ed498076d6a8d10a08d37784f018717f2c4aa03dab26e53e94cd64013d30ddca

General

Target

SecuriteInfo.com.Win32.Dh-A.26463.22383.exe
Size

12KB
MD5

4bce40de69f3c5641578a571c320b046
SHA1

628b9883cd9ddecb23fbca755bdb65dcde59e8ca
SHA256

ed498076d6a8d10a08d37784f018717f2c4aa03dab26e53e94cd64013d30ddca
SHA512

354a38c5defc63b1ef35c22fd8d6c92c004e6454c2018a19b7b7d57781e107b5ca3edfffb036c06753741221b28dd6b7f687960166966510586bb261fd01a24b
SSDEEP

192:QHoOI1DRV2q+Yk69m3bSyESHzcckvrPDczlfPC4S+tWlJdxqHgrT+1x:QvZqbs3MOdK4S+tWlJj+Z

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
3796	242604221809435.exe
1816	242604221852841.exe
1516	242604221931825.exe
3380	242604221946575.exe
2016	242604222004372.exe
4744	242604222022216.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 212	4040	SecuriteInfo.com.Win32.Dh-A.26463.22383.exe	90
PID 4040 wrote to memory of 212	4040	SecuriteInfo.com.Win32.Dh-A.26463.22383.exe	90
PID 212 wrote to memory of 3796	212	cmd.exe	91
PID 212 wrote to memory of 3796	212	cmd.exe	91
PID 3796 wrote to memory of 4716	3796	242604221809435.exe	92
PID 3796 wrote to memory of 4716	3796	242604221809435.exe	92
PID 4716 wrote to memory of 1816	4716	cmd.exe	93
PID 4716 wrote to memory of 1816	4716	cmd.exe	93
PID 1816 wrote to memory of 4836	1816	242604221852841.exe	94
PID 1816 wrote to memory of 4836	1816	242604221852841.exe	94
PID 4836 wrote to memory of 1516	4836	cmd.exe	95
PID 4836 wrote to memory of 1516	4836	cmd.exe	95
PID 1516 wrote to memory of 3724	1516	242604221931825.exe	96
PID 1516 wrote to memory of 3724	1516	242604221931825.exe	96
PID 3724 wrote to memory of 3380	3724	cmd.exe	97
PID 3724 wrote to memory of 3380	3724	cmd.exe	97
PID 3380 wrote to memory of 4136	3380	242604221946575.exe	98
PID 3380 wrote to memory of 4136	3380	242604221946575.exe	98
PID 4136 wrote to memory of 2016	4136	cmd.exe	99
PID 4136 wrote to memory of 2016	4136	cmd.exe	99
PID 2016 wrote to memory of 1152	2016	242604222004372.exe	100
PID 2016 wrote to memory of 1152	2016	242604222004372.exe	100
PID 1152 wrote to memory of 4744	1152	cmd.exe	101
PID 1152 wrote to memory of 4744	1152	cmd.exe	101

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.26463.22383.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.26463.22383.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604221809435.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:212
- - C:\Users\Admin\AppData\Local\Temp\242604221809435.exe
    C:\Users\Admin\AppData\Local\Temp\242604221809435.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3796
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604221852841.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\242604221852841.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604221852841.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1816
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604221931825.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\242604221931825.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604221931825.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604221946575.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\242604221946575.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604221946575.exe 000004
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604222004372.exe 000005
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\242604222004372.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604222004372.exe 000005
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604222022216.exe 000006
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\242604222022216.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604222022216.exe 000006
        13⤵
        Executes dropped EXE
        
        PID:4744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\242604221809435.exe

Filesize
13KB

MD5
b2f9b641d88c0d7b53e785715df9ee56

SHA1
08910abe00b87b7be81e3dd134aa193bc8d37951

SHA256
af25fefc158294e811f34c219ce5674d34dcc6649d54acafe30fc207a2190c33

SHA512
6be8732f0864cceea59191631950ac7ad08961778330f1dda3a1b9969045563f3e9852b2da1d54e3524fe81abd2d6f12a5e65ae9865dea818d70e49a0e67394e

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604221852841.exe

Filesize
12KB

MD5
b1d1f3f462036b219f4bf19f3f204fe1

SHA1
615c2ffb9d6d251f8809ad539a328d80ea35f0f6

SHA256
8de121239ff72caa4f0b44c32dcbef7c90a7f4d236fc646a604501dc9d937dda

SHA512
9fbabd95eda27520b6aa306b780d4d3f873befd05100067b0b15373b63f9d9db55ff13f83a1560057a1a4c34bfe2de016644ddf140c5606a055b5ca0dc63087a

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604221931825.exe

Filesize
13KB

MD5
ec12df915a857916b341204066531006

SHA1
99e58a615e0884658f568172ece1c15a0277a00c

SHA256
1462a5330ba7c09383a053f300eb5ebed9ece76b8da543e8835543296eec5e72

SHA512
c608994bd4e079c1206cc99ba1bc7e128ba185d35a0f6a9136e31d06d053234e9246180f0cde391f990a9d3c8703d8f4e029567448b7aa14ea316e4dea9a6ff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604221946575.exe

Filesize
13KB

MD5
b528ac0bde4496529d1915a3e2243b21

SHA1
22ec28a036783a67c7c502d4dc8ea0b7e966bd68

SHA256
6e6375d9613d7e858214b7dac6cf43df3eb76ea2f3e798eb6fe3fdc756d56685

SHA512
b1262fa308011f834988b8cd70d4c303d3b9ddbacd7ecbed7ad946c61783162aaf320c797209df8d1b52b2370d270878181916aa4df31074c6afc1c8f29cbbf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604222004372.exe

Filesize
13KB

MD5
8f2774e00697e2befd04da47a58336f1

SHA1
a541217d29f910ad4a1125305881760d9efbd33c

SHA256
6968ea5c2caeda988b0455f93e7f9a95288360ba5e38db18260c6e040e147edd

SHA512
53d7c1d89ab6b1c3ea749b0fc43954c0d58bd6bdc92e7962175078db33a45d4d3a9aa98823830041871252d1dbf9692f5c9b32959076b94ba73aafd09b230ea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604222022216.exe

Filesize
13KB

MD5
8cf111045672c68611949d4b8cbb83a4

SHA1
8eac3ff9df861738360e4803c7d166d4e36965ac

SHA256
7685411bab478927f17cb19ffe6a089d505f38a196311d2b7fd1488dbeba6731

SHA512
cf8530ea35b8d1fa30d7e92014733826626751de2c525b5c1c29c39c4ea1b76c1067911f820b4c659f0c779f9064943bad4038142b89f1737c844875cbd10a18

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads