Analysis Overview
SHA256
a0e656a1efa3fb5100b849d2d4cff9564f19921a0f4a473e8835afe610de9189
Threat Level: Likely malicious
The file SecuriteInfo.com.Win32.Dh-A.29431.22879.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Unsigned PE
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:30
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:32
Platform
win7-20240215-en
Max time kernel
131s
Max time network
117s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.29431.22879.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.29431.22879.exe"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:30
Reported
2024-06-03 13:32
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.29431.22879.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.29431.22879.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133009383.exe 000001
C:\Users\Admin\AppData\Local\Temp\242603133009383.exe
C:\Users\Admin\AppData\Local\Temp\242603133009383.exe 000001
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133019273.exe 000002
C:\Users\Admin\AppData\Local\Temp\242603133019273.exe
C:\Users\Admin\AppData\Local\Temp\242603133019273.exe 000002
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133029805.exe 000003
C:\Users\Admin\AppData\Local\Temp\242603133029805.exe
C:\Users\Admin\AppData\Local\Temp\242603133029805.exe 000003
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133038945.exe 000004
C:\Users\Admin\AppData\Local\Temp\242603133038945.exe
C:\Users\Admin\AppData\Local\Temp\242603133038945.exe 000004
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133048461.exe 000005
C:\Users\Admin\AppData\Local\Temp\242603133048461.exe
C:\Users\Admin\AppData\Local\Temp\242603133048461.exe 000005
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133059070.exe 000006
C:\Users\Admin\AppData\Local\Temp\242603133059070.exe
C:\Users\Admin\AppData\Local\Temp\242603133059070.exe 000006
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133108086.exe 000007
C:\Users\Admin\AppData\Local\Temp\242603133108086.exe
C:\Users\Admin\AppData\Local\Temp\242603133108086.exe 000007
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133117102.exe 000008
C:\Users\Admin\AppData\Local\Temp\242603133117102.exe
C:\Users\Admin\AppData\Local\Temp\242603133117102.exe 000008
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133126680.exe 000009
C:\Users\Admin\AppData\Local\Temp\242603133126680.exe
C:\Users\Admin\AppData\Local\Temp\242603133126680.exe 000009
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133136133.exe 00000a
C:\Users\Admin\AppData\Local\Temp\242603133136133.exe
C:\Users\Admin\AppData\Local\Temp\242603133136133.exe 00000a
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133145930.exe 00000b
C:\Users\Admin\AppData\Local\Temp\242603133145930.exe
C:\Users\Admin\AppData\Local\Temp\242603133145930.exe 00000b
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133155852.exe 00000c
C:\Users\Admin\AppData\Local\Temp\242603133155852.exe
C:\Users\Admin\AppData\Local\Temp\242603133155852.exe 00000c
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133205070.exe 00000d
C:\Users\Admin\AppData\Local\Temp\242603133205070.exe
C:\Users\Admin\AppData\Local\Temp\242603133205070.exe 00000d
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133214570.exe 00000e
C:\Users\Admin\AppData\Local\Temp\242603133214570.exe
C:\Users\Admin\AppData\Local\Temp\242603133214570.exe 00000e
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603133224961.exe 00000f
C:\Users\Admin\AppData\Local\Temp\242603133224961.exe
C:\Users\Admin\AppData\Local\Temp\242603133224961.exe 00000f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yhsk.sqtu.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | yhsk.sqtu.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 19.94.70.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kezj.mudd.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | kezj.mudd.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | ovcj.azut.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ovcj.azut.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ggxb.fsgs.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ggxb.fsgs.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pvzq.fkhu.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | pvzq.fkhu.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | ukxc.xgvz.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ukxc.xgvz.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | mafn.yitw.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | mafn.yitw.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lqao.dysi.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | lqao.dysi.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | spcu.bbwo.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | spcu.bbwo.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | jvhw.nhkr.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | jvhw.nhkr.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cbgv.alzb.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | cbgv.alzb.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | hdlf.xpfh.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | hdlf.xpfh.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | mpqq.umul.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | mpqq.umul.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | ftny.agzm.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | ftny.agzm.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | oitx.ssel.v5.mrmpzjjhn3sgtq5w.pro | udp |
| PL | 193.70.94.19:80 | oitx.ssel.v5.mrmpzjjhn3sgtq5w.pro | tcp |
| US | 8.8.8.8:53 | 25.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\242603133009383.exe
| MD5 | 91e463d9402e3dbad5bfd218e6653572 |
| SHA1 | e1c1630b682320bece6d5b86134d08a06e0ab6f8 |
| SHA256 | 213387ad774fe7befa83a9b32ac37e6cb5c733741f911308a606d0098bf5ea6e |
| SHA512 | 8690830048f13500fe5dc9d24058f88ad8276de74d1ce1142af43f97549744e35dd0d008c4a3ba1ea4a3b47ac0dbce3b68f05fc19ca06e75f1db8d8fc2c0c5ea |
C:\Users\Admin\AppData\Local\Temp\242603133019273.exe
| MD5 | 673e64a5fac35a45b0f83ccd08021149 |
| SHA1 | 78d41eb241baa2f7dcfbea2a09f643db506884bc |
| SHA256 | e1250e36e39ab8fdce1ccd9b38cdea3dd748954162285887c1ba6682661df1b0 |
| SHA512 | 6871880dd3ee6ade1230b68d35dd6cae297a9843d9c0920639c68cea4987a4602077bb0a00a7b356675d2d71bb202b5cdffb147c87bb01bbad252bf33a131cae |
C:\Users\Admin\AppData\Local\Temp\242603133029805.exe
| MD5 | 54d6368b23f0fc680436b06aa862925d |
| SHA1 | c7cefda72c76996c18f46ea4ea2e867b8cfd8e96 |
| SHA256 | a4e872bd7288f9775ce40b04c403e7a1700d27c18411f411eca2f58fcdb9abc5 |
| SHA512 | e7e99a5e29b0dd91993dbf11dc5698e71ab4daf8115f28bc228a68c3fdf4fc56baba0941928d5218b7988b5e4e27ecf8bc6eb9483d95a9edb92d45c15af12a19 |
C:\Users\Admin\AppData\Local\Temp\242603133038945.exe
| MD5 | aa7301f6b0540628d5290f68d8ee7aa3 |
| SHA1 | 527a08c30aa65471606c5952afa85b2368aa6260 |
| SHA256 | 30fca0a0e45209539fe83f35154d1fc529db51f14b2367964565bc6dffb71754 |
| SHA512 | 15e8d57289d2caa1d2c918dcd333537bde302965a9a53582046dd0697fa33993ddd3be611d64ce065453a79b265c27d164099cbe2923f9ae9382f6530cb75911 |
C:\Users\Admin\AppData\Local\Temp\242603133048461.exe
| MD5 | 75e6ff299084d0966eabbb7c1a7fbfcb |
| SHA1 | a6bba5efc1f5a659e16f189b93f12106861ca82f |
| SHA256 | 1889770d36511d26d7b625c108785fa9e5c5441524fa221ee816eb8d306ee3e0 |
| SHA512 | 8051a1fe784d54b975c60d975d4e19c91ecd51017c0b63b8d985f5c14fbdec2271f1b7246183c74555abd79ead07bf46b57b6ab2a61bed4dff7e6e9a1e22ca45 |
C:\Users\Admin\AppData\Local\Temp\242603133059070.exe
| MD5 | 11f3b923809743c68473f37be5111f08 |
| SHA1 | 6c74b4956336b916b5b970bee0e92b1af314ff55 |
| SHA256 | 26dc681b2d8c43c3d999a63b03ff69dba1996d13c23172543e09c922e2c90075 |
| SHA512 | 3056539f15573361c30e71638fe039887ccf19ebc1753b22749faac95e4261b25c0a6a2e65b159097567ae13b19202c7a59746e2d34ed9289214bb41183b10e5 |
C:\Users\Admin\AppData\Local\Temp\242603133108086.exe
| MD5 | 3bf246eeb9b038d39ea258ccdc163018 |
| SHA1 | c7623feb1a2d04622c2e00428fb4aa3935e5b426 |
| SHA256 | 47b515a121e9d8febc6709bdc3278dbf7a0767f6cf411746f385737dfbe843d0 |
| SHA512 | 2961299417bbf9064f8e662b1a497191e37ffd9eb8b8dbc48dbb352307fb0fcfabaa2fdeb7b6e93f5f9ef9311825b86093c61fe81828e8b7dfb3f553ceaf985a |
C:\Users\Admin\AppData\Local\Temp\242603133117102.exe
| MD5 | f9d6766262a0e9c343995f64b651cb8e |
| SHA1 | 234dd83d146f2a24eb63fb6d09a192f393599525 |
| SHA256 | 09eb53c7b4f971c82a2f2bc9d5c0a366b871dffa531622eba57d2c6472e5bcf2 |
| SHA512 | 72c537fb4a5597014b1069eedba9e38f6493bce211668600048c18b781aac0a03680c48a74b15f73b45032d99116c323abf8a9c3c4ae5cbc6286025d3a6fcca8 |
C:\Users\Admin\AppData\Local\Temp\242603133126680.exe
| MD5 | 9200df9d277bbbb53ceb39590ea8b148 |
| SHA1 | cb8d219f263d0992a26b62abe0d16bc1bda449d2 |
| SHA256 | 0a133425c7f18862feac47563ea881a1c07004dc95fa73adc2908c218bce1dc3 |
| SHA512 | ffccbf9fc9c4821a796e7263ec495183d3778034b0a21ef332acc878b8c0fd02da6b6dc0982a9e123e2809c84a55e3369507ba51372b1283689003b110985b69 |
C:\Users\Admin\AppData\Local\Temp\242603133136133.exe
| MD5 | ae4137fb056795ef04892f97925502f1 |
| SHA1 | 3434a09cb5f746d26803838bb38387e61987834b |
| SHA256 | 496aa816b4ac9288fa3b2584c39510e8536086df3fd837bf0ab2912849ffe105 |
| SHA512 | 701a4b830d3a1322c8bd2c7ffb2200e242ade31200d028e68212f5dcdfe7412ea8387315c9d401c4637bf4e9ee95996e8e49f9c2ceacb941deca9680e89a103f |
C:\Users\Admin\AppData\Local\Temp\242603133145930.exe
| MD5 | 73496d6320b72cedf56613c63c6beea1 |
| SHA1 | cd7803516e55b8d92c435d56479e428bcb870126 |
| SHA256 | 78c3d7ba530092537d2b75043fb0a578af9a70b3749cd5d2ef8feca76816550c |
| SHA512 | 553a06d581af5932d649fddb8487be9241232252cfecb95ae179da59f5a19873da5bf9b8a038605ebc00bb42bd8558bc8542af0e8d5a6fce3a4a3735145a9bd8 |
C:\Users\Admin\AppData\Local\Temp\242603133155852.exe
| MD5 | 101992ba182ba4d90dbd30b28ca2ec0f |
| SHA1 | bd4a0a2f80c44ab69568e6dd72d5347b3f1ee0bb |
| SHA256 | fe532fe96dcba361a54552545ca64034a2d8a31f543aa22b884ba93bef039bc2 |
| SHA512 | 2165b62c72eac3d6796f6e9b1af447143eda0d2da5973635d616b2571f18f908b622af59605e59b1997855d30540c8d897076af10b0b4ea629d867d2fb7a60f4 |
C:\Users\Admin\AppData\Local\Temp\242603133205070.exe
| MD5 | 7d55e79f011c8a9384aab4cb129c0961 |
| SHA1 | c16c206805c4b2834d5c64674b854a28ce096ce9 |
| SHA256 | 74dc380b39b7f31a19a3963ca432d14608f3167f925fe0143142158f64a5be8a |
| SHA512 | 92747e114275712648682884c175de25bd9633d568f284e10fae443f6d00750e972abe0343d4340a0372c7d56d8cf233380b0419f9b5742de79eb865e6cb3532 |
C:\Users\Admin\AppData\Local\Temp\242603133214570.exe
| MD5 | 04f1693ab76abc44128afda3f51ba273 |
| SHA1 | f47626cb7d9e6f5879f1cf3e42655a20d4001464 |
| SHA256 | 34399d663e745e800eb5a3dfb729328107d850d36553db7d082d0db997fa6d24 |
| SHA512 | 81d10ce0f7528b0aebc46b6c0a9c520f1a685db6a684e43bca0a4a6bb64d0a32610e14b0e377183a61da06bf63c884ba644a63756ae50004c3864e99577c18d0 |
C:\Users\Admin\AppData\Local\Temp\242603133224961.exe
| MD5 | ac1f7751e6dfabce7eac5cee10ae42fd |
| SHA1 | 60b7b82c1e84672e6c0c3e3f2bd3c5c5eaf9be12 |
| SHA256 | 7eb79db2db181caa670a309a6c816f3c0bca687f6ecee8f557adb37aec95149a |
| SHA512 | 2516817511a71bed413b3f7608832919e4ba2ed4250673d179c0b8fab71154048f6761f8bc1307095ba62d376159bd26318086da16ea6704df6d5de94cf9a70d |