Overview

overview

9

Static

static

7

SecuriteIn...59.exe

windows7-x64

9

SecuriteIn...59.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    29/06/2024, 16:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe

  • Size

    12.6MB

  • MD5

    0fd93d95f5427314c472acf35a741bd8

  • SHA1

    82c4a03fc289ff7231a55c781838a07cf2cb3afd

  • SHA256

    cb8109d659672303e80f6666d566f8192f3134d3d67048e1a60ff3ace62c66f5

  • SHA512

    566a7036ccc924aee8b49b69c031b5e77ca85f4ff643db5c82e0ac9533a1a687c844858ae0de080dc29ecc6d74b95cc0eca50d7ccc8f158104e32d2dd241f518

  • SSDEEP

    196608:yL9vGiCff7yl3nCIjvDMjYeVa65nT84FMIZETSwjPePdrQJ/BGOqJ9Au5DYPF:yLdGiCbsSIrDMjPgQETSwvJEOqQYDQ

Score
9/10
evasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Loads dropped DLL 1 IoCs
  • Themida packer 18 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe
      "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.23205.20359.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Loads dropped DLL
      • Checks whether UAC is enabled
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2756

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI22042\python311.dll
          Filesize

          5.5MB

          MD5

          5a5dd7cad8028097842b0afef45bfbcf

          SHA1

          e247a2e460687c607253949c52ae2801ff35dc4a

          SHA256

          a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

          SHA512

          e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

          Download Submit

        • memory/2204-1-0x0000000077960000-0x0000000077962000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2204-6-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2204-2-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2204-3-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2204-4-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2204-8-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2204-5-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2204-7-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2204-30-0x0000000002730000-0x000000000331D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2204-0-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2204-66-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2756-32-0x0000000077910000-0x0000000077AB9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2756-36-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2756-35-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2756-34-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2756-37-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2756-38-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2756-33-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2756-39-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2756-44-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download

        • memory/2756-43-0x0000000077910000-0x0000000077AB9000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2756-31-0x000000013FFB0000-0x0000000140B9D000-memory.dmp

          Filesize

          11.9MB

          Download