Analysis Overview
SHA256
649d76f4096837514b99ea14bd7218e3b2b64bc126d3f12ac141542c8ff6b4fe
Threat Level: Likely malicious
The file SecuriteInfo.com.Win32.Dh-A.31484.15496.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:30
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:32
Platform
win7-20240221-en
Max time kernel
132s
Max time network
126s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.31484.15496.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.31484.15496.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:32
Platform
win10v2004-20240226-en
Max time kernel
151s
Max time network
153s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.31484.15496.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.31484.15496.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133012439.exe 000001
C:\Users\Admin\AppData\Local\Temp\242603133012439.exe
C:\Users\Admin\AppData\Local\Temp\242603133012439.exe 000001
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133023830.exe 000002
C:\Users\Admin\AppData\Local\Temp\242603133023830.exe
C:\Users\Admin\AppData\Local\Temp\242603133023830.exe 000002
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133032923.exe 000003
C:\Users\Admin\AppData\Local\Temp\242603133032923.exe
C:\Users\Admin\AppData\Local\Temp\242603133032923.exe 000003
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133042486.exe 000004
C:\Users\Admin\AppData\Local\Temp\242603133042486.exe
C:\Users\Admin\AppData\Local\Temp\242603133042486.exe 000004
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3460 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133051970.exe 000005
C:\Users\Admin\AppData\Local\Temp\242603133051970.exe
C:\Users\Admin\AppData\Local\Temp\242603133051970.exe 000005
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133102548.exe 000006
C:\Users\Admin\AppData\Local\Temp\242603133102548.exe
C:\Users\Admin\AppData\Local\Temp\242603133102548.exe 000006
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133112298.exe 000007
C:\Users\Admin\AppData\Local\Temp\242603133112298.exe
C:\Users\Admin\AppData\Local\Temp\242603133112298.exe 000007
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133122158.exe 000008
C:\Users\Admin\AppData\Local\Temp\242603133122158.exe
C:\Users\Admin\AppData\Local\Temp\242603133122158.exe 000008
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133132064.exe 000009
C:\Users\Admin\AppData\Local\Temp\242603133132064.exe
C:\Users\Admin\AppData\Local\Temp\242603133132064.exe 000009
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133141705.exe 00000a
C:\Users\Admin\AppData\Local\Temp\242603133141705.exe
C:\Users\Admin\AppData\Local\Temp\242603133141705.exe 00000a
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133151908.exe 00000b
C:\Users\Admin\AppData\Local\Temp\242603133151908.exe
C:\Users\Admin\AppData\Local\Temp\242603133151908.exe 00000b
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133200876.exe 00000c
C:\Users\Admin\AppData\Local\Temp\242603133200876.exe
C:\Users\Admin\AppData\Local\Temp\242603133200876.exe 00000c
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133211142.exe 00000d
C:\Users\Admin\AppData\Local\Temp\242603133211142.exe
C:\Users\Admin\AppData\Local\Temp\242603133211142.exe 00000d
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133220501.exe 00000e
C:\Users\Admin\AppData\Local\Temp\242603133220501.exe
C:\Users\Admin\AppData\Local\Temp\242603133220501.exe 00000e
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133231001.exe 00000f
C:\Users\Admin\AppData\Local\Temp\242603133231001.exe
C:\Users\Admin\AppData\Local\Temp\242603133231001.exe 00000f
Network
| Country | Destination | Domain | Proto |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | lwkc.edom.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | lwkc.edom.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.94.70.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zzza.kfie.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | zzza.kfie.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vixe.ihbw.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | vixe.ihbw.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uevw.ccod.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | uevw.ccod.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.187.202:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | krvw.ihzo.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | krvw.ihzo.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 29.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jlpo.huwm.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | jlpo.huwm.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | wueo.mfaq.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | wueo.mfaq.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dzzp.qila.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | dzzp.qila.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | flkb.iovb.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | flkb.iovb.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | fpxd.vxal.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | fpxd.vxal.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | kyul.bfoo.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | kyul.bfoo.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | rgog.jqcg.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | rgog.jqcg.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | iepu.ixgv.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | iepu.ixgv.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | rhtj.riyn.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | rhtj.riyn.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 200.79.70.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | uuly.ubpk.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | uuly.ubpk.v5.mrmpzjjhn3sgtq5w.pro | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\242603133012439.exe
| MD5 | 1fae2361c5901c31ce353464834cd4c7 |
| SHA1 | aad58ecc7d9a2772d81905217251185b57572395 |
| SHA256 | 40f32b7330249439bbc182ca801ddee5334c65f8a1e48313ff18879a6efec5a7 |
| SHA512 | c0537ca9ea6bbffa6e4dcace8c2a0b54f3d5ba329dc8a3d5b9678a4aaeb829475262d2626048b75d8d8090571e001b45bd58aa8a93b34e4866eb7f2a8c760926 |
C:\Users\Admin\AppData\Local\Temp\242603133023830.exe
| MD5 | af14b6146e083d899207a901769c28f6 |
| SHA1 | 59f383aa60f42aeb6627bf9e4e3354ad5a7bbe18 |
| SHA256 | d53db93d69f656c1a2705ee414b62c66adb7609531853c8b8519dc84cfcdae48 |
| SHA512 | abf7006ae38b11af30398ab5d4b6cd1560779898a2424ecf54229871d8e4704d1872003c8f655a30ea884fef14eae44ca197193f76455a7f109615b66eeeab00 |
C:\Users\Admin\AppData\Local\Temp\242603133032923.exe
| MD5 | 96863eb35908940b45ceab3a6a6972a9 |
| SHA1 | a12c68f76a654cfc6a65a35d30d3720a9fff7582 |
| SHA256 | 5cc171dfa9fb437ccaa5cb40b780dab0d6bb88604b1e7aeba4f9baa473248bf3 |
| SHA512 | 70f2f106747985fdf1e0e09d4336a4073b858e294d094b395cfe6c84979f8ae7e15f7268ed6c9e3f7909a2a0ae164b2569705244abb057ed5efcfa7c510d1325 |
C:\Users\Admin\AppData\Local\Temp\242603133042486.exe
| MD5 | de2e3ef5cd962c83dfd1f31403cc9bb9 |
| SHA1 | df87ed226d245c4f69e45ea361e8bde23d3c3e6b |
| SHA256 | c94f9b1476923b9a8a81355b94eb1ebfd9bdc4317bd1726295650ce55b05fade |
| SHA512 | 06df8efa72ed40eda25aed44ac988cf967ac9e7c015d318b005ffb46b6d541a62a7664ef70d968a8256548b4b8cfa2ddaf46e605be5f39453a17007d28cd5f73 |
C:\Users\Admin\AppData\Local\Temp\242603133051970.exe
| MD5 | f3786848032ba5b67229629ff695da17 |
| SHA1 | 57d6b5bb9e6560158df620ca68fdb27ac824f809 |
| SHA256 | 1e1c2d76dadea2e96dcb65dfbc079a6de76f36692ef6c783d853b89d999e6e2a |
| SHA512 | f2cd7e6d38b68385adf207be0862402d26fd8ab215494486665fd9ca4cf55f88745a39e3db0bbbf5daebc3b0b34b0d1cf995e4d005956e0d7277829ce593f25a |
C:\Users\Admin\AppData\Local\Temp\242603133102548.exe
| MD5 | 24a775d6fe0537cc941681d3709e4d08 |
| SHA1 | 1dbe5d3d68693d890cb81b38b3189644a1d9f6ff |
| SHA256 | 369609e081571a2df3813c2e57af5a63b5cbc8d827306134e94f41b3bdad9391 |
| SHA512 | 9d3d439af517f86e0875ab2a0344f63cac12e0227e7f3e4971a5be2e5f6f1f9b3d06f94d1762d489db89675cfea56fe460dac50248a4e8448c68e961d3910be1 |
C:\Users\Admin\AppData\Local\Temp\242603133112298.exe
| MD5 | 93ade06f58f430cc6160a8d1be6e8b6d |
| SHA1 | 1f9097754fdac180b10a1e533a49752810705c4f |
| SHA256 | 6dd4fc0ae4c3a9ea18d465dda39d0ec57f403b2245c1227b6558df6fa02b06c5 |
| SHA512 | a0ee1f55629d717027372e6628b13a3d865972eb008de75c5c199aa1cee06c1b86d2267e7e0060d1cc72b48ca0bad4d7ac59f81d24beeba3b4b3c56e9e9738d7 |
C:\Users\Admin\AppData\Local\Temp\242603133122158.exe
| MD5 | 177621f65098f4fa1fb3674e6d2741d6 |
| SHA1 | 63e4a53d29bb3fec3f4886fce327c76a2237c622 |
| SHA256 | ab6f11de79cef59875c4a3b4c5dbb6a2c27a04508d1afea7cabe3fb8e2478961 |
| SHA512 | a08a71820c500a8d311c02a9bf9678570b8f2f75f7f6cacd33a0a0c19ef8544e531070a00f35840fd6cd6e52c8b4078541905ad170edb11626734c6959c3cef6 |
C:\Users\Admin\AppData\Local\Temp\242603133132064.exe
| MD5 | 1b96d3b32dce34b092536f76f2274301 |
| SHA1 | 1d11047d27d6846a6d70a8fb1d73aa669f601528 |
| SHA256 | be32a6331fd7ef1a01a6891299428a8786ec602f25df3a7a28e9517d0c6d06c3 |
| SHA512 | 93c5be3d4f2a8a8f970588d04fff378a3116a3ee97ee54591c69a6dba4b228e9de5db123a53e8a03c8c499d60c6d06df3eb1547cb64083740b22a34d3b861e79 |
C:\Users\Admin\AppData\Local\Temp\242603133141705.exe
| MD5 | bbc418c9656c620d45889a6a8c311260 |
| SHA1 | 6c1ad2d38851282a871c32d31a8856edba7f4da5 |
| SHA256 | 1d50f134fae54cf210b07b7354677177e1aa3c8c44241e74146a2a77881bad39 |
| SHA512 | 5f676304413f7f431a431fbcfea8e82bb470010e3b11febde5387795c7c93ea6f541cceaa24dda755a599466e58102d5e2e899456e14de17d7d3db15fb327ad1 |
C:\Users\Admin\AppData\Local\Temp\242603133151908.exe
| MD5 | 3e96db02fb0e16e59b3da92894d3e65a |
| SHA1 | ab384afa68573b3918e5dfc9f8a374ad295bc07e |
| SHA256 | 2231f264de9c2a8a7bd1de45d297a44b3cbabc85e68d53204dbf3333810f5c7c |
| SHA512 | 611fa564106cb20473081825f9c05b2d26c8323949c58e1f4fe6af8ef5148f77519534dedcdcb0938e6bc7d5454f0eaefe9678c063c8f40bb8416169f2678d05 |
C:\Users\Admin\AppData\Local\Temp\242603133200876.exe
| MD5 | d40386cacb63538c70a41b7b6031be1a |
| SHA1 | 611f56de7d7843d063332764f0b90957b9b7cdb7 |
| SHA256 | a6c9441789f07b6261be93fd1143a28bbabed7360ff1a7d13e29b575a8801d93 |
| SHA512 | 1cc52cfd73d1b734e17bb73c76a19ccd2be785131dae0957288b88ae3b40041c1d5237cc563f3d30226fe86a90adea40d03e35c3542b3687f756e35dfb253f5f |
C:\Users\Admin\AppData\Local\Temp\242603133211142.exe
| MD5 | 9748112b6bb3652b1b511ad97f7c5af2 |
| SHA1 | dbc9dcd9d66da6d0abfbe728146d7e2d3a1aef36 |
| SHA256 | e3537d0ff9be7dd3db01f22c161dd1cbf1d9c40e8981787035fc0779bb9e8aa6 |
| SHA512 | 8301294f5897562c9a6a6e1a545be514ad6a58955f03a07726bcf9ae08244c5dc0f687e24d3d560d27478b2687c256a70bc2f52e87724096df73294ad11268b4 |
C:\Users\Admin\AppData\Local\Temp\242603133220501.exe
| MD5 | 8c6e8138b94bd02c5f3affafb32a3d29 |
| SHA1 | b1c3fa8c7c23e602cfb65a6cd21d662604a174ab |
| SHA256 | 412ac28535b0f0ceaa8dc7e494be2cb9239d8624726f5d0f4663df34c6f1aa85 |
| SHA512 | f316ad003e5d724c7d99ec110bd1c711c46e3ef9c7741eefcd4892aca3b0a580e6b0fcb461d96c9c2c17b0e2bf1a05dcf3b65a52e7a7ac611a379c17361cc00b |
C:\Users\Admin\AppData\Local\Temp\242603133231001.exe
| MD5 | 349040a110bc204d6bcfb8d90847d537 |
| SHA1 | 4a0e487b90e0760d8f1d71066037044872e0a167 |
| SHA256 | 333209e969e4f50f0739bff3959c67e45612166c3cae701048fd06356712dd2f |
| SHA512 | dea0dd884dfc9c7d72da016bf52aad3f934cbc06166480dc0f8aba17fbc86d2784b55c6b46ebdbba6022e67dc30fcdcca5fdc2c8fedab49ffc602ceaed210156 |