Analysis Overview
SHA256
e714d523a8db7665339db751a5742ecc8819799fd20946a5bd5ae190e5a0ee9c
Threat Level: Likely malicious
The file SecuriteInfo.com.Win32.Dh-A.31752.4682.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:30
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:32
Platform
win7-20240221-en
Max time kernel
132s
Max time network
126s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.31752.4682.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.31752.4682.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:32
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.31752.4682.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.31752.4682.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133007329.exe 000001
C:\Users\Admin\AppData\Local\Temp\242603133007329.exe
C:\Users\Admin\AppData\Local\Temp\242603133007329.exe 000001
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133016641.exe 000002
C:\Users\Admin\AppData\Local\Temp\242603133016641.exe
C:\Users\Admin\AppData\Local\Temp\242603133016641.exe 000002
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133026438.exe 000003
C:\Users\Admin\AppData\Local\Temp\242603133026438.exe
C:\Users\Admin\AppData\Local\Temp\242603133026438.exe 000003
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133036157.exe 000004
C:\Users\Admin\AppData\Local\Temp\242603133036157.exe
C:\Users\Admin\AppData\Local\Temp\242603133036157.exe 000004
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133045782.exe 000005
C:\Users\Admin\AppData\Local\Temp\242603133045782.exe
C:\Users\Admin\AppData\Local\Temp\242603133045782.exe 000005
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133055626.exe 000006
C:\Users\Admin\AppData\Local\Temp\242603133055626.exe
C:\Users\Admin\AppData\Local\Temp\242603133055626.exe 000006
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133104485.exe 000007
C:\Users\Admin\AppData\Local\Temp\242603133104485.exe
C:\Users\Admin\AppData\Local\Temp\242603133104485.exe 000007
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133113251.exe 000008
C:\Users\Admin\AppData\Local\Temp\242603133113251.exe
C:\Users\Admin\AppData\Local\Temp\242603133113251.exe 000008
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133122891.exe 000009
C:\Users\Admin\AppData\Local\Temp\242603133122891.exe
C:\Users\Admin\AppData\Local\Temp\242603133122891.exe 000009
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133132454.exe 00000a
C:\Users\Admin\AppData\Local\Temp\242603133132454.exe
C:\Users\Admin\AppData\Local\Temp\242603133132454.exe 00000a
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133141876.exe 00000b
C:\Users\Admin\AppData\Local\Temp\242603133141876.exe
C:\Users\Admin\AppData\Local\Temp\242603133141876.exe 00000b
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133151969.exe 00000c
C:\Users\Admin\AppData\Local\Temp\242603133151969.exe
C:\Users\Admin\AppData\Local\Temp\242603133151969.exe 00000c
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133202532.exe 00000d
C:\Users\Admin\AppData\Local\Temp\242603133202532.exe
C:\Users\Admin\AppData\Local\Temp\242603133202532.exe 00000d
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133212344.exe 00000e
C:\Users\Admin\AppData\Local\Temp\242603133212344.exe
C:\Users\Admin\AppData\Local\Temp\242603133212344.exe 00000e
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133221219.exe 00000f
C:\Users\Admin\AppData\Local\Temp\242603133221219.exe
C:\Users\Admin\AppData\Local\Temp\242603133221219.exe 00000f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bjku.ierg.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | bjku.ierg.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 19.94.70.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cbzm.dkgg.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | cbzm.dkgg.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | wrib.ztyw.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | wrib.ztyw.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ncpb.dlih.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ncpb.dlih.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bhqx.kpdc.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | bhqx.kpdc.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | rwsy.tlnh.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | rwsy.tlnh.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | jtuq.llna.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | jtuq.llna.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fdrs.nylt.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | fdrs.nylt.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | hbii.icgq.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | hbii.icgq.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | hkml.nhfw.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | hkml.nhfw.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rkcc.zbta.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | rkcc.zbta.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | dfxh.kumi.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | dfxh.kumi.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | lqgy.owtv.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | lqgy.owtv.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | mzaj.dplp.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | mzaj.dplp.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | khqe.cphx.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | khqe.cphx.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | pdww.kwkk.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | pdww.kwkk.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 130.109.69.13.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\242603133007329.exe
| MD5 | d3cb4fe60596970680fd896e296155bf |
| SHA1 | 37d037f2f84fac515b07eb57f8f0786c9d6bccbb |
| SHA256 | a8a10a058248f9b4bd18a3786b4e2a1dabacfbb440052761459add5a111ab0a7 |
| SHA512 | 3c21ca600870474d7ce2f80746945425285b8f1edd553158ed894f25e33273a19ea367c8257928bf5b33984862199fc304567fc715ad8866a9349e5b6d3adaa7 |
C:\Users\Admin\AppData\Local\Temp\242603133016641.exe
| MD5 | 60fa62c0bdcc53ee92fa2d869eff43ce |
| SHA1 | 16235c60d7a30423b951ea5e28feec0e723a6374 |
| SHA256 | 7ba6edc8a7eec71deff21956683ea6e73d2d76043ed66c7153b629e6e45fe41e |
| SHA512 | 5375895b2d8e53f54b2e1dea25e284704d1997da74ec70f24e6cef22f768a7ce46e26440ec140a20d0490086ac6f9c67a712e279d3598f050847a192c073b56d |
C:\Users\Admin\AppData\Local\Temp\242603133026438.exe
| MD5 | a6ffeda8a5640dca664b7dca7bcb6cc3 |
| SHA1 | 96f10459aaf73c6fe0391b5aecae165ba259f5a7 |
| SHA256 | 6b33c9931b4cb0923e667004daea7fae4b419697c5df56f7629bee6641307721 |
| SHA512 | f618637a6f3b2304b2ff1d517b2b082c5f9f33d87b343746afa5bf300796894f9cd37716a0fda2b971edb24d4f4ac0c45d50120626be628d8d21106bcc764120 |
C:\Users\Admin\AppData\Local\Temp\242603133036157.exe
| MD5 | e97825055060655559696a7b98bbbf97 |
| SHA1 | 86cd18d0dbe137916e1e9cbebe260d33845e1cb7 |
| SHA256 | b6d0da084cd53e96d23f218e823ba95e08b10fcc65d405b190340ddf3b8b5fad |
| SHA512 | d06cffa02b418a9dd11d705b05ff117527aad5b9516d099dfa1ed004602f84662538ce50473e339450d77e61c2c176ab5b5a50363a036bf1f52da7868ba13382 |
C:\Users\Admin\AppData\Local\Temp\242603133045782.exe
| MD5 | d89404ee8f6ed9ec36896303385a1a55 |
| SHA1 | 5f1c645a7824a0dc31c7e50022c602bb7793a262 |
| SHA256 | 946d88b9a3ddb0005be7bcd204ffc8925f74df8f2cf7422be0b31da822cb6686 |
| SHA512 | af7bf4ce59179aeca7ac48737495764c3de53b990d397d85c773db8f589fd6fe2369ab561a6aad8e0a721b7b4e5c95d4094ed37b98250b9e70f539762c9b796a |
C:\Users\Admin\AppData\Local\Temp\242603133055626.exe
| MD5 | 3e36220621d2fc344ac539f918d9bf11 |
| SHA1 | 91e677ddeb0a7e7bbd692b4aab7caa5642b5517b |
| SHA256 | b08c89d181a0ddf2fd7ffd0a0bc9259a6b682d1df17fd4c8bb0dee9a15970227 |
| SHA512 | b54513f5e2b7b227f27b429a2f156cbe8b6009637227b21a6fcb46d3760984010cb89d67a5a8b3e62f30e42c0f2033886d36a5ff48ef938629ce7ee70008cb92 |
C:\Users\Admin\AppData\Local\Temp\242603133104485.exe
| MD5 | ad0305589a5f83b77a66e0f983c34594 |
| SHA1 | 634bb3e2a911ffa605b17d23d9d3e0f7ff3f576f |
| SHA256 | 7f56e8d60d811ddf8078530d145e3824daac623e2ee6e7dcc5ec5d28e079cba4 |
| SHA512 | 8d28f8dc76fc00e881620a683540ef68d722f6dec2205ec0354b5cd73e1bd4b523fef0a86fa8085c611beef1cb268d433bf49f89926999750e0c522a22d9c511 |
C:\Users\Admin\AppData\Local\Temp\242603133113251.exe
| MD5 | a1c2b38cfc47a3b36ff1f890c543b043 |
| SHA1 | 999727c9e5e919b81542efd64d4d99f1602d36ad |
| SHA256 | d8e0fb28bd1ad78601fd695faca087ae4bafa7da9d24a666802b1d89405c235e |
| SHA512 | 019c870a8514c7f280235bce49dfeebd9dd165f0cfec64974d8217c595d18e22eb53b91448e0b1845b89e5107c71024129675989b46fe48acfdc0b75519ccc66 |
C:\Users\Admin\AppData\Local\Temp\242603133122891.exe
| MD5 | 7472f662898a1ac4ded125d0687207a4 |
| SHA1 | a1e719f6dc6b2c2afdadbe5b5ac22671f3a58257 |
| SHA256 | f965a05e792633203aa4176bd3c5535344333f667d591f00163175be902450e2 |
| SHA512 | d976c3a84e5411adf8ebdd14cd76c2e18d4b7d1eb1bca14bdd857280686512c90d9417fc36c64192930b62e4bc6fc294307ba3445fba061b3740d242084bd23d |
C:\Users\Admin\AppData\Local\Temp\242603133132454.exe
| MD5 | dbf5d1b0879af8c98268ef73fcba96bf |
| SHA1 | 05c26ccf3cbce5de360adadec5e695ac49abf80c |
| SHA256 | a26621307cc37fdb0105cd99f250fb74ef23f532cfb194937652d04b2cec19f0 |
| SHA512 | 31a9dbf5e3b826f2ad3455c451169877810039192ff1ef0c53e16f3693bab1599f9b7027ddcbd4a2d7a0f680127fcb25bf690c93b1912a03719d545a64f2e8d3 |
C:\Users\Admin\AppData\Local\Temp\242603133141876.exe
| MD5 | 25a40eb00eb5c80bfb13f55177022d9f |
| SHA1 | 3a083ff2b934832472a9f124e875d783e9f45cff |
| SHA256 | d8c21ca59488b021eaa5473a0329cb341d02c2640a67294f8d39a9f718307037 |
| SHA512 | cf30c9c41e02665fbcf4f7c32bcb1cac49d4cc87501a4387f15e362c0ffdaa3335dfd801fcaf4089510e508c7168ecd17a79c95b7e5e3f8ee0aaf9a6fe5227dd |
C:\Users\Admin\AppData\Local\Temp\242603133151969.exe
| MD5 | 42bd8b6630e2539e1d0d4aacb427a8c4 |
| SHA1 | a1a3d92a5d51c570aa2289c34303190fd56f60ac |
| SHA256 | 10cfe32b66d915c1dcf12af73cd5ed2cbaeaadd1ae0d06c73a73f74a1ef026ca |
| SHA512 | 756f9fc28b6902cf3dc60e57fd59c1096a38e11d21dbec6cf63946ccb3367268959c4057592f92aed44df2f167b095c3ceb16da794e77858af74c04ec0be1f7c |
C:\Users\Admin\AppData\Local\Temp\242603133202532.exe
| MD5 | 26c042bfbd15c3226a8d2508e90034f7 |
| SHA1 | 71598d508c573948a8e9df5d608c8a1fa99ec711 |
| SHA256 | b432de873acef8fd44a180daf822def7556daad4fcccec13c7236a9526f9b02b |
| SHA512 | cc3b2a7ccfd2519e089bd0195dffd4d59c7678e56765a3e275b707053c08fcc04b9e41e5ac2bf521a886623600f18f1ffa4a5ce92496dfe5a6cbc7ec9286133b |
C:\Users\Admin\AppData\Local\Temp\242603133212344.exe
| MD5 | f7e86415a7afe08009bc16b56611f23c |
| SHA1 | 7e3eb400389922a5f25960823035a1966c558997 |
| SHA256 | 2ccceae64e0eddfd3039a73510cac64023ba7fcd7f54f94697434ad21563b20f |
| SHA512 | dfa8656d6ab8a6b76041fb64f06fece15e0f55b8fb2aa03eb0d6e65e4835703a30f1e63cbb005cb910d7288bd0424aff1d52c43d7b144074902603dd92ca87fe |
C:\Users\Admin\AppData\Local\Temp\242603133221219.exe
| MD5 | 8dd140c80c8f8daed6416cb66dab357a |
| SHA1 | 7aa64800669da6ef4955b16b627ac7c909ce3f42 |
| SHA256 | 439f4cc574e9edd84f6e1a3516e6d8e103d3828d215e303e506afc0bf339c189 |
| SHA512 | 5c29f1a9a862a9b2174572dd5afef17e77f2e97f116ad15b58f5ab37d8a69ae8fa8e32c13989af51c738076a7f18e66ec26ef5a1ef714a2ff0bbff9fbff8181f |