4e14bd8a9a7cfaa1830e22cd83dbfddc62ed427e110727e80897fdde31e8e76f

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.Dh-A.31888.32254.exe
Size

13KB
MD5

65b6e5419e14c1e0729f4b7ce047bb5b
SHA1

7594d2bba78a863e24b890d229388a076a8c2b6e
SHA256

4e14bd8a9a7cfaa1830e22cd83dbfddc62ed427e110727e80897fdde31e8e76f
SHA512

96c36d6dbbd37d98bf167294aa03244adeac3554aaf16dad61fc791df3593b43ad97c2d21586205977556d938bf46b064e0409f1c4bc04a9327017c21789f9c9
SSDEEP

192:ByDI1XXPSe+6ZNHTm5vMBWvGpkPk6q2DqZcDpdNmK8WlJdxqHiYrkVD1xd:+4PBHnpObpAK8WlJj+cL

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
2732	242604221809429.exe
4076	242604221826632.exe
4536	242604221842101.exe
2580	242604221906960.exe
4780	242604221920304.exe
4380	242604221932773.exe
3752	242604221947898.exe
4688	242604222026804.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 4524	2664	SecuriteInfo.com.Win32.Dh-A.31888.32254.exe	95
PID 2664 wrote to memory of 4524	2664	SecuriteInfo.com.Win32.Dh-A.31888.32254.exe	95
PID 4524 wrote to memory of 2732	4524	cmd.exe	96
PID 4524 wrote to memory of 2732	4524	cmd.exe	96
PID 2732 wrote to memory of 2116	2732	242604221809429.exe	99
PID 2732 wrote to memory of 2116	2732	242604221809429.exe	99
PID 2116 wrote to memory of 4076	2116	cmd.exe	100
PID 2116 wrote to memory of 4076	2116	cmd.exe	100
PID 4076 wrote to memory of 4964	4076	242604221826632.exe	101
PID 4076 wrote to memory of 4964	4076	242604221826632.exe	101
PID 4964 wrote to memory of 4536	4964	cmd.exe	102
PID 4964 wrote to memory of 4536	4964	cmd.exe	102
PID 4536 wrote to memory of 3972	4536	242604221842101.exe	105
PID 4536 wrote to memory of 3972	4536	242604221842101.exe	105
PID 3972 wrote to memory of 2580	3972	cmd.exe	106
PID 3972 wrote to memory of 2580	3972	cmd.exe	106
PID 2580 wrote to memory of 540	2580	242604221906960.exe	107
PID 2580 wrote to memory of 540	2580	242604221906960.exe	107
PID 540 wrote to memory of 4780	540	cmd.exe	108
PID 540 wrote to memory of 4780	540	cmd.exe	108
PID 4780 wrote to memory of 3064	4780	242604221920304.exe	113
PID 4780 wrote to memory of 3064	4780	242604221920304.exe	113
PID 3064 wrote to memory of 4380	3064	cmd.exe	114
PID 3064 wrote to memory of 4380	3064	cmd.exe	114
PID 4380 wrote to memory of 4852	4380	242604221932773.exe	120
PID 4380 wrote to memory of 4852	4380	242604221932773.exe	120
PID 4852 wrote to memory of 3752	4852	cmd.exe	121
PID 4852 wrote to memory of 3752	4852	cmd.exe	121
PID 3752 wrote to memory of 4132	3752	242604221947898.exe	122
PID 3752 wrote to memory of 4132	3752	242604221947898.exe	122
PID 4132 wrote to memory of 4688	4132	cmd.exe	123
PID 4132 wrote to memory of 4688	4132	cmd.exe	123

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.31888.32254.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.31888.32254.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604221809429.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4524
- - C:\Users\Admin\AppData\Local\Temp\242604221809429.exe
    C:\Users\Admin\AppData\Local\Temp\242604221809429.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604221826632.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\242604221826632.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604221826632.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4076
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604221842101.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\242604221842101.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604221842101.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604221906960.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\242604221906960.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604221906960.exe 000004
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2580
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604221920304.exe 000005
        10⤵
        Suspicious use of WriteProcessMemory
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\242604221920304.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604221920304.exe 000005
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4780
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604221932773.exe 000006
        12⤵
        Suspicious use of WriteProcessMemory
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\242604221932773.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604221932773.exe 000006
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4380
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604221947898.exe 000007
        14⤵
        Suspicious use of WriteProcessMemory
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\242604221947898.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604221947898.exe 000007
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3752
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242604222026804.exe 000008
        16⤵
        Suspicious use of WriteProcessMemory
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\242604222026804.exe
        
        C:\Users\Admin\AppData\Local\Temp\242604222026804.exe 000008
        17⤵
        Executes dropped EXE
        
        PID:4688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\242604221809429.exe

Filesize
13KB

MD5
f4ffe84ef0ee4269cb06a492082f91f0

SHA1
21ca3eecc071526693a1c6fdb23057aac1ddcb5b

SHA256
051c33e6560f6f60c09fb96b6c5bde79c6274e437478e1fa62dcf669ece210df

SHA512
46ab960b491e4efadcee6fb8f35d40df79a9a8adfb2822b1bd07cff39469686b9d8a76020fba35f9f908d7e568bbcbd28025b81922bc675eab17003814585613

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604221826632.exe

Filesize
13KB

MD5
a7c5f89e322598e6496e2f64ca9cffe4

SHA1
c81c10d73cea3c30fde96813cfebc95f2322a61b

SHA256
e160513be2c2b7f05337d7355d447cf4996d1799c8b038bcd2b26f16172229d5

SHA512
183e50d99beb25d8489e309fca7dc747b293a28ac9ceeb81562522035a4883f415fe1324ff999233e296aeda3930900733ff70643266ae2aad1b9dc1012cd76e

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604221842101.exe

Filesize
12KB

MD5
b048805dce5d98fa1fde7ad3f1c9788b

SHA1
82d15fc6099d2f4c48a86794f43250579c25bd92

SHA256
2d612c923ef3e26d8445db5079fba6cd1415af4cc6858cf91363fecc4d6f6a20

SHA512
8bf4d6d19e920b5d5297c4cc114fa420334b9f3aa450de763a63d731a2f49126182d16d023b2e6c95377ae367c38fab00a8bb4c294ddcaa79aaeb22c2ea7e222

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604221906960.exe

Filesize
12KB

MD5
20d3bff35923caadb80c2f477a76aeec

SHA1
4950c908a364d8ee99139b46e87cb1c814caf31a

SHA256
a1b02dc75784a9ddd87e3a759dbe62510599385e2e4916f8dcfa9cf6a394e6a2

SHA512
d449a7af0af3680a74aae5855dd4fae17bd7409ae7f70e68191460b866a0400e51de8396c9296a4241498af4d71b283b5fa55a6780673a8bd170edc2d52748ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604221920304.exe

Filesize
12KB

MD5
49ef4ba1159781a213e8ab7f102c1ca3

SHA1
3e577fbd25bdff79ee824da404f4cbafbb14a783

SHA256
856f6571be1b13e29d73e039a22436f1efd2f73f451196e8f3bde3ee07b28e84

SHA512
1dbfa1dd26f246b0d6a266c8ae20ee535692061fc8129c9e2197eb3d587e8bec96a9ba4497f4875630b4eb6755c7596edec160695fc9a3239b435598d0bc66bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604221932773.exe

Filesize
13KB

MD5
3d53d12da5460e6b7202ad6b9df8ec92

SHA1
c00de3f2cd86a1854f9f68e981e587d0b1a7db90

SHA256
99579ee5a8734473287a24fc2adf4cf666009d61a8f75de16b80e2c43205721e

SHA512
ec3ce7750db9d71cab603485b5f11bbf654188afdf6330caa5177c9515e06a5b634075ba7834c87074655dab8db45d1e0794c2df80ca30b55537068747c294b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604221947898.exe

Filesize
13KB

MD5
27e6644fd8344a1f2106b4277183ad24

SHA1
044a2b613f75337fc0084a50df1e5d059b1e8a44

SHA256
a839577d295f91e867a8428d4b3072be331c67cc01e276a594640b4a7f69fff6

SHA512
5390425ff95f5c12dae4ee5ac99d5306aaa605500c9feead02ed253fdadc9d19daa77945548caf45ae6cf1773a39c1e2e711b3b542f3ed21468a8f0b01a269f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\242604222026804.exe

Filesize
13KB

MD5
2870ac8aa012f2a580ab36755e8ef6b5

SHA1
0dc581c4d146629036bfc6336250d11927d88e92

SHA256
756017ed109e8ce51f05bac733412bb890d9b005995efbb8bdd6b91e66960a69

SHA512
c00b87df0dde268defa2bc16635a89d66dfa21ca08d7ac0d067a2947fbfdbe45ef4161fcdfafa052f9482daa975159830717d016ff6bda8ec693df9feb43294f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads