97d40af833e3b836bc8d0d5de03f3f7a6fd36a01d77fe3cd0b342aba0a68eb84

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 05:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.Dh-A.21284.25347.exe
Size

12KB
MD5

b42757d57c78e0f21cc00afc228af7be
SHA1

af8052d55b666a80cf0c4ef426233bd9e1116180
SHA256

97d40af833e3b836bc8d0d5de03f3f7a6fd36a01d77fe3cd0b342aba0a68eb84
SHA512

97f3c5a83341d29e431964a0137fed8a8fbc5ea38b9b2f86ddb69355b1af086c384de61c4ae04c232ff45051dc075a7f9fecb0aea400054e618cab211f4c0f5e
SSDEEP

192:MdMT5aIVSlvlib6oEwCc+0U6osy7Aihpvi1U4t+mNj4WlJdxqHiYrJ:9hKUrlj03erNj4WlJj+

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 13 IoCs

pid	Process
4024	240603051912430.exe
2764	242603051925399.exe
1228	242603051937086.exe
2460	242603051947946.exe
3384	242603051958461.exe
4856	242603052010102.exe
1508	242603052020977.exe
4524	242603052032696.exe
3236	242603052043524.exe
4348	242603052053789.exe
4924	242603052103758.exe
4896	242603052114180.exe
3804	242603052125305.exe

Suspicious use of WriteProcessMemory 52 IoCs

description	pid	Process	procid_target
PID 600 wrote to memory of 540	600	SecuriteInfo.com.Win32.Dh-A.21284.25347.exe	93
PID 600 wrote to memory of 540	600	SecuriteInfo.com.Win32.Dh-A.21284.25347.exe	93
PID 540 wrote to memory of 4024	540	cmd.exe	94
PID 540 wrote to memory of 4024	540	cmd.exe	94
PID 4024 wrote to memory of 4440	4024	240603051912430.exe	95
PID 4024 wrote to memory of 4440	4024	240603051912430.exe	95
PID 4440 wrote to memory of 2764	4440	cmd.exe	96
PID 4440 wrote to memory of 2764	4440	cmd.exe	96
PID 2764 wrote to memory of 3528	2764	242603051925399.exe	98
PID 2764 wrote to memory of 3528	2764	242603051925399.exe	98
PID 3528 wrote to memory of 1228	3528	cmd.exe	99
PID 3528 wrote to memory of 1228	3528	cmd.exe	99
PID 1228 wrote to memory of 552	1228	242603051937086.exe	100
PID 1228 wrote to memory of 552	1228	242603051937086.exe	100
PID 552 wrote to memory of 2460	552	cmd.exe	101
PID 552 wrote to memory of 2460	552	cmd.exe	101
PID 2460 wrote to memory of 564	2460	242603051947946.exe	102
PID 2460 wrote to memory of 564	2460	242603051947946.exe	102
PID 564 wrote to memory of 3384	564	cmd.exe	103
PID 564 wrote to memory of 3384	564	cmd.exe	103
PID 3384 wrote to memory of 4072	3384	242603051958461.exe	104
PID 3384 wrote to memory of 4072	3384	242603051958461.exe	104
PID 4072 wrote to memory of 4856	4072	cmd.exe	105
PID 4072 wrote to memory of 4856	4072	cmd.exe	105
PID 4856 wrote to memory of 1688	4856	242603052010102.exe	106
PID 4856 wrote to memory of 1688	4856	242603052010102.exe	106
PID 1688 wrote to memory of 1508	1688	cmd.exe	107
PID 1688 wrote to memory of 1508	1688	cmd.exe	107
PID 1508 wrote to memory of 4172	1508	242603052020977.exe	108
PID 1508 wrote to memory of 4172	1508	242603052020977.exe	108
PID 4172 wrote to memory of 4524	4172	cmd.exe	109
PID 4172 wrote to memory of 4524	4172	cmd.exe	109
PID 4524 wrote to memory of 1068	4524	242603052032696.exe	110
PID 4524 wrote to memory of 1068	4524	242603052032696.exe	110
PID 1068 wrote to memory of 3236	1068	cmd.exe	111
PID 1068 wrote to memory of 3236	1068	cmd.exe	111
PID 3236 wrote to memory of 4860	3236	242603052043524.exe	112
PID 3236 wrote to memory of 4860	3236	242603052043524.exe	112
PID 4860 wrote to memory of 4348	4860	cmd.exe	113
PID 4860 wrote to memory of 4348	4860	cmd.exe	113
PID 4348 wrote to memory of 2196	4348	242603052053789.exe	114
PID 4348 wrote to memory of 2196	4348	242603052053789.exe	114
PID 2196 wrote to memory of 4924	2196	cmd.exe	115
PID 2196 wrote to memory of 4924	2196	cmd.exe	115
PID 4924 wrote to memory of 860	4924	242603052103758.exe	116
PID 4924 wrote to memory of 860	4924	242603052103758.exe	116
PID 860 wrote to memory of 4896	860	cmd.exe	117
PID 860 wrote to memory of 4896	860	cmd.exe	117
PID 4896 wrote to memory of 3828	4896	242603052114180.exe	118
PID 4896 wrote to memory of 3828	4896	242603052114180.exe	118
PID 3828 wrote to memory of 3804	3828	cmd.exe	119
PID 3828 wrote to memory of 3804	3828	cmd.exe	119

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.21284.25347.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.21284.25347.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\240603051912430.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:540
- - C:\Users\Admin\AppData\Local\Temp\240603051912430.exe
    C:\Users\Admin\AppData\Local\Temp\240603051912430.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4024
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603051925399.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\242603051925399.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603051925399.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2764
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603051937086.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\242603051937086.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603051937086.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1228
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603051947946.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\242603051947946.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603051947946.exe 000004
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603051958461.exe 000005
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\242603051958461.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603051958461.exe 000005
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603052010102.exe 000006
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\242603052010102.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603052010102.exe 000006
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603052020977.exe 000007
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\242603052020977.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603052020977.exe 000007
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1508
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603052032696.exe 000008
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\242603052032696.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603052032696.exe 000008
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4524
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603052043524.exe 000009
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\242603052043524.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603052043524.exe 000009
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3236
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603052053789.exe 00000a
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\242603052053789.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603052053789.exe 00000a
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4348
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603052103758.exe 00000b
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\242603052103758.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603052103758.exe 00000b
        23⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4924
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603052114180.exe 00000c
        24⤵
        Suspicious use of WriteProcessMemory
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\242603052114180.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603052114180.exe 00000c
        25⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603052125305.exe 00000d
        26⤵
        Suspicious use of WriteProcessMemory
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\242603052125305.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603052125305.exe 00000d
        27⤵
        Executes dropped EXE
        
        PID:3804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\240603051912430.exe

Filesize
13KB

MD5
5f84aba6b916ca45ab75abe4c61756dd

SHA1
47b59411200d1145658d3bb13b327cd11c5f62d4

SHA256
309c9aa9dcfe81c03e60ca69cff938086b6daef055f268072d10327477ad5fb7

SHA512
3d9497dcee27c5c5c07abe41791cdf22bab274d3e36c2abfb0da8d5d7c15e774faa64d692959f3f0c91da05f132169b6e1bc9e6882a2b3d73e294c2bdf145e85

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603051925399.exe

Filesize
12KB

MD5
06c5309b27f70d69f0722e40a3bedb86

SHA1
3ed31979c978df90cc97d6f06b53659c414d15f2

SHA256
49e64eac104bbb1bd9693ea1010549befed99c60221fa732fa493a6f2a169e57

SHA512
b96515899652c2dcc6e7919bf817456ca04c2f5a843417c982ea600ded17ef910553487338910e4ed72bc8446d05a4150a019064e0b76dafc7a383cb05d514ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603051937086.exe

Filesize
13KB

MD5
4b574ac1f94c27aed7720ed00a0e8e4f

SHA1
c97a8aa14a5bede180ff93c6c8738b583111609b

SHA256
668d1020bb5e6a7e455f73a1b37f0e1f02c0998dc7f5663b602a3c6899cf5bb1

SHA512
64ee1607aa744c8223fb685d03a74d0f6020f52af832df501e652efe9760877a112d0e7a16b6abb03e42b7b142a5cd4339f72383366ec3f5b7a1d44f7ce4efc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603051947946.exe

Filesize
13KB

MD5
ef2b4629d2aab36c014b9d2ceeb5a5e3

SHA1
13947d2175643135ee5240df2425b58b0224edc6

SHA256
dad462ba4b1d7c389c6e521d0c6da53ed7c54e533e4fa5b997723d6fb6198d3e

SHA512
914d0d8e956084aab214bc8814a0c673d3e7a22321f3211c10cfafa6ab225991f139bbc142785e9c338c453fa2ba380249a3272876274a73db0db99c21a8e8a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603051958461.exe

Filesize
13KB

MD5
7847cff83fdce72513f3be22640b1848

SHA1
ea948e548e3c6017865a13456511848f2aa63deb

SHA256
35ff2da77bcc1f1f1c44e494ec3e4baf106eda5f507c10c294f8c87d3146200c

SHA512
ea33d2602d25d95693727d8690f0b7b84bd0f1cdf26dcd26d73a2e943efa2f4f6a1dfe1ddd6e8e80e17d176cc5747e5c437e0cedbd25cf23c90d6112cae5a416

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603052010102.exe

Filesize
13KB

MD5
cccb11f4e7118852661680c69a95ccc1

SHA1
86eda47af4f18ba9325989b0e40ddd6d9e985f11

SHA256
32f11352c8802de3ab9b0edbd9786d1f41876a47f7ec86622f4e203078ca7198

SHA512
8a038ed456d351bdf95bedaa6884904ac9ffe80fc40cf6cedf3a14409cdc394910bb1f3fb7eb35bb8a8a8aac66ad4795e6b49a5a7c18c111a4502741e1d9a5f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603052020977.exe

Filesize
12KB

MD5
aca0c94d924e906663e4465e81076017

SHA1
14fcd2d07b003a9d34f9977d5279d219d8414f5f

SHA256
2db692bb5c57c6d939f536a28d809686117dba957dc7d500eda7200fbfed1099

SHA512
49d86eb87aa7ceea581b6a2aa03dca280fafe586aa0932aa77f19fabe81d68cea1b4b4352804a07b92cdda6eb3fe6a2ed1a5d910ba27a77e761a2ed9a34b7925

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603052032696.exe

Filesize
12KB

MD5
860843f008851896664f74d1d03197a5

SHA1
32f14165260863b4d3a328545d64ca7461df768e

SHA256
7b4598f270ee2049054d00d22eb7683b8dabef2690658a2499bca7e98652ae43

SHA512
6e3e5a9c265082ae97787bdb80b7a69dbaced98d9bfda664ffb141d4a77b21b3f7bb44b2c97c718504da88e0d540eb8d0fe7916b6d12eff7cd1ac74a18fe1dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603052043524.exe

Filesize
12KB

MD5
c998f73cc8c7752e32d05c791b2412db

SHA1
41739ffb17dbce80529b116311b0b2ce8d5ad8e6

SHA256
6225e3fe85293f6b7d00529859493506f416c2891bc55cc2fb86aaee19d15d23

SHA512
8a741405cba610f86468d229bae4259e13ee048db8a29e2bf1fd27151b0a4046793357aaaf4440f591e407b2a8d097b7acef8a73e8ba2e4defc027d0f8e2159d

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603052053789.exe

Filesize
13KB

MD5
e393083ca862f8c7feaaf930ea54f943

SHA1
2ac05136ee09f69d3a9647213a13077a5313de02

SHA256
6bf80c3a8609b1e640e45a27046856f782d916f5839eb80208ef5ab791ac219c

SHA512
641d25b63310554042a9098b7f0934c605b45bfad1772aff2fa88f84bff18c3b153547b53121b8217a3dc42260cf29b33f7bda6ae44738243b34f8e321b981e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603052103758.exe

Filesize
13KB

MD5
e71aba95b3c32e24199270356e44ba41

SHA1
5a74b0eee95b4e2846bed18f0e28c775b1f51ba2

SHA256
2e898215100b099292aadbc6c51813e26d16b13e5468b29c574a6a6d5c47ff8c

SHA512
c9abad17206850ff0aa781d1dc7d895e1f4850179605c81d743689837e9560368a2228bc18d6c25f1a0765c84ddbef0976a6e2870be33f2cd213164427da6255

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603052114180.exe

Filesize
13KB

MD5
e23b4fc6cffeffca043b09d3d7faaa84

SHA1
2848aee49b7e931b60e6b07ecab63deca6a839e7

SHA256
3d00a57e29fcbc9ab4538e5289a35e60e86eba5b5d830575c77924ece0448324

SHA512
b7e870f061adae41eadccedb81aee5209a3c0990f1c7988fbe581099172d5c1a09c1f81f21c5562e64677cbfc12384d09bc5a9d891099e9d59bd8cea4537d898

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603052125305.exe

Filesize
12KB

MD5
e8bcd089d51779c11696f6e12d61a7f9

SHA1
690b7098da9a4a537536442c719c02b6f186d139

SHA256
31403802245faf0cb3bb6f1eb067b25d3c11edae032fd7c0933fb8ddc2b7c950

SHA512
b85c486543ad933ee2ed0c5dd5bcd16eba54df4d1e64248b44d0cc854117632aa45372c2d65976b0237cf4b0bc2343ba6dd3f408d920f1a9953f0f50b7a099b2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads