7ccef9af5267c22a56bdbaf2f9109a02611bba461e0b0321bed42b5911163272

Analysis

max time kernel
140s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2024 04:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.exe
Size

2.5MB
MD5

2f9281010bf12890403934bdb517c2c4
SHA1

6e822864dd45fa4a09d29b6e0dc5906dbf96e3d1
SHA256

7ccef9af5267c22a56bdbaf2f9109a02611bba461e0b0321bed42b5911163272
SHA512

725ea7e7a262d0bc7f75a9f3c24aa1290827198b9146b784d57d984c9cccc7feaa38d8fa6200793bcd226b4da9461e894f728b89c6f94157202b586468de1335
SSDEEP

49152:eBuZrEUGmrsuyh3kw8bgyjvpnLw7vhzDd0Ua7AqKwd40Lp8Hg/9RQTMVG5V:YkLGmY338ZvpnLoxD6ATwdxYg/4I47

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4416	SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.tmp

Loads dropped DLL 1 IoCs

pid	Process
4416	SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 4416	464	SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.exe	81
PID 464 wrote to memory of 4416	464	SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.exe	81
PID 464 wrote to memory of 4416	464	SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.exe	81

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:464
- C:\Users\Admin\AppData\Local\Temp\is-2512O.tmp\SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-2512O.tmp\SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.tmp" /SL5="$601C8,1633941,874496,C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-2512O.tmp\SecuriteInfo.com.Trojan.InstallCore.4086.24549.19610.tmp

Filesize
3.1MB

MD5
4f0ef46de64a97f2f8fcdf189068244d

SHA1
e251fd9a7a56526b623e087c50d767c96844de2b

SHA256
a462faeab6713e66c2c870b873fad186e5b5351d853a0d5432a9edd3311ac032

SHA512
b56b665305199e3a44b10ae9d1710685b3f4bb5ecff6ee77bc6aa743d48528d91f88fa1853daf99f4a0fb652102d6a313a2f61102eed61d3558545cf527fc1dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U9AC2.tmp\zbShieldUtils.dll

Filesize
2.0MB

MD5
b83f5833e96c2eb13f14dcca805d51a1

SHA1
9976b0a6ef3dabeab064b188d77d870dcdaf086d

SHA256
00e667b838a4125c8cf847936168bb77bb54580bc05669330cb32c0377c4a401

SHA512
8641b351e28b3c61ed6762adbca165f4a5f2ee26a023fd74dd2102a6258c0f22e91b78f4a3e9fba6094b68096001de21f10d6495f497580847103c428d30f7bb

Download Submit
memory/464-0-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/464-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/464-13-0x0000000000400000-0x00000000004E3000-memory.dmp

Filesize
908KB

Download
memory/4416-6-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/4416-14-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/4416-16-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/4416-25-0x0000000004C60000-0x0000000004DA0000-memory.dmp

Filesize
1.2MB

Download
memory/4416-26-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/4416-28-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads