123
PID 1528 wrote to memory of 4852	1528	242603042137327.exe	123
PID 4852 wrote to memory of 964	4852	cmd.exe	124
PID 4852 wrote to memory of 964	4852	cmd.exe	124
PID 964 wrote to memory of 904	964	242603042146968.exe	125
PID 964 wrote to memory of 904	964	242603042146968.exe	125
PID 904 wrote to memory of 2596	904	cmd.exe	126
PID 904 wrote to memory of 2596	904	cmd.exe	126
PID 2596 wrote to memory of 468	2596	242603042156812.exe	127
PID 2596 wrote to memory of 468	2596	242603042156812.exe	127
PID 468 wrote to memory of 2536	468	cmd.exe	128
PID 468 wrote to memory of 2536	468	cmd.exe	128
PID 2536 wrote to memory of 3748	2536	242603042209187.exe	132
PID 2536 wrote to memory of 3748	2536	242603042209187.exe	132
PID 3748 wrote to memory of 4372	3748	cmd.exe	133
PID 3748 wrote to memory of 4372	3748	cmd.exe	133

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.17036.13754.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.17036.13754.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\240603042008452.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3540
- - C:\Users\Admin\AppData\Local\Temp\240603042008452.exe
    C:\Users\Admin\AppData\Local\Temp\240603042008452.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3588
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603042018218.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\242603042018218.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603042018218.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4632
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603042027859.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\242603042027859.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603042027859.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2424
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603042037327.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\242603042037327.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603042037327.exe 000004
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603042047812.exe 000005
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\242603042047812.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603042047812.exe 000005
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603042105046.exe 000006
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\242603042105046.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603042105046.exe 000006
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603042116405.exe 000007
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\242603042116405.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603042116405.exe 000007
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603042126468.exe 000008
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\242603042126468.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603042126468.exe 000008
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1276
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603042137327.exe 000009
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\242603042137327.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603042137327.exe 000009
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1528
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603042146968.exe 00000a
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\242603042146968.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603042146968.exe 00000a
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:964
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603042156812.exe 00000b
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\242603042156812.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603042156812.exe 00000b
        23⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2596
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603042209187.exe 00000c
        24⤵
        Suspicious use of WriteProcessMemory
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\242603042209187.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603042209187.exe 00000c
        25⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603042219109.exe 00000d
        26⤵
        Suspicious use of WriteProcessMemory
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\242603042219109.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603042219109.exe 00000d
        27⤵
        Executes dropped EXE
        
        PID:4372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\240603042008452.exe

Filesize
12KB

MD5
78ac0d80dee18fafad33199261832748

SHA1
4d3b06d119dd54a998d8a37dfec948da8db9c452

SHA256
5c9a57c0a9f5b215d4e065fef29d8eb96978c089c20cb9ede3a91cfb5b6d7b63

SHA512
7902071be00bc0131c839c5f35ca9eb127010e966ca8f0f51c8130db280cb0e3e7b4ec20b5f6ee50c5d05679cec65325a2e6378dd23679ff4e92784d7f1120ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603042018218.exe

Filesize
13KB

MD5
11f699fc66952753f3770d4fd4d0e802

SHA1
cbc06befe6102b8d01734b418d951c1cc7bff037

SHA256
e64b5c6d685ed0f70a2e063edaf54e4a44acc313655a512d242960ffa514ccac

SHA512
80acb77c7c75f1632aaa571621619c6b271e0b7b7e7ecabaf87869f065835fa472e388bab7b947c99d5ba646f823b800ed22a08697ba051f48c2238168a7f8c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603042027859.exe

Filesize
13KB

MD5
769f71e762394d40c2ee17d5915a24bf

SHA1
61c404c0b4f80af2e8acaaa036c91c9fc1fdd2d9

SHA256
1f823b7ccc28295ec63800ee4e8b413a255e5427b5d2ae878aabf6c7d8db6594

SHA512
b3729344038accd808d04cccd3b544da46be1ed192e834db08884efdfd7fee3f7912fd30cf7aac3b50463dd4b3fc2e58025c73e4bbb6163e2586fd6f4a4d38f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603042037327.exe

Filesize
13KB

MD5
a9628bb47331ea9ffbee18e62e60d519

SHA1
31da9f89032cabbf48c70313f8135ebfa9bb54e0

SHA256
45f898da81b9cd13e321f72a3c2d642b90d565ae09d52e7644f03ccf8efc4579

SHA512
c6e7e362626e95622cb91d506b090df58a30ee5c05ed5f9d7e5dc3310181b83f9d5d930bec125c15ad279574957f4bfd756b26b21e26da407b47a2afba932b56

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603042047812.exe

Filesize
13KB

MD5
57366b3d064fa5b1a5756d018c5c90f2

SHA1
f950e98c37a765b1fa0b29ad0b3df5733be9c48e

SHA256
33fc1471c1310cf3f4c19493e971f25b5a18efed571c6e22cc2d5029002d4fe1

SHA512
ca67620d42c2f877df586e14fa4c84a361162594f0f3b9fdb7f4f30a49be0ce2c70cf50fdba9581e167d39df57ac1d4820eb413ae9959ea8faf90dac1d8f419b

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603042105046.exe

Filesize
12KB

MD5
90f17e08162f42d8aa2ec83c36496f11

SHA1
84e86e9d33ff4e3b474e8d611152480ac3e76d81

SHA256
af5c27f0e54cb2e3771d6dabc0aa2d5b78c61f3b7beba5acaec00fe257d6f0d8

SHA512
f9b897ec1aac3b09fbc11b1c746b93cea41dc78cea7e993a64b8e6f169b48d288c01515eef004d556362df658ab8a8e56991f67c1c399cb5222055c9c1084e75

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603042116405.exe

Filesize
13KB

MD5
4e32d6cbe8fe8fbe275671de7954bc69

SHA1
b362faf0a4f64a40b2cb782d411293732245712a

SHA256
3bdc45d5776f619202e45adf9534207aa8d36f93cfd174fd49366cb8274730b9

SHA512
065e70e4113c5eb58e54d8dd16e396acaef104b2362c386bcfbac934e60827c2a75ec9041fcd38197f85dc73b996df8b3e335355f61e0ca3dfdd47c617b8473b

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603042126468.exe

Filesize
12KB

MD5
808e11508122d3c0837c1a8ecb0c0dd3

SHA1
8ea18717ccea3b21255d248a77a69eddf0865039

SHA256
9b16eddb288401a9e57e68fdb7428983d29f691a52de64ce40a683fd79bcf9d0

SHA512
4ddf0c5b803fad1dd902dd8ac91a320ab7c6dfc3218f35d75161c6a0062b92f725d5f6304e4c936c443e1e6211c10725fab5d3a3fba0ea5ee5660252fe6aaa34

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603042137327.exe

Filesize
12KB

MD5
42f6808d1bea05a5a29142b33af1d233

SHA1
d1431cc1b41b958719500a2161ede91b311a8748

SHA256
138ba0c37bf526da28818e328a8350e56dbc9001ac6de77a498bbcaa5de26416

SHA512
93ba3d93bfc9652cecf5e914741b370b5d99a5d754f4bb0fb979828bc135a0917d03083caa3c31147bc3ef1814923ee2fd89ef5aeb0d189f2120df26ed290804

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603042146968.exe

Filesize
13KB

MD5
8d57c2b67afc330266448747575ef7a0

SHA1
1ce3d85d6e722cf86940b3810e38b799825d4b04

SHA256
7031cd2e1039be19f7e10dbfa62ea26b3177de90e33b7f980b0cb36e1762a03d

SHA512
ddc6fc3e3c3ea073f8a114dbdb82c39ea413081923796ec6238b400db08e5c1a07ddf6bf93a7769f67fea308615bfab8462552b9c104a7132b1f6012a059ac50

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603042156812.exe

Filesize
12KB

MD5
46ec252fba0b8d2f6138e9300d614b03

SHA1
8c2cfa565f5723072e497f4c97e3d4096458cde9

SHA256
777fe32b511889cfeeb13ea36bba9a532a77ed4b54aebdfa750ae81471b733cf

SHA512
92a4b221480029e36b95b92a2fa4214f25f8eeb64d0148436be6f772c0e2c5483efd94bf72ac3216b78cc7a2d0cc35b2979233c619053d4894192c582a65d9e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603042209187.exe

Filesize
12KB

MD5
e15d574d971435b2b250d4968a0d66fd

SHA1
61b57de51ad8102f87e17d19399e2946ce734f70

SHA256
0b00c0e2ac30cb86ad597c16edfd2f86fc9fe0848b52bd0bcbb6b92e337e13e1

SHA512
0f4661f34fc9e9273fe403536c934e752678be85d5285335f71f31cce1c1bfe43d3c1cb9946c9dc9510e47cb2ae96f9cdea95fcd48d7495293d623e5c149d4ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603042219109.exe

Filesize
13KB

MD5
dbc55fa500870705998c4743e6c03768

SHA1
6a8f38a726804c2b1786937220a3af0339df52d8

SHA256
024c924a585ea3922c6ec899f69a482723cd6e10fe478b93d79b7f9d5d3bd8fa

SHA512
64213692cff4ea444dda6c957983ea444d1beeff14a9d7314116bc34ecf0b862e092ffc945072707943bf2f6cf963f7e31d922371e8a8bc7c8713a0af05b4fde

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads