Analysis Overview
SHA256
f74a50bc4c1b031e264492049edf4019a499d107e2aa8b2c663ad71ce4d82dc4
Threat Level: Likely malicious
The file SecuriteInfo.com.Win32.Dh-A.15218.20620.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:30
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:32
Platform
win7-20240220-en
Max time kernel
132s
Max time network
120s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.15218.20620.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.15218.20620.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:32
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.15218.20620.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.15218.20620.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133011458.exe 000001
C:\Users\Admin\AppData\Local\Temp\242603133011458.exe
C:\Users\Admin\AppData\Local\Temp\242603133011458.exe 000001
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133021349.exe 000002
C:\Users\Admin\AppData\Local\Temp\242603133021349.exe
C:\Users\Admin\AppData\Local\Temp\242603133021349.exe 000002
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133031646.exe 000003
C:\Users\Admin\AppData\Local\Temp\242603133031646.exe
C:\Users\Admin\AppData\Local\Temp\242603133031646.exe 000003
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133042333.exe 000004
C:\Users\Admin\AppData\Local\Temp\242603133042333.exe
C:\Users\Admin\AppData\Local\Temp\242603133042333.exe 000004
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133052896.exe 000005
C:\Users\Admin\AppData\Local\Temp\242603133052896.exe
C:\Users\Admin\AppData\Local\Temp\242603133052896.exe 000005
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133103271.exe 000006
C:\Users\Admin\AppData\Local\Temp\242603133103271.exe
C:\Users\Admin\AppData\Local\Temp\242603133103271.exe 000006
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133113083.exe 000007
C:\Users\Admin\AppData\Local\Temp\242603133113083.exe
C:\Users\Admin\AppData\Local\Temp\242603133113083.exe 000007
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133123114.exe 000008
C:\Users\Admin\AppData\Local\Temp\242603133123114.exe
C:\Users\Admin\AppData\Local\Temp\242603133123114.exe 000008
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133132724.exe 000009
C:\Users\Admin\AppData\Local\Temp\242603133132724.exe
C:\Users\Admin\AppData\Local\Temp\242603133132724.exe 000009
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133142599.exe 00000a
C:\Users\Admin\AppData\Local\Temp\242603133142599.exe
C:\Users\Admin\AppData\Local\Temp\242603133142599.exe 00000a
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133152114.exe 00000b
C:\Users\Admin\AppData\Local\Temp\242603133152114.exe
C:\Users\Admin\AppData\Local\Temp\242603133152114.exe 00000b
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133202068.exe 00000c
C:\Users\Admin\AppData\Local\Temp\242603133202068.exe
C:\Users\Admin\AppData\Local\Temp\242603133202068.exe 00000c
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133210943.exe 00000d
C:\Users\Admin\AppData\Local\Temp\242603133210943.exe
C:\Users\Admin\AppData\Local\Temp\242603133210943.exe 00000d
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133221349.exe 00000e
C:\Users\Admin\AppData\Local\Temp\242603133221349.exe
C:\Users\Admin\AppData\Local\Temp\242603133221349.exe 00000e
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133231958.exe 00000f
C:\Users\Admin\AppData\Local\Temp\242603133231958.exe
C:\Users\Admin\AppData\Local\Temp\242603133231958.exe 00000f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 20.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | xfyh.uqjm.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | xfyh.uqjm.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 19.94.70.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hymc.ptwq.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | hymc.ptwq.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | ecnr.hfqf.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ecnr.hfqf.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ylqy.kzpe.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ylqy.kzpe.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | jpdk.cmvy.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | jpdk.cmvy.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | wfkb.ziif.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | wfkb.ziif.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | dkvk.pstt.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | dkvk.pstt.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | jnnc.bcse.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | jnnc.bcse.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | lxvk.solb.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | lxvk.solb.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xywn.tljh.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | xywn.tljh.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nrjy.pwmb.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | nrjy.pwmb.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | ophz.qjkm.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ophz.qjkm.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | zpjb.rdui.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | zpjb.rdui.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | cxre.ovel.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | cxre.ovel.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | dcrc.brhb.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | dcrc.brhb.v5.mrmpzjjhn3sgtq5w.pro | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\242603133011458.exe
| MD5 | e7d36d0c4b5fee61d0e2bf53a922590d |
| SHA1 | 8ec4af9c17727041efca9174ae6501e71b35e7ee |
| SHA256 | 24e39c4fbb2f985f0744e82446eb19f63e54d033a9e076e241182f928741d61c |
| SHA512 | 317a681e49bc77213fdbd39471c35bc00e13a51f116c676a6869290d377264f091508244bfad4bd62b38f7270803aba11771ea02f8cb86bae0f6d4e5e094c396 |
C:\Users\Admin\AppData\Local\Temp\242603133021349.exe
| MD5 | 5b310cba010b9b86a0cfb10c28922736 |
| SHA1 | e4069d67eaf9a459ee28c9e4465158b5dc7eb567 |
| SHA256 | 15a835ff5ddb5937842159b5a5ea590593d0eab13d89c00ebb8415a73077e672 |
| SHA512 | bf8dcecee9dfb27351969f340bf9c53c4c032d0c047038bd2c1d5ca6183ecfef2801a1e81b1419875a2e308836962489fda26458f43559dce5bcc086c415092f |
C:\Users\Admin\AppData\Local\Temp\242603133031646.exe
| MD5 | fca4a4d10970dbc837af9bd876d29ffa |
| SHA1 | e304ecab1fd89bacf7655e854d25673fdae4183a |
| SHA256 | 3873bf3df6d1fba930ca6aa3737d30cdb20a4d26cffd38e3761cfa9b215cc3ea |
| SHA512 | 0a4b01bd450db97204434f2ab2627260d9a9ce5620e848de97a7b7f5da8500c2094f384481ef3a2a591ae84a9f1fda853d01a0f5c118c61e0e7331df75bfe079 |
C:\Users\Admin\AppData\Local\Temp\242603133042333.exe
| MD5 | 7b5a6175cea6bad49635276ba0b5b4e2 |
| SHA1 | 3466c7335ac94379ef615bbb20902af2f5599d10 |
| SHA256 | 219819b70d364a02f9f82f47ae67d4488ea126eed27e39e7c8a2935933018f33 |
| SHA512 | 489c12e740e52c7c1ecab32e1cf7f17544132f236f6a04ea9f6cd939f844818e63cc62c3f6018aa695f30fc5e00561c6ccfc76e0652c68a162df4a874ace7189 |
C:\Users\Admin\AppData\Local\Temp\242603133052896.exe
| MD5 | 727626e5ebfd5c1193fae00b6f8517f7 |
| SHA1 | ad4e72c71763138ddd06c48096d0d556cd232db4 |
| SHA256 | 713d3b0edf22ffcfca9cadd03663381ee4a2544e539002c1df20bf108d777fcb |
| SHA512 | 10b7883ed51c1ea91301e2dfc5fdeda9eff231420af6072f77a34b555942c1ebc45b50e3d06f4b7fa80607e30bb0f79a1ab820a4eb684a13e87a59a62746a0c5 |
C:\Users\Admin\AppData\Local\Temp\242603133103271.exe
| MD5 | 1037ed640ab71efcd82a154b4a1891ef |
| SHA1 | 5b9f919f2e1f904aef01d7310c580fadf8ae5ca7 |
| SHA256 | 37879db3a1e575358090b4177cebd50c30ebec3e5d68c7b20350e1dc6fec924f |
| SHA512 | 1a5f8b11a71acc9309d47a9621fe90f80cdf9cca623da65d031fc18106733e1411cdba605767d30cfb9dc73c96603bc17b2a56daaa2e43f949fde3435481970d |
C:\Users\Admin\AppData\Local\Temp\242603133113083.exe
| MD5 | 69d9e834184ab5c4258715c787bbd437 |
| SHA1 | a6201021f7d03c066686b05e9bffaa129a1d0e97 |
| SHA256 | 53370f0639053fca7f43f68169442ec80ec3a9dfde475d4e962caa845a72fb22 |
| SHA512 | 28755a27739c424dcb9610e7e141fe01d12ee829380e1eaa701e8a106e5864841a3afc1ea6ce1d76cfedce5944bf5107b2267c877f24abeeba60acadc0076681 |
C:\Users\Admin\AppData\Local\Temp\242603133123114.exe
| MD5 | 0f872ef1beb2660ee82934a680651ac2 |
| SHA1 | 5f6e0512f838f21ccb69428e8c85067b83ba7db0 |
| SHA256 | 26853176112ce55c6c4eeb14abc317be57e77a7e96079877494b8f19ec8571fd |
| SHA512 | d9efca0b83aa677935f697bda6772336f333f05f0e16041f2946777330cf321fca6f11ccd96af1d5823a93fbfb01fa3494bb7b133e43a98430727ccc16295551 |
C:\Users\Admin\AppData\Local\Temp\242603133132724.exe
| MD5 | 796b0e09b87752d623b949c3452e4f84 |
| SHA1 | e7f7602e4dfe2538e1dae9f52618616ef0246462 |
| SHA256 | 39c6ba97919b419a4c2fa0f5f4fba721c8a1334d68f790c20705414d0791ab6a |
| SHA512 | da6fdc9dbfc9d7797c8323c356162ef04aa6068a0bdf919a860bcdb88c75c6c3191ef375e7280f760855d41df86217fc05972afa7f277fde870dee574545e292 |
C:\Users\Admin\AppData\Local\Temp\242603133142599.exe
| MD5 | 566964efa0cf90fa3eaf3d7d0e8a9773 |
| SHA1 | a5be394c01d27c58727b2e054dc9f078f9be947b |
| SHA256 | c5d4fe1acf59cce4273f0f44d27bdb141856d86261f718a2df4e52d47edd56c5 |
| SHA512 | 72bb12c3b0eedb2e02d847d87ac1618e120cfe599281e13f2307ddb4941fb88fc41b326bd26f39a6b9f9de57bfdb018299187e36ec07d2e08259af23d6a65690 |
C:\Users\Admin\AppData\Local\Temp\242603133152114.exe
| MD5 | ac6df8f6fdc7f84d2f71991f98f5ffa8 |
| SHA1 | 7ab28f54bbfdee4957b81780e9ad6096182647b6 |
| SHA256 | 4a0786001bdfed0cc69b405f713864d74b8f2fec36f7f14ab4d5efd841de0199 |
| SHA512 | 619e4badbd3b7d96c130a6313d792689ad76f3d5a478500100d01d18e517ad337754dadf53324e32ad5c3caf05f199a2d1d4349c8e5132d75b798a9a1ecc9bda |
C:\Users\Admin\AppData\Local\Temp\242603133202068.exe
| MD5 | 34ad6f294f54b8da74a8703e33ac8dc3 |
| SHA1 | 6b03fee7e6c6b9df26ec54abb8b976bc8ffb6595 |
| SHA256 | 1232cb375ea368f2928c7a9617d0d694adf7e3d7e077c8406cc23e495aba9b17 |
| SHA512 | 5fc9af114952b9fe2ff6f5cda7707422ab642c266136a6a45ae1a26c7809d464a5d2b9246d88345d27a4537e8226bc48f601983fb38dcf49317ad7f76bdb615f |
C:\Users\Admin\AppData\Local\Temp\242603133210943.exe
| MD5 | 031f26db844d700c1cb215a9af5421dc |
| SHA1 | 98335876fd277cce1f80860e8d9372d278f2a30d |
| SHA256 | 9e088d2dd0c4b06386a0edcd6e5c8188270a09e7e5dd39e17827160bf5005877 |
| SHA512 | 4a3106b26edad8ce77cf2a47e6e2e0209b55d9208400b529727d5e31237df657fae0502852eced35c956c06f43b0cf754a1ca0857563b92bde8e05a94e107802 |
C:\Users\Admin\AppData\Local\Temp\242603133221349.exe
| MD5 | 95894d44546cf1290b35f4469fddc676 |
| SHA1 | 801fe273c5b8731c0cf0e2a7db87bb8bc7039808 |
| SHA256 | e0a1493078828270b773adff63318777bb6bee2ec9cd63bd311331be4c385851 |
| SHA512 | 70b9a05193fac4377852e4db6f024fd2e92a6e61e6471cc5c5dc2d37161b6ba13134f8d83b511b161d019d85be5a4126c1c430de9e13b53c447d40340efd2728 |
C:\Users\Admin\AppData\Local\Temp\242603133231958.exe
| MD5 | 37e7d73d08e361f2628aed58910712b9 |
| SHA1 | 925fefbbad3cb86a12a018c92ec57e5bff677528 |
| SHA256 | dcaf845b6b4fe10d3bb8aa6a9deae3905591dc6d799acd469aab7805eb5e3868 |
| SHA512 | e954e8a7eca6fa3edd052302be41be68773ad55c6c0dad00c490b77f89fdaca606ef0cd2b43bbb967e3fbbfdd6ba81e81aca13153da11c0d77c0a7ba0fe3d160 |