a0e656a1efa3fb5100b849d2d4cff9564f19921a0f4a473e8835afe610de9189

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.Dh-A.29431.22879.exe
Size

13KB
MD5

2628b3b5d4e202457024cc9af84ca850
SHA1

bca6dc95c350a124e60b43514fe978f66dde8aea
SHA256

a0e656a1efa3fb5100b849d2d4cff9564f19921a0f4a473e8835afe610de9189
SHA512

2e39ef7950c23daf54e58f23296d13c654e37bb09aade47f6b312809b404c75a727c0eef2ff77027d98aca711e74191adf294fe797e606f69cfcb82654c251af
SSDEEP

192:mB77I1fRivRgFxO6D79C8SZ++Xo4DeGysPstj8rhjCW/Y12yDzzz1K74WlJdxqHx:Wqiv6FxBXnTuyreEXDzzzHWlJj+nx

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 15 IoCs

pid	Process
3752	242603133009383.exe
2284	242603133019273.exe
3704	242603133029805.exe
4328	242603133038945.exe
2948	242603133048461.exe
3992	242603133059070.exe
4296	242603133108086.exe
1488	242603133117102.exe
4496	242603133126680.exe
3068	242603133136133.exe
3024	242603133145930.exe
5096	242603133155852.exe
1720	242603133205070.exe
3740	242603133214570.exe
1056	242603133224961.exe

Suspicious use of WriteProcessMemory 60 IoCs

description	pid	Process	procid_target
PID 3812 wrote to memory of 4696	3812	SecuriteInfo.com.Win32.Dh-A.29431.22879.exe	97
PID 3812 wrote to memory of 4696	3812	SecuriteInfo.com.Win32.Dh-A.29431.22879.exe	97
PID 4696 wrote to memory of 3752	4696	cmd.exe	98
PID 4696 wrote to memory of 3752	4696	cmd.exe	98
PID 3752 wrote to memory of 448	3752	242603133009383.exe	99
PID 3752 wrote to memory of 448	3752	242603133009383.exe	99
PID 448 wrote to memory of 2284	448	cmd.exe	100
PID 448 wrote to memory of 2284	448	cmd.exe	100
PID 2284 wrote to memory of 1932	2284	242603133019273.exe	101
PID 2284 wrote to memory of 1932	2284	242603133019273.exe	101
PID 1932 wrote to memory of 3704	1932	cmd.exe	102
PID 1932 wrote to memory of 3704	1932	cmd.exe	102
PID 3704 wrote to memory of 456	3704	242603133029805.exe	105
PID 3704 wrote to memory of 456	3704	242603133029805.exe	105
PID 456 wrote to memory of 4328	456	cmd.exe	106
PID 456 wrote to memory of 4328	456	cmd.exe	106
PID 4328 wrote to memory of 1988	4328	242603133038945.exe	108
PID 4328 wrote to memory of 1988	4328	242603133038945.exe	108
PID 1988 wrote to memory of 2948	1988	cmd.exe	109
PID 1988 wrote to memory of 2948	1988	cmd.exe	109
PID 2948 wrote to memory of 2904	2948	242603133048461.exe	110
PID 2948 wrote to memory of 2904	2948	242603133048461.exe	110
PID 2904 wrote to memory of 3992	2904	cmd.exe	111
PID 2904 wrote to memory of 3992	2904	cmd.exe	111
PID 3992 wrote to memory of 1164	3992	242603133059070.exe	113
PID 3992 wrote to memory of 1164	3992	242603133059070.exe	113
PID 1164 wrote to memory of 4296	1164	cmd.exe	114
PID 1164 wrote to memory of 4296	1164	cmd.exe	114
PID 4296 wrote to memory of 3152	4296	242603133108086.exe	115
PID 4296 wrote to memory of 3152	4296	242603133108086.exe	115
PID 3152 wrote to memory of 1488	3152	cmd.exe	116
PID 3152 wrote to memory of 1488	3152	cmd.exe	116
PID 1488 wrote to memory of 4248	1488	242603133117102.exe	117
PID 1488 wrote to memory of 4248	1488	242603133117102.exe	117
PID 4248 wrote to memory of 4496	4248	cmd.exe	118
PID 4248 wrote to memory of 4496	4248	cmd.exe	118
PID 4496 wrote to memory of 2028	4496	242603133126680.exe	119
PID 4496 wrote to memory of 2028	4496	242603133126680.exe	119
PID 2028 wrote to memory of 3068	2028	cmd.exe	120
PID 2028 wrote to memory of 3068	2028	cmd.exe	120
PID 3068 wrote to memory of 4120	3068	242603133136133.exe	127
PID 3068 wrote to memory of 4120	3068	242603133136133.exe	127
PID 4120 wrote to memory of 3024	4120	cmd.exe	128
PID 4120 wrote to memory of 3024	4120	cmd.exe	128
PID 3024 wrote to memory of 216	3024	242603133145930.exe	129
PID 3024 wrote to memory of 216	3024	242603133145930.exe	129
PID 216 wrote to memory of 5096	216	cmd.exe	130
PID 216 wrote to memory of 5096	216	cmd.exe	130
PID 5096 wrote to memory of 4816	5096	242603133155852.exe	131
PID 5096 wrote to memory of 4816	5096	242603133155852.exe	131
PID 4816 wrote to memory of 1720	4816	cmd.exe	132
PID 4816 wrote to memory of 1720	4816	cmd.exe	132
PID 1720 wrote to memory of 3036	1720	242603133205070.exe	135
PID 1720 wrote to memory of 3036	1720	242603133205070.exe	135
PID 3036 wrote to memory of 3740	3036	cmd.exe	136
PID 3036 wrote to memory of 3740	3036	cmd.exe	136
PID 3740 wrote to memory of 3408	3740	242603133214570.exe	137
PID 3740 wrote to memory of 3408	3740	242603133214570.exe	137
PID 3408 wrote to memory of 1056	3408	cmd.exe	138
PID 3408 wrote to memory of 1056	3408	cmd.exe	138

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.29431.22879.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.29431.22879.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133009383.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4696
- - C:\Users\Admin\AppData\Local\Temp\242603133009383.exe
    C:\Users\Admin\AppData\Local\Temp\242603133009383.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3752
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133019273.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\242603133019273.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603133019273.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2284
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133029805.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\242603133029805.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603133029805.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133038945.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\242603133038945.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603133038945.exe 000004
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133048461.exe 000005
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\242603133048461.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603133048461.exe 000005
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2948
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133059070.exe 000006
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\242603133059070.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603133059070.exe 000006
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3992
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133108086.exe 000007
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\242603133108086.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603133108086.exe 000007
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4296
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133117102.exe 000008
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\242603133117102.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603133117102.exe 000008
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1488
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133126680.exe 000009
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\242603133126680.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603133126680.exe 000009
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133136133.exe 00000a
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\242603133136133.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603133136133.exe 00000a
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3068
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133145930.exe 00000b
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\242603133145930.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603133145930.exe 00000b
        23⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3024
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133155852.exe 00000c
        24⤵
        Suspicious use of WriteProcessMemory
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\242603133155852.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603133155852.exe 00000c
        25⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133205070.exe 00000d
        26⤵
        Suspicious use of WriteProcessMemory
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\242603133205070.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603133205070.exe 00000d
        27⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133214570.exe 00000e
        28⤵
        Suspicious use of WriteProcessMemory
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\242603133214570.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603133214570.exe 00000e
        29⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133224961.exe 00000f
        30⤵
        Suspicious use of WriteProcessMemory
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\242603133224961.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603133224961.exe 00000f
        31⤵
        Executes dropped EXE
        
        PID:1056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\242603133009383.exe

Filesize
12KB

MD5
91e463d9402e3dbad5bfd218e6653572

SHA1
e1c1630b682320bece6d5b86134d08a06e0ab6f8

SHA256
213387ad774fe7befa83a9b32ac37e6cb5c733741f911308a606d0098bf5ea6e

SHA512
8690830048f13500fe5dc9d24058f88ad8276de74d1ce1142af43f97549744e35dd0d008c4a3ba1ea4a3b47ac0dbce3b68f05fc19ca06e75f1db8d8fc2c0c5ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603133019273.exe

Filesize
12KB

MD5
673e64a5fac35a45b0f83ccd08021149

SHA1
78d41eb241baa2f7dcfbea2a09f643db506884bc

SHA256
e1250e36e39ab8fdce1ccd9b38cdea3dd748954162285887c1ba6682661df1b0

SHA512
6871880dd3ee6ade1230b68d35dd6cae297a9843d9c0920639c68cea4987a4602077bb0a00a7b356675d2d71bb202b5cdffb147c87bb01bbad252bf33a131cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603133029805.exe

Filesize
13KB

MD5
54d6368b23f0fc680436b06aa862925d

SHA1
c7cefda72c76996c18f46ea4ea2e867b8cfd8e96

SHA256
a4e872bd7288f9775ce40b04c403e7a1700d27c18411f411eca2f58fcdb9abc5

SHA512
e7e99a5e29b0dd91993dbf11dc5698e71ab4daf8115f28bc228a68c3fdf4fc56baba0941928d5218b7988b5e4e27ecf8bc6eb9483d95a9edb92d45c15af12a19

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603133038945.exe

Filesize
12KB

MD5
aa7301f6b0540628d5290f68d8ee7aa3

SHA1
527a08c30aa65471606c5952afa85b2368aa6260

SHA256
30fca0a0e45209539fe83f35154d1fc529db51f14b2367964565bc6dffb71754

SHA512
15e8d57289d2caa1d2c918dcd333537bde302965a9a53582046dd0697fa33993ddd3be611d64ce065453a79b265c27d164099cbe2923f9ae9382f6530cb75911

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603133048461.exe

Filesize
12KB

MD5
75e6ff299084d0966eabbb7c1a7fbfcb

SHA1
a6bba5efc1f5a659e16f189b93f12106861ca82f

SHA256
1889770d36511d26d7b625c108785fa9e5c5441524fa221ee816eb8d306ee3e0

SHA512
8051a1fe784d54b975c60d975d4e19c91ecd51017c0b63b8d985f5c14fbdec2271f1b7246183c74555abd79ead07bf46b57b6ab2a61bed4dff7e6e9a1e22ca45

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603133059070.exe

Filesize
12KB

MD5
11f3b923809743c68473f37be5111f08

SHA1
6c74b4956336b916b5b970bee0e92b1af314ff55

SHA256
26dc681b2d8c43c3d999a63b03ff69dba1996d13c23172543e09c922e2c90075

SHA512
3056539f15573361c30e71638fe039887ccf19ebc1753b22749faac95e4261b25c0a6a2e65b159097567ae13b19202c7a59746e2d34ed9289214bb41183b10e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603133108086.exe

Filesize
13KB

MD5
3bf246eeb9b038d39ea258ccdc163018

SHA1
c7623feb1a2d04622c2e00428fb4aa3935e5b426

SHA256
47b515a121e9d8febc6709bdc3278dbf7a0767f6cf411746f385737dfbe843d0

SHA512
2961299417bbf9064f8e662b1a497191e37ffd9eb8b8dbc48dbb352307fb0fcfabaa2fdeb7b6e93f5f9ef9311825b86093c61fe81828e8b7dfb3f553ceaf985a

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603133117102.exe

Filesize
13KB

MD5
f9d6766262a0e9c343995f64b651cb8e

SHA1
234dd83d146f2a24eb63fb6d09a192f393599525

SHA256
09eb53c7b4f971c82a2f2bc9d5c0a366b871dffa531622eba57d2c6472e5bcf2

SHA512
72c537fb4a5597014b1069eedba9e38f6493bce211668600048c18b781aac0a03680c48a74b15f73b45032d99116c323abf8a9c3c4ae5cbc6286025d3a6fcca8

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603133126680.exe

Filesize
13KB

MD5
9200df9d277bbbb53ceb39590ea8b148

SHA1
cb8d219f263d0992a26b62abe0d16bc1bda449d2

SHA256
0a133425c7f18862feac47563ea881a1c07004dc95fa73adc2908c218bce1dc3

SHA512
ffccbf9fc9c4821a796e7263ec495183d3778034b0a21ef332acc878b8c0fd02da6b6dc0982a9e123e2809c84a55e3369507ba51372b1283689003b110985b69

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603133136133.exe

Filesize
13KB

MD5
ae4137fb056795ef04892f97925502f1

SHA1
3434a09cb5f746d26803838bb38387e61987834b

SHA256
496aa816b4ac9288fa3b2584c39510e8536086df3fd837bf0ab2912849ffe105

SHA512
701a4b830d3a1322c8bd2c7ffb2200e242ade31200d028e68212f5dcdfe7412ea8387315c9d401c4637bf4e9ee95996e8e49f9c2ceacb941deca9680e89a103f

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603133145930.exe

Filesize
12KB

MD5
73496d6320b72cedf56613c63c6beea1

SHA1
cd7803516e55b8d92c435d56479e428bcb870126

SHA256
78c3d7ba530092537d2b75043fb0a578af9a70b3749cd5d2ef8feca76816550c

SHA512
553a06d581af5932d649fddb8487be9241232252cfecb95ae179da59f5a19873da5bf9b8a038605ebc00bb42bd8558bc8542af0e8d5a6fce3a4a3735145a9bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603133155852.exe

Filesize
13KB

MD5
101992ba182ba4d90dbd30b28ca2ec0f

SHA1
bd4a0a2f80c44ab69568e6dd72d5347b3f1ee0bb

SHA256
fe532fe96dcba361a54552545ca64034a2d8a31f543aa22b884ba93bef039bc2

SHA512
2165b62c72eac3d6796f6e9b1af447143eda0d2da5973635d616b2571f18f908b622af59605e59b1997855d30540c8d897076af10b0b4ea629d867d2fb7a60f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603133205070.exe

Filesize
13KB

MD5
7d55e79f011c8a9384aab4cb129c0961

SHA1
c16c206805c4b2834d5c64674b854a28ce096ce9

SHA256
74dc380b39b7f31a19a3963ca432d14608f3167f925fe0143142158f64a5be8a

SHA512
92747e114275712648682884c175de25bd9633d568f284e10fae443f6d00750e972abe0343d4340a0372c7d56d8cf233380b0419f9b5742de79eb865e6cb3532

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603133214570.exe

Filesize
12KB

MD5
04f1693ab76abc44128afda3f51ba273

SHA1
f47626cb7d9e6f5879f1cf3e42655a20d4001464

SHA256
34399d663e745e800eb5a3dfb729328107d850d36553db7d082d0db997fa6d24

SHA512
81d10ce0f7528b0aebc46b6c0a9c520f1a685db6a684e43bca0a4a6bb64d0a32610e14b0e377183a61da06bf63c884ba644a63756ae50004c3864e99577c18d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603133224961.exe

Filesize
12KB

MD5
ac1f7751e6dfabce7eac5cee10ae42fd

SHA1
60b7b82c1e84672e6c0c3e3f2bd3c5c5eaf9be12

SHA256
7eb79db2db181caa670a309a6c816f3c0bca687f6ecee8f557adb37aec95149a

SHA512
2516817511a71bed413b3f7608832919e4ba2ed4250673d179c0b8fab71154048f6761f8bc1307095ba62d376159bd26318086da16ea6704df6d5de94cf9a70d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads