d345ad8740e45c37045eeecdc6eff044e7af793c2fdeffc3664ab7911332083b

Analysis

max time kernel
58s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win32.Dh-A.14933.18043.exe
Size

12KB
MD5

6b70c65fe726dcad837b6d0e7590b045
SHA1

3dbe0c9bb493343d897f0fa6ed0f30d1bef21f3a
SHA256

d345ad8740e45c37045eeecdc6eff044e7af793c2fdeffc3664ab7911332083b
SHA512

558a675b4842a24cf464c9cb89f2fa845ab1167f3eca3d60dfcc00efb444e434d9c0e991c5296a1184a491854685bd4e6c954164c8eda7d80f1e7f93ac9042e9
SSDEEP

192:rSrI1CIumAT816wmisNH98f8iV11cVDPTX1xWZVdB6jl9xmoRJRBWlJdxqHbrNBu:kcuJobsbeiVPuO700WlJj+hM

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
1484	242605192532669.exe
4788	242605192543075.exe
1920	242605192553966.exe
4428	242605192613981.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 4980	2564	SecuriteInfo.com.Win32.Dh-A.14933.18043.exe	100
PID 2564 wrote to memory of 4980	2564	SecuriteInfo.com.Win32.Dh-A.14933.18043.exe	100
PID 4980 wrote to memory of 1484	4980	cmd.exe	101
PID 4980 wrote to memory of 1484	4980	cmd.exe	101
PID 1484 wrote to memory of 4740	1484	242605192532669.exe	102
PID 1484 wrote to memory of 4740	1484	242605192532669.exe	102
PID 4740 wrote to memory of 4788	4740	cmd.exe	103
PID 4740 wrote to memory of 4788	4740	cmd.exe	103
PID 4788 wrote to memory of 1572	4788	242605192543075.exe	106
PID 4788 wrote to memory of 1572	4788	242605192543075.exe	106
PID 1572 wrote to memory of 1920	1572	cmd.exe	107
PID 1572 wrote to memory of 1920	1572	cmd.exe	107
PID 1920 wrote to memory of 396	1920	242605192553966.exe	108
PID 1920 wrote to memory of 396	1920	242605192553966.exe	108
PID 396 wrote to memory of 4428	396	cmd.exe	109
PID 396 wrote to memory of 4428	396	cmd.exe	109

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.14933.18043.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Dh-A.14933.18043.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605192532669.exe 000001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4980
- - C:\Users\Admin\AppData\Local\Temp\242605192532669.exe
    C:\Users\Admin\AppData\Local\Temp\242605192532669.exe 000001
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1484
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605192543075.exe 000002
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\242605192543075.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605192543075.exe 000002
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4788
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605192553966.exe 000003
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\242605192553966.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605192553966.exe 000003
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1920
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605192613981.exe 000004
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\242605192613981.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605192613981.exe 000004
        9⤵
        Executes dropped EXE
        
        PID:4428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605192625528.exe 000005
        10⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\242605192625528.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605192625528.exe 000005
        11⤵
        
        PID:2888
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605192635903.exe 000006
        12⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\242605192635903.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605192635903.exe 000006
        13⤵
        
        PID:2852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605192646200.exe 000007
        14⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\242605192646200.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605192646200.exe 000007
        15⤵
        
        PID:1620
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\242605192723356.exe 000008
        16⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\242605192723356.exe
        
        C:\Users\Admin\AppData\Local\Temp\242605192723356.exe 000008
        17⤵
        
        PID:3312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\242605192532669.exe

Filesize
13KB

MD5
911248bbc927842d230b026a3ccb4948

SHA1
1b9987b4fb0219df13661642f0df5aabb2ae2d84

SHA256
aa3d2f170be23b7d06b75d3ac9a015deec366f03af602ff87f1fa9f36edfe08b

SHA512
138a55d21b6b170c3ce86f28c6dcdbe99e309602eb460b85979b1c5ed8275d413d0f876f4630fceea7468a75580764cff289c23dfb0649c977eb696fea53a9dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605192543075.exe

Filesize
13KB

MD5
1676ad9109859192eb8aabe2bc3da31a

SHA1
c6ee9352227010d508b35b4509935e97401c1670

SHA256
e68d4c024d787058067a4d47ef045062f9f03f42f884d458f06b951231776cc9

SHA512
849a8ece4240b1da64cf0afb2ebf0ad7a804b66a12a9488fedb140affabddaaa92b17dc89a521c7913777ba31d91ba6b10b4cf016bd63c92761416154bb523e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605192553966.exe

Filesize
13KB

MD5
f5627f594797bbfa89dd7549e2a534c3

SHA1
31c6b28ceb53764454a4ce67ec84b04c2ac9631f

SHA256
894cbd9addd67e342f8802ef6f70597e2049dcd96fe4684d323d198907b3b195

SHA512
254ba0f711bebc8be541b5e4b864b5ea90c6d20be98dd4515d00201d9ec2e1ad4fd4de012541eb38ff257fb632fb8f50e9111d4c9c901e4fbe64b805a3579ff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605192613981.exe

Filesize
12KB

MD5
783ba633cba379ed81277db8e215128b

SHA1
d1f768e466925f4166b13ecadf1347a8127c2aed

SHA256
603966d6dae321f63952088fa45471565f39f096bdfe7d9a1e085250f30a6e48

SHA512
8edb422050a9370c9b1172dc60060642559a7a567f92a562cc09a3b003aa792f5091a29b1e0599c83d5b4ead7db99d6ec6e97c49362caead63b1c72829e00bcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605192625528.exe

Filesize
12KB

MD5
20eeff54367c2fd24696b6941e91fdd5

SHA1
ddacc593a2ad1846451b60da8557bc6148233e47

SHA256
ecc41374620db66fb568ab4c04445044ce611ec47d7cd108c6639a2b924afde5

SHA512
2b018ad6b6a1832039fba900dade025c57bc7924e93a6a0f38f361d098a6e9bd383546b394b73a11c29866da9d344fc997d86733e62068a1183209d5fe4d0e90

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605192635903.exe

Filesize
12KB

MD5
376216405a39c9682ecea94dda1c90a1

SHA1
556c4d7229ec1337c945c6b6cca135ffb69c4930

SHA256
b52340d43486ed5285139b111b569fee6993887b44068c569dab5f9cb10881ca

SHA512
ce471bbcbe5cbc8553e671be4052ce9f325ae9c97e974f35e0993443c6c429c99414d482ded7df6e87817f01fd1a76a8febbe76129980a1eb8c001b984eee230

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605192646200.exe

Filesize
5KB

MD5
3e05220a605da64fcc4ea4b3734ed5fc

SHA1
bf82fef674898e0b9e2527bad7b42cc6baad425f

SHA256
1be6db150eef96fd102351f37d60a561ad2c32802b7c6da62532b9583420db0d

SHA512
de2205f8aefeec5a7b3bfa0c1b0fdd242596531729c448be1cdcf553f8009cabfd095e1db8c783176332bf643d483d4d21fbad242eb55adfa23e2f481ec5012a

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605192646200.exe

Filesize
13KB

MD5
08a8bfa867dcfdde2b05206aae7fd186

SHA1
56c0cdd8994e30c90b77d3b262fa3e6583b93b65

SHA256
7320050b9374263a8438e725d63ae5b20a510e2555bb9e41ee03f5d249d3aa92

SHA512
719cdd58c784d65fea847650cf74d1ddc4abc4b78a89ebc2fd49eb747561a1ec940e27099b67019f32de3166e90922f2792b65ae70e7859312705fb8218af246

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605192723356.exe

Filesize
1KB

MD5
497abcead11ce9bd62f539384e2b9088

SHA1
1b2ee1a37ff0826fc4e83d6c9720abc65fd6fdfb

SHA256
408c5d3046479495b369e5ab84613e313def5a182f6803175d250802a73e2089

SHA512
b951f533e1dd2a0d977d147237a0b5eee55ade40add20deb6cbdb045f355b0f5d12d3cf529b87e9ac3f69cd29072803bca2772f07fede63ec57b225352d9c6a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\242605192723356.exe

Filesize
2KB

MD5
8a5c49f32a13778267d3c02c8caa6302

SHA1
0d0d9a5ab4f376f7b881f30facd2e3bf25c9cbbd

SHA256
0293be6f4cda8fb77785e0ee77da20bf625af50147c58edeb3747e5ab48336d1

SHA512
5bef546ad2415be89505ed64f5763210a523e466672e9862f4618c2b33940df1e1843985cef65e1337e361b3249ea911db8a62235111b9a47def05f78afb9a4e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads