1e077c70e0b9acaeb6e0f06d8802ead89582bf03680916d271aaae6d8edc8e01

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.Dh-A.19703.14989.exe
Size

13KB
MD5

26b985d5fa055a2b04e24ad39194d9ea
SHA1

f131e82192a070a862a027c64a2ec4b965fd338d
SHA256

1e077c70e0b9acaeb6e0f06d8802ead89582bf03680916d271aaae6d8edc8e01
SHA512

d6371043e5f9ecb464018320d1e1713c7d1c7ddb3860f6e50702f6319ae0ab7fccf03f8bf58516227323a8e25b27c15479d6bd3fea75517b8cbbdad67ec402df
SSDEEP

192:eqqI1/qitgWG68qVSgm5X+Vs4eGb9lCPy2WibDBfK5W+aSFCiWlJdxqHX41x:QZit/iKLb9wP6rtciWlJj+C

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 11 IoCs

pid	Process
5064	242603212406398.exe
4208	242603212416023.exe
1028	242603212428304.exe
2304	242603212439179.exe
380	242603212453085.exe
2096	242603212503992.exe
3736	242603212517445.exe
2080	242603212527023.exe
1416	242603212543101.exe
2384	242603212600804.exe
2712	242603212614617.exe

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 3576	3104	SecuriteInfo.com.Win32.Dh-A.19703.14989.exe	96
PID 3104 wrote to memory of 3576	3104	SecuriteInfo.com.Win32.Dh-A.19703.14989.exe	96
PID 3576 wrote to memory of 5064	3576	cmd.exe	97
PID 3576 wrote to memory of 5064	3576	cmd.exe	97
PID 5064 wrote to memory of 4144	5064	242603212406398.exe	98
PID 5064 wrote to memory of 4144	5064	242603212406398.exe	98
PID 4144 wrote to memory of 4208	4144	cmd.exe	99
PID 4144 wrote to memory of 4208	4144	cmd.exe	99
PID 4208 wrote to memory of 1624	4208	242603212416023.exe	102
PID 4208 wrote to memory of 1624	4208	242603212416023.exe	102
PID 1624 wrote to memory of 1028	1624	cmd.exe	103
PID 1624 wrote to memory of 1028	1624	cmd.exe	103
PID 1028 wrote to memory of 920	1028	242603212428304.exe	105
PID 1028 wrote to memory of 920	1028	242603212428304.exe	105
PID 920 wrote to memory of 2304	920	cmd.exe	106
PID 920 wrote to memory of 2304	920	cmd.exe	106
PID 2304 wrote to memory of 752	2304	242603212439179.exe	107
PID 2304 wrote to memory of 752	2304	242603212439179.exe	107
PID 752 wrote to memory of 380	752	cmd.exe	108
PID 752 wrote to memory of 380	752	cmd.exe	108
PID 380 wrote to memory of 3904	380	242603212453085.exe	110
PID 380 wrote to memory of 3904	380	242603212453085.exe	110
PID 3904 wrote to memory of 2096	3904	cmd.exe	111
PID 3904 wrote to memory of 2096	3904	cmd.exe	111
PID 2096 wrote to memory of 3652	2096	242603212503992.exe	112
PID 2096 wrote to memory of 3652	2096	242603212503992.exe	112
PID 3652 wrote to memory of 3736	3652	cmd.exe	113
PID 3652 wrote to memory of 3736	3652	cmd.exe	113
PID 3736 wrote to memory of 5044	3736	242603212517445.exe	114
PID 3736 wrote to memory of 5044	3736	242603212517445.exe	114
PID 5044 wrote to memory of 2080	5044	cmd.exe	115
PID 5044 wrote to memory of 2080	5044	cmd.exe	115
PID 2080 wrote to memory of 3952	2080	242603212527023.exe	123
PID 2080 wrote to memory of 3952	2080	242603212527023.exe	123
PID 3952 wrote to memory of 1416	3952	cmd.exe	124
PID 3952 wrote to memory of 1416	3952	cmd.exe	124
PID 1416 wrote to memory of 4564	1416	242603212543101.exe	125
PID 1416 wrote to memory of 4564	1416	242603212543101.exe	125
PID 4564 wrote to memory of 2384	4564	cmd.exe	126
PID 4564 wrote to memory of 2384	4564	cmd.exe	126
PID 2384 wrote to memory of 4388	2384	242603212600804.exe	129
PID 2384 wrote to memory of 4388	2384	242603212600804.exe	129
PID 4388 wrote to memory of 2712	4388	cmd.exe	130
PID 4388 wrote to memory of 2712	4388	cmd.exe	130

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.19703.14989.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.19703.14989.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603212406398.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3576
- - C:\Users\Admin\AppData\Local\Temp\242603212406398.exe
    C:\Users\Admin\AppData\Local\Temp\242603212406398.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:5064
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603212416023.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\242603212416023.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603212416023.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4208
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603212428304.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\242603212428304.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603212428304.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603212439179.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\242603212439179.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603212439179.exe 000004
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2304
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603212453085.exe 000005
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\242603212453085.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603212453085.exe 000005
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603212503992.exe 000006
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\242603212503992.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603212503992.exe 000006
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2096
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603212517445.exe 000007
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\242603212517445.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603212517445.exe 000007
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3736
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603212527023.exe 000008
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\242603212527023.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603212527023.exe 000008
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2080
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603212543101.exe 000009
        18⤵
        Suspicious use of WriteProcessMemory
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\242603212543101.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603212543101.exe 000009
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603212600804.exe 00000a
        20⤵
        Suspicious use of WriteProcessMemory
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\242603212600804.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603212600804.exe 00000a
        21⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242603212614617.exe 00000b
        22⤵
        Suspicious use of WriteProcessMemory
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\242603212614617.exe
        
        C:\Users\Admin\AppData\Local\Temp\242603212614617.exe 00000b
        23⤵
        Executes dropped EXE
        
        PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\242603212406398.exe

Filesize
13KB

MD5
fa1bbdb7fcbf2e41da8f4b99d947e9c2

SHA1
f03087642046027ad35ceed9660c8d053bbc8ab5

SHA256
32d3be8554e048b498f71cdb6cf8c9817780d3adfd408b2a2de18e06edcf2324

SHA512
37845285bebd4987b73ebd3edd25cb25c5186550fa6192c9605bc6216bed86ec19d635ccb9d1e96545af097997689d1c70d6534a0c271c08e28f94a0d191e5f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603212416023.exe

Filesize
12KB

MD5
3a9a9c5e1232c81c20a3ef719571fff1

SHA1
0ec8df5e02a86675ff7833b95474c7f95b8ee372

SHA256
4e69e8233e2d67f0a5130e35d6170b506acde5a22280e6b085c8ee80040a4404

SHA512
0165e3b595b55491a2ca92d9b2b958fc3c6b3bc070ca28fd7ff9e0942284c61d4b701e6886c6cf75d4f31f761cbfacc4a074969c47d939b5daf04bbb57d2c542

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603212428304.exe

Filesize
13KB

MD5
b333942009841154fc1ca6f4cec0204e

SHA1
2eaafd5fe114c8841ceaacca72f57cfcba9f6be5

SHA256
66e796bfbbc58ad8bcddd3d309f0375560bf1dd67710eae3d2f0ed176d206276

SHA512
0dbe318238deb69454aefb68ed888a89555d3a9297faabc46a4047a0f90c6fe489f57b09170da9c3a5119a1efeb2051e1bdfae88ecc65072ee442f671de10d2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603212439179.exe

Filesize
12KB

MD5
5766f685022bf9bfecb96863525323e4

SHA1
db801cbe6968d55017001a09275c8325b0af9db2

SHA256
0afd6ddd0ddc0fb4338eb448949f1f264cb9d6185a7f232c398f4c0761c756a7

SHA512
f858adfa19e8ee1955ec1a3f38ef5a7dc7e81e103f541ec6d885f30492bd52578acfc43aaab42c7afbfd3c0875a57f7a17b7b29b3ec3163a0a2a89a68c082d18

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603212453085.exe

Filesize
13KB

MD5
32c4480e8f90e4af666df1418f69efa0

SHA1
d94e5570aa6eeb3d8d100e5cd0b024ae493a9dd0

SHA256
e27eec4df8774f5e1846085b451bc4f4566ce4a41aec1f631b97d4502a6eafa3

SHA512
983469ce0e62279b495d976fba5226739f6cdad25d8617725ab5781abd3290498572ca64cc71214194e90b83c2639c02780614f5908830df6646b3203834571d

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603212503992.exe

Filesize
12KB

MD5
5ea1f2247f8f7988a1432108f93c3e6c

SHA1
4755718ce9b8a69a94703e8b35448141d751c920

SHA256
837818fc94b0f59d0d6d0e76cea08226958c91f593c6cee9e9897c83db6e7c80

SHA512
273097c3566b674c8568475dfe5118e51efdf49600fa38590480db434938787f231198bf240ce34842c2fb70d80a587afbb7c709b6012fc092b7f48bb4d291e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603212517445.exe

Filesize
12KB

MD5
03ebf92adc39c715125f14c163264765

SHA1
5472bfeaaf82f0a5eadc6ca559639af18dd53459

SHA256
a0f5294361fab6ef5d5cd7ecc5d3fe8eb2ddb1c243bc3e33de7910bcbae5223d

SHA512
3607eaabfc4e13bb96b65d399f0b967eeda3cac941a619f0ef4f614469edba23645b0f8e83203f0a4cf06a44ee637f281e10c27985fc81d5d7423bd669f6a0b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603212527023.exe

Filesize
12KB

MD5
0da47bc0e29a68b8a6b480388e6d364b

SHA1
1216ca3a3600da2534d537e9528176824a2aee18

SHA256
7f8f827b0a1b4fb44653210ca846aec8c4fcdc113e543c24d615d6bb13f440e4

SHA512
0e32e6ac683c0bd870938bf679e3ce5c9cc1107accff32fd0f437cd8db329cb798c3f3092c8e49fd746a633bac36d9cd786737b331431ca9145a7a8c7172d2f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603212543101.exe

Filesize
13KB

MD5
b20fa6876b095239fde0a7490fbe2076

SHA1
38376a489da6c8788227c7c8c2cb770212ea76dd

SHA256
62d862ee0fd9d512e3076967103ec65907cd10087c16e10f060b6ad503985699

SHA512
4a98349382daec00322ed3df445ab847f0ad1c3c921cc22b8e21d38fb8c46473e345a6de80f19ab9825706dae0e49a79f3b4a10e36475aae600954ae57df1238

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603212600804.exe

Filesize
13KB

MD5
fa05667ba655a0e1df8b8be4565aad9a

SHA1
70ae67c42e0111e3e82617f390b146940c608725

SHA256
0146a5cebb85e0b6566e6e48598276ac1087f21630c5130e7c9b8c5f17b768d4

SHA512
cbec4c4682441f38fa502638f0ff4c6f967f3e01198309c1ecf8906a43d623049b1812de76768cca46f56c355afba2341ed5771e924dc755ebe89dbb81596af7

Download Submit
C:\Users\Admin\AppData\Local\Temp\242603212614617.exe

Filesize
12KB

MD5
87968fc359258160f9980d969845dc78

SHA1
e06f913fae7a1c1bd307c8f69c186d4ba2365049

SHA256
6501262325faef31990e0f93dee65d6cb8dd7db6a22ae07500da4d98c2352df9

SHA512
80ecc847fead724f8611b139d279c422f5165c75946a8f414e1fa8b981b891ed6fc938e05b9ee9db48b4829fcebbd236fa17c7174b0248be83ba9837d5b624d4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads