Analysis
-
max time kernel
148s -
max time network
160s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
04-06-2024 18:29
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe
Resource
win10v2004-20240426-en
General
-
Target
SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe
-
Size
10.5MB
-
MD5
99f4956e54717c033294558697b73fc6
-
SHA1
f528e2da3b2006420fd9cadc8a89f05c6a344c5c
-
SHA256
a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4
-
SHA512
a1bdd9958df6568b8193519bb468d25811d66f7a137fbd6f7e560cb6e926500f322bee8e5dd696a0f71b5a40c2c45c1c5d56c527ddfb61af0f777265c448fb09
-
SSDEEP
196608:Hw5QgkALtDhMedzjecdLJsv6tWKFdu9C7:DALhh3CcdLJsv6tWKFdu9C
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
Processes:
Update.exepid process 2752 Update.exe -
Loads dropped DLL 1 IoCs
Processes:
SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exepid process 3000 SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exeUpdate.exepid process 3000 SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe 2752 Update.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exeUpdate.exepid process 3000 SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe 3000 SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe 2752 Update.exe 2752 Update.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exedescription pid process target process PID 3000 wrote to memory of 2752 3000 SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe Update.exe PID 3000 wrote to memory of 2752 3000 SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe Update.exe PID 3000 wrote to memory of 2752 3000 SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe Update.exe PID 3000 wrote to memory of 2752 3000 SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe Update.exe PID 3000 wrote to memory of 2752 3000 SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe Update.exe PID 3000 wrote to memory of 2752 3000 SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe Update.exe PID 3000 wrote to memory of 2752 3000 SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe Update.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.MalwareX-gen.29059.26923.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\Users\Admin\AppData\Local\Temp\Update.exeC:\Users\Admin\AppData\Local\Temp\Update.exe2⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2752
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\CG70\CG70.exeFilesize
3.1MB
MD53cc1dc425de923dbdc241a1963c8cb00
SHA1bb7c991100eb8d4fcea9b8afcd3c39443f318747
SHA256fd202b2731c8519d0bdb71e3ed93e34380e4451cf932fd6d67fbcca2fb8dd8a6
SHA5121acc3620d2ae06f1c8d41e159b479ffc784ad45a47c3114df732dcc41fb613fa14f1e05dc567ad5f35f59d3f6b0d9f7eb394264256713df528403abe99de7815
-
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\37759BC423A03742BA28F028F83DDC472D0D4EDA.tempFilesize
256KB
MD556099cf04cb62bbf923a643edbecccae
SHA137759bc423a03742ba28f028f83ddc472d0d4eda
SHA256d3e1aed0a65867cf1b03654afa65e908874edf783f7cf1c9111da32b012fc5eb
SHA5120866e5316befadb6404da2f88c830de32b909b626184bfe5c9ba6fe85e28cbaf72ec57fc8779cea1e3f1c0729812e7d27cfb901fb5333797e6e4d4ad9768dd18
-
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\7478BFF813F45871A59099314FEE632EE59DD5A1.tempFilesize
256KB
MD532a2dcc9bfacf55c4855f25479f59dd9
SHA17478bff813f45871a59099314fee632ee59dd5a1
SHA25674298f1761dbd1c98a9bd4fdac019ba09cd0731dfcc43dbf6b571a2ef0616e15
SHA5125e4ae6b42a02c4d9ba147ee3ccd4d77564a6d7964b4a1b65a65e5845f7fd89b7aa9ea192d02f1f896f2298aa0e74025794e21f2e7bd5c35c13c52b4d99384ae8
-
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\B4D3522CE53DB921BE6BD75A8C6062C5D5C56334.tempFilesize
512KB
MD5333f5f3c6f4497a659db23b222fa4542
SHA1b4d3522ce53db921be6bd75a8c6062c5d5c56334
SHA256e94780d1e2393f7c92980d3e66f378117dea4130c546c400b3dd0fd24104cf4b
SHA51288db19bf3fb4c3a4b7df95e8cd5f608fc8f7708b9ed9d0386e5afddfc4a404035372f0ba451a356034d2b3a4f372350086cb85cdb7b53b8853123951d287eed0
-
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\B8EC36E2F3AFFC5383BB0D4F2E640E4C10EB6FA8.tempFilesize
512KB
MD542635b60b9220dc2d5349c5240f8594a
SHA1b8ec36e2f3affc5383bb0d4f2e640e4c10eb6fa8
SHA25659d82d7fbddc6aac95ed23ef3ea4d63fa3d360dc1a628e5976e6103bdd31e355
SHA512a9f19fb6f55707ff786926b3980c5bf23aceb0cf6628b240eef7b1cbcab56b4c6275d343e1eff7f535976e6fa81c7e6e38b510c6aba976b81285d7aa553a9a5c
-
C:\Users\Admin\AppData\Local\Changguang\CG100\cache\update.iniFilesize
2.1MB
MD50051fbeb7086fd085506de9d98792eab
SHA1ed64e40ede39a2824dbbe74ac5495abfbc09e1e9
SHA2567ea07d028281d6848648272cf2e86e030825c67b2ea920f619af701b23027b2f
SHA51275a3fe70ea611273471616592d5788eb47bf575e390aaf303b417af92826a9749d86ecfe8cba42fd2fe7c3469021a61460e2f092a1f207bd6f094b7c11847655
-
C:\Users\Admin\AppData\Local\Temp\configFilesize
18B
MD52f3e86b633adb832ca05f09b1fcb4dff
SHA1de2145e4f1b47fd259ad4f0b33698442f13d5170
SHA256515ca85f56b4277d9f56ba196c1ab0470a50a7511a2593c93cd5a0cf2ba7a52a
SHA512c7b1d2fc66e3144af5806833d6f0fb645bdf90678c6937f116838f32386670aaf9618c80093e4c6bc85de65946d0e54ba2d0e4c8826a768989610476d7eadc22
-
C:\Users\Admin\Documents\Changguang\CG100\Log\cg100_2024-06-04.logFilesize
263B
MD547d9401f6c033d21be9e17ef4fba635f
SHA1d0e15beed1e65247af67419e8de4a51504cbaa98
SHA256c6abb69e424fceea08e366da4343efb3a5e54ca262213f9c500b65285a668dd0
SHA51294c72c794c1073e517bc2943b75f14e758e177f7c21df26ebdd9d731e8b08c13dc10d79a8af0de126f27106b61b61e521c920b7e0edc291d5dc13dee86f82aa6
-
\Users\Admin\AppData\Local\Temp\Update.exeFilesize
10.5MB
MD599f4956e54717c033294558697b73fc6
SHA1f528e2da3b2006420fd9cadc8a89f05c6a344c5c
SHA256a1dc127add3ab677c6e342e9b4a4952ca9a28e0b23024ab060b6667bd12673c4
SHA512a1bdd9958df6568b8193519bb468d25811d66f7a137fbd6f7e560cb6e926500f322bee8e5dd696a0f71b5a40c2c45c1c5d56c527ddfb61af0f777265c448fb09