Overview

overview

7

Static

static

3

SecuriteIn...57.exe

windows7-x64

7

SecuriteIn...57.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 18:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.PWS.Stealer.36782.3461.5857.exe

  • Size

    18.5MB

  • MD5

    d3c84f235445646915ce3271fdbad74f

  • SHA1

    a8e6048c8a0bedc1f897fd94d95cfa93ead4c8e1

  • SHA256

    c7026676c7ae458b71bf722de69aaa05363a56d121c50047f9a63d2020e4db14

  • SHA512

    03d4d45d76c80281e36c650a68ad3f683d382fe559c405c1045240490343b277b2f854627134a7f97534789c1a05fb0eb1ed63228aca2a86704962b4081ea32e

  • SSDEEP

    393216:k5QwFe2WehslP2WmpO1d4kjTaIicEyEwEWAPVOBR+FKotN8m+Q6x:k2ge2hGqpO1d46aIrjETVOb+w0N5Gx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.36782.3461.5857.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.36782.3461.5857.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Users\Admin\AppData\Local\Temp\onefile_2328_133626040333674000\nuker.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Stealer.36782.3461.5857.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_2328_133626040333674000\python310.dll
    Filesize

    4.3MB

    MD5

    63a1fa9259a35eaeac04174cecb90048

    SHA1

    0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

    SHA256

    14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

    SHA512

    896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

    Download Submit

  • memory/2328-59-0x000000013FDF0000-0x000000014108C000-memory.dmp

    Filesize

    18.6MB

    Download

  • memory/2776-32-0x000000013FB80000-0x0000000143598000-memory.dmp

    Filesize

    58.1MB

    Download