Analysis Overview
SHA256
9571c5d7802cf03f83955038ee04c292cf4875c94153223ba1c635e3a74a1305
Threat Level: Likely malicious
The file SecuriteInfo.com.Win32.Dh-A.5400.13586.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:30
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:32
Platform
win7-20240508-en
Max time kernel
131s
Max time network
122s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.5400.13586.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.5400.13586.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:32
Platform
win10v2004-20240426-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242603133010336.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242603133020117.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242603133031899.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242603133042180.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242603133051805.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242603133101617.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242603133111383.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242603133121836.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242603133132195.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242603133141883.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242603133152086.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242603133202320.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242603133212086.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\242603133222008.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.5400.13586.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.5400.13586.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133010336.exe 000001
C:\Users\Admin\AppData\Local\Temp\242603133010336.exe
C:\Users\Admin\AppData\Local\Temp\242603133010336.exe 000001
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133020117.exe 000002
C:\Users\Admin\AppData\Local\Temp\242603133020117.exe
C:\Users\Admin\AppData\Local\Temp\242603133020117.exe 000002
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133031899.exe 000003
C:\Users\Admin\AppData\Local\Temp\242603133031899.exe
C:\Users\Admin\AppData\Local\Temp\242603133031899.exe 000003
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133042180.exe 000004
C:\Users\Admin\AppData\Local\Temp\242603133042180.exe
C:\Users\Admin\AppData\Local\Temp\242603133042180.exe 000004
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133051805.exe 000005
C:\Users\Admin\AppData\Local\Temp\242603133051805.exe
C:\Users\Admin\AppData\Local\Temp\242603133051805.exe 000005
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133101617.exe 000006
C:\Users\Admin\AppData\Local\Temp\242603133101617.exe
C:\Users\Admin\AppData\Local\Temp\242603133101617.exe 000006
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133111383.exe 000007
C:\Users\Admin\AppData\Local\Temp\242603133111383.exe
C:\Users\Admin\AppData\Local\Temp\242603133111383.exe 000007
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133121836.exe 000008
C:\Users\Admin\AppData\Local\Temp\242603133121836.exe
C:\Users\Admin\AppData\Local\Temp\242603133121836.exe 000008
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133132195.exe 000009
C:\Users\Admin\AppData\Local\Temp\242603133132195.exe
C:\Users\Admin\AppData\Local\Temp\242603133132195.exe 000009
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133141883.exe 00000a
C:\Users\Admin\AppData\Local\Temp\242603133141883.exe
C:\Users\Admin\AppData\Local\Temp\242603133141883.exe 00000a
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133152086.exe 00000b
C:\Users\Admin\AppData\Local\Temp\242603133152086.exe
C:\Users\Admin\AppData\Local\Temp\242603133152086.exe 00000b
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133202320.exe 00000c
C:\Users\Admin\AppData\Local\Temp\242603133202320.exe
C:\Users\Admin\AppData\Local\Temp\242603133202320.exe 00000c
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133212086.exe 00000d
C:\Users\Admin\AppData\Local\Temp\242603133212086.exe
C:\Users\Admin\AppData\Local\Temp\242603133212086.exe 00000d
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133222008.exe 00000e
C:\Users\Admin\AppData\Local\Temp\242603133222008.exe
C:\Users\Admin\AppData\Local\Temp\242603133222008.exe 00000e
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fqfl.ikii.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | fqfl.ikii.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 19.94.70.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zldl.nbco.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | zldl.nbco.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | zwsd.bvnq.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | zwsd.bvnq.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xjpg.fyiw.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | xjpg.fyiw.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | ikwy.xwta.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ikwy.xwta.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | ozio.krvl.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ozio.krvl.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | djrk.uqsj.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | djrk.uqsj.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | gaaq.ixfu.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | gaaq.ixfu.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | uzdd.ybga.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | uzdd.ybga.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kfrs.feba.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | kfrs.feba.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | zxlw.wwcd.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | zxlw.wwcd.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | dubj.htzc.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | dubj.htzc.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | evxx.sceh.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | evxx.sceh.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | shei.nium.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | shei.nium.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | ngup.sdfy.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ngup.sdfy.v5.mrmpzjjhn3sgtq5w.pro | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\242603133010336.exe
| MD5 | e72a1bfc02709f0d6c650845149c8ea6 |
| SHA1 | 25b5e6d276da52fc209e2152d922b67903b6f7cf |
| SHA256 | b4b0681576408ff9746bcc6eecdaa25cc7d412d57945ed167acac4c0921128fb |
| SHA512 | 45028d3092c91df657f3b2816c7561907abf0e44e626838f96a9b3d40eda110919e74f2036f8e862d17aef02552eb225b33f2bbae4ff4919fcba1a925615b36c |
C:\Users\Admin\AppData\Local\Temp\242603133020117.exe
| MD5 | da63c3690899367f07e92f6685727829 |
| SHA1 | 97bb3dc8a11991ef99dcd8afb4c427c25327ff73 |
| SHA256 | 0786f81ad6bfd596068c1ec434949b12c3707e05c22d7561e3d145a17ec49492 |
| SHA512 | ec3d6d74aca3035bbc6f5f9d0cb1aec34a59d3d9bc713779a004f00000a7b7aa8f0948ecbce8023ca8faf207e7bfb5c9c700c97eafacfd0d1b57d9cf1ecb6f0e |
C:\Users\Admin\AppData\Local\Temp\242603133031899.exe
| MD5 | a0db6ec93865a049e527050fb70a6934 |
| SHA1 | 4fa19efca8f4c3a5689d405aaac8e47095415615 |
| SHA256 | 36580a6712b9d94a003ead3a2a590a0c6f1db6b3220c26165b0e8c806a7c22a2 |
| SHA512 | aa67540182a5ef929f974da177b4c8b739362dccede239e46ea033fe7979d0f409e7fe5437385270799758097180a66942c2993431404980f6f7642eff75b451 |
C:\Users\Admin\AppData\Local\Temp\242603133042180.exe
| MD5 | 06d22553626594f73a5080c2df8cce10 |
| SHA1 | ec25f87f5e192b9642fc75be3743da3e7494eb0e |
| SHA256 | 0eca0af366b20a1cf13d9d99d2d1efdb1f4197ef6ee8814fbb0e624989055c25 |
| SHA512 | cdc6aa1064e88e1cc4b5fcd26d4c692ecd68218251aad1d7a61cf0b5c663d6c853b3fb653126102f66acd3e8b2020e5c735f4645a6d811c4a816ca4babf8ac76 |
C:\Users\Admin\AppData\Local\Temp\242603133051805.exe
| MD5 | a626f25bd1071165557734926ebce222 |
| SHA1 | 2346ebd9f31259d16acc5e146fd4f5da75c077ea |
| SHA256 | f06c3e094c689056c11df0791b24cec4b288999949f29daf3f9cb840b90e93f6 |
| SHA512 | 3ea51c55f26434a6bbbb69a18ee22b0817e53bbd309ba17a4242d7a246c419657d285e720bea2399b039984b893005462cbdc8cd905a9d29f0aabfac6096ce8f |
C:\Users\Admin\AppData\Local\Temp\242603133101617.exe
| MD5 | 94b8b8a294c401e1c4596673800add0c |
| SHA1 | 04fa3526dcff92ea2692864bcb06603f280101c6 |
| SHA256 | fab2e5028c857de097202873425d97be178004eb0a6a41ea946318ef9fa6dfc6 |
| SHA512 | 447dbb3c30156d8dc5dcca349335b68aee041dea84e312aa418fef27233fea428fec7bb654341c17567ef11ac792e8d571cc598f91295d67eaf8322eeeb553c4 |
C:\Users\Admin\AppData\Local\Temp\242603133111383.exe
| MD5 | 61762ec58b377fc306aa145f45c47e95 |
| SHA1 | c160049605033b921ee28ffc6263fb845e75a6ba |
| SHA256 | 41d73d166a5f6b59e66ea94090baae593500626f26163158f3d685acd70e2459 |
| SHA512 | a663333c901bd6502790665033c988968f594c6d99d8e3101f8484e2eb7cd8a2e6bf4617506338be047549a753f20d6d84e2fe8a17ca619c1e022d054b87dfbb |
C:\Users\Admin\AppData\Local\Temp\242603133121836.exe
| MD5 | 74ae13eb110e63d424e6982065839608 |
| SHA1 | 211208d85e7dbdce21f5a4b1e9f4a1bb00135bcd |
| SHA256 | 8453a678d6ee87e9a82bd6e1f0a7634bbf25e380da05fad9e1de655da09a3168 |
| SHA512 | fa23e842993326aaff5589436e4b431202b916a051974d3a0d7c9fc38125cbc2b08f34423235f9c1bbe97d0efd55350ebc3b4c584679a0128a44bbb3f4f2812a |
C:\Users\Admin\AppData\Local\Temp\242603133132195.exe
| MD5 | 1d01b1d452bc4591d01b0a44014ecb70 |
| SHA1 | 5803b8f11ba43f272dbd0d090791a7d79c8e8ba8 |
| SHA256 | ca63f01023baebc8505a4c6577d42678e47271d133482277214a7667e6d1fc5f |
| SHA512 | 8ca2a36629511171442a4e405fd5922044f8bba34f45fbc4272fa4d06ec211bbb783842ea8836b0c8dae66b2174676f6bcc0652024dc72a9b0fbb46bd91526d6 |
C:\Users\Admin\AppData\Local\Temp\242603133141883.exe
| MD5 | e0a1ce087194c0fcb1880f85f6b92501 |
| SHA1 | 75dd7958366fb66aa429a4fcbfc31273685dac39 |
| SHA256 | 00eb51f212eff12e214917cca17f75a5d12f2f7200200505836175051626e107 |
| SHA512 | f23b3e7b74a5f49114f761fee0f89391e999e2d6351d3c957147546d93976cdce81e88618689783c766200ffbb3b2b3ca9e4d867e8c63190b401985c21c5b8b1 |
C:\Users\Admin\AppData\Local\Temp\242603133152086.exe
| MD5 | ad4f7b7bf278089d83fc786198da8862 |
| SHA1 | 14a31ccb68ea050deaf658c10b3d4b526df07d57 |
| SHA256 | 13eaf5c3a661731b2c37dcdadb0dcb22bc9d164f30b2c9f5f100dac779d2ca8c |
| SHA512 | 639c846c8d7336ddf3e400d2f30e124373ef77c0630de7e008f1fa35af67ba7b05f6e3efff6f9444880a574b1a95cff284e2df6822999b1c6ff39a30091e2413 |
C:\Users\Admin\AppData\Local\Temp\242603133202320.exe
| MD5 | 38b3e7faaee0037883a4339e33b43a41 |
| SHA1 | b52526eb2e2d7bb9a1b75d47206b28f38feb0134 |
| SHA256 | 34b0faa85b29f996df2487c6bbcda467b757306da2a3b2f02f352fd269abac41 |
| SHA512 | 3fbdeb2422a7054787ea60e6e0c49813b315d406f7ab60cbdfcd2408afdf32bad3682d1487246aca7f04b64ae524c7737c9e75528c6bec6c55d1bedb1ef29e4a |
C:\Users\Admin\AppData\Local\Temp\242603133212086.exe
| MD5 | 436cea79de265f75e84b503778b88f24 |
| SHA1 | 8e88750c5642e0a958b824d6f2e0e66579eefbbe |
| SHA256 | 80c70699d9e32019f975c593463308af424a6cdc3e866e26c410156a896d3c28 |
| SHA512 | dccc99e958f292c8363be05f730182037ac7fd43b5e1d1d5ee3b2c16608215d4afcc058fa3aaa8676a0edb7a590f8ca0b694acc1047550305f9051cab3689e05 |
C:\Users\Admin\AppData\Local\Temp\242603133222008.exe
| MD5 | ecd00bd7f20258d0e1abd9c39f397356 |
| SHA1 | e51d83b85269454de9f3c10995624e3853c9f540 |
| SHA256 | abaf2f34d360b4fdaefb285dbe121beda3534b5f3b51f8e17bf3bd7bac027ceb |
| SHA512 | b2d0b1f5668be692a864386f7d6feb2910ad73f0f51fe885de9c8032e24a36bb499fa80810eb61fae2b358cfada071b0c2004db60e19eeb07b6cf895b51bd749 |