db3e5db9746c7222963c28c9411c8c7d2faac25f1f05ee5651145334b807a605

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20250207-en
resource tags

arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Program.Unwanted.5599.24375.1194.exe
Size

21.5MB
MD5

148d636231401a42505e096ae2a3d31e
SHA1

53261dfeeb8ba52b86cf82180fed669e52984519
SHA256

db3e5db9746c7222963c28c9411c8c7d2faac25f1f05ee5651145334b807a605
SHA512

1a8ed377117d3fe7fad8babfeffd11968d5cba76d50e0a436462348f6aca0ed7dfbdd8eb3d289923630a4a28c1ed79fd241d2cb0a88b5d4d1dbb571f9545f32f
SSDEEP

393216:watZoxR0iWhfetojPSyJPGXscPZf0+IMzeioZNfSMe9zQkPR5h8AmDNqFBtItS7K:w2KYhfnxGfBc+zeioZN/ozQk98AmDy5S

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\International\Geo\Nation	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Auslogics\Driver Updater\Lang\is-2AVPN.tmp	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
File created	C:\Program Files (x86)\Auslogics\Driver Updater\Lang\is-CGOJH.tmp	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
File created	C:\Program Files (x86)\Auslogics\Driver Updater\Lang\is-07V8T.tmp	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
File created	C:\Program Files (x86)\Auslogics\Driver Updater\unins000.dat	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
File created	C:\Program Files (x86)\Auslogics\Driver Updater\is-9HGV5.tmp	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
File created	C:\Program Files (x86)\Auslogics\Driver Updater\Lang\is-81UP7.tmp	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp

Executes dropped EXE 1 IoCs

pid	Process
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp

Loads dropped DLL 14 IoCs

pid	Process
1820	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.exe
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{13BD368F-8236-AC0E-C5E1-F9624DF91039}	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{13BD368F-8236-AC0E-C5E1-F9624DF91039}\Version\Assembly = ee0c7ad1bf43946452d1d6c94c935c7eee0c7ad1bf43946452d1d6c94c935c7e88ad8cbb5ed3f66b83a8a2cdf194269c890bb34aebd806e41a50d3bd9c0b4765219909f09e75dec0927ff4e8152284cd219909f09e75dec0927ff4e8152284cd59b5414605bae21e9735786eb516d3f8de1283c2aff9bf99d33ed2740c86bbd2f8157495fe950fa4a01046bb55f00dad0f20aa1b1adfe602954529934d03147d	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{13BD368F-8236-AC0E-C5E1-F9624DF91039}\Version	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
2760	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2760	1820	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.exe	30
PID 1820 wrote to memory of 2760	1820	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.exe	30
PID 1820 wrote to memory of 2760	1820	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.exe	30
PID 1820 wrote to memory of 2760	1820	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.exe	30
PID 1820 wrote to memory of 2760	1820	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.exe	30
PID 1820 wrote to memory of 2760	1820	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.exe	30
PID 1820 wrote to memory of 2760	1820	SecuriteInfo.com.Program.Unwanted.5599.24375.1194.exe	30

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.5599.24375.1194.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.5599.24375.1194.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Users\Admin\AppData\Local\Temp\is-EMJG2.tmp\SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-EMJG2.tmp\SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp" /SL5="$4010A,22077823,146944,C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.5599.24375.1194.exe"
  2⤵
  - Checks BIOS information in registry
  - Checks computer location settings
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-3IUBP.tmp\enu.lng

Filesize
166KB

MD5
e50f65e9f67c0c2c63bd9175d2ed824e

SHA1
61e1a79b023ab2f7307947955395d355da5d7791

SHA256
d3055229d7f292a23f5195c0a473c219433bda9d3a5e99a43062ea6a84d7a3a0

SHA512
1afa52e2243c196de01f396d7c81414af0bb6bca3c9d3258f144c634cf00cb170c423216b9a2163826d2481271c60b65f0987f2606998f41ea1df4f5f6dbec24

Download Submit
\Users\Admin\AppData\Local\Temp\is-3IUBP.tmp\AxComponentsRTL.bpl

Filesize
2.5MB

MD5
97fd3089745d2a3bb2d20add1b4cfc78

SHA1
3bff7a3e7b031d3a62226222b99bf04d6b49ab25

SHA256
cec1a7fc0d3cb5ecfea61be05cbc50b3323b8cb6f9e9f97f813b79c88d99182d

SHA512
d73c3e55aa65a2fae1ccacf916cbad57bd23c1a5b4861d307b956ebccb02a81949e8e7eef29324bb30ca997c094651942bafa3badc2dc50e7f5bf41802ef2e27

Download Submit
\Users\Admin\AppData\Local\Temp\is-3IUBP.tmp\AxComponentsVCL.bpl

Filesize
8.8MB

MD5
a0b6b743dfa0bf54175cb468e984336e

SHA1
dea0e524624983f9badd1eb6d1d3ced3afd5051a

SHA256
8c165b3edd1ced3276731b3f440947ccb52f7b20043933a74024718ac4a57392

SHA512
3a17a13d2efe366647770d3b611069baabda160f62bf2fe088b6de8516206f3cc890699abbc0ae853dd2ecc5bcd1f41ee50e42dd83331d06cd0048a0a50ea42f

Download Submit
\Users\Admin\AppData\Local\Temp\is-3IUBP.tmp\BrowserHelper.dll

Filesize
2.0MB

MD5
73e346feffd403c5563bb90921b4f1c8

SHA1
1dd914d86be5f254e8a981c7ec7386e77cf79576

SHA256
a598fc217ed0f1d2a3f363490961f030adbbed352527d9afff84bcd8d6262172

SHA512
9b5d5440a998d4797b95c6cf61b7097a75a7ec321890f5624d5ed2be9d4be212b0f02f2b377441d449223a685b096c4ec5426624d58a8f47af699a7bd2c5d7ae

Download Submit
\Users\Admin\AppData\Local\Temp\is-3IUBP.tmp\CFAHelper.dll

Filesize
97KB

MD5
a2290094a52eae96c81eb762bc9e6331

SHA1
ab84db3dd2bf3cc1424e6011686f75a99a3a9a40

SHA256
6c47561d57de8b673160d8c2dde6667753aa3e4ac24a44950b7845fddc65369f

SHA512
6cbbfd73edc8e53c5da0f6b589b61378ae69e99b5e918a1cc405afb8d0e52f792e5cbc4feb78b3579fc87dde60755aa3a39798842188c7bc9f3ee7317baf3b8e

Download Submit
\Users\Admin\AppData\Local\Temp\is-3IUBP.tmp\CommonForms.Site.dll

Filesize
345KB

MD5
94dca7eca6944692a687565392f4bf16

SHA1
f1550a9c7c1d091792713b59a257d506ab3777b1

SHA256
635be68cf6ddb8de72208e3b9d5a80c41dd0585c42a727c9958cfef109a76816

SHA512
1b00581597b96439568820c4feb7969d0840f4b2454ce6bd3cbdcd2562207d1bf7aef6b58d155a68371735acf696f63871d43212140da129cc3d9fc9a5a54d1f

Download Submit
\Users\Admin\AppData\Local\Temp\is-3IUBP.tmp\DriverUpdater.exe

Filesize
9.0MB

MD5
c479e499c43d824246569c7afc12a987

SHA1
84fc35239b55d85594e3c65ef21519817d3b2cea

SHA256
78ca32bf9357309254dfaef094f287f45e0cd70a4bea027ec95e3fca4d4b3cc2

SHA512
a4ff168e1add86395f2d4e3335337ec7e432398ad2baa44e3ab1a97830c1b32d541d17d965b00cd0cdb5d6331b262bf280a76da322647e2e89367b6c4b1813a5

Download Submit
\Users\Admin\AppData\Local\Temp\is-3IUBP.tmp\GoogleAnalyticsHelper.dll

Filesize
177KB

MD5
cd05fe6088850b36d2540805f02d8ebd

SHA1
0be8fd6d6837f444b363ded140b8f3de594cd03e

SHA256
04b649902a180c1531282de2038bfbc01a8b297a56282a785848525ac10ebac2

SHA512
2b2d315a890df23f857f9d50884d1a8f5824c3611a2137a859a6f7ed62076882c3b86e5e222e63a0bb4b2f54758b824ec4c33e825c31be6e9d60d0af7e9d53d6

Download Submit
\Users\Admin\AppData\Local\Temp\is-3IUBP.tmp\Localizer.dll

Filesize
192KB

MD5
61b0aace0a37b00f33e0f1cf5f9f38ec

SHA1
24921bc36461dae98a961dae57d25fa17e710e83

SHA256
ac7e5695941851571ab4ec88dd0773346461622238366d741ccd9f165e0655b9

SHA512
ebd0ce4f5d44e452fd167498b65bdf2a5754b637bb8370bf6d5e5ee9926d8dc1a7671c82650ff832936b6acfe7e8a22df5b776b3d1aa29e00149391563cec5e4

Download Submit
\Users\Admin\AppData\Local\Temp\is-3IUBP.tmp\SetupCustom.dll

Filesize
1.6MB

MD5
3fe36d25b8a2287bd61a571de8178572

SHA1
a7e2b658cfbd4c1e7df7fd89eb2f989c73eceaea

SHA256
c00e9807332d316fb5ed1584407fe6f6b8748aab39efd9fea6a3aacb5caf39c9

SHA512
6905685fc321539d7a52007a4cd7e332288deaf253f752c9949fbce68743238951c37294d32d70a187727070b5b05858791612d334a28aa9acf36610f2bd30b0

Download Submit
\Users\Admin\AppData\Local\Temp\is-3IUBP.tmp\rtl250.bpl

Filesize
10.1MB

MD5
942cc74b7ef66b51859d135fa3bc8bb2

SHA1
642810b822d9e4ddd40faafb7437b552d2ad7d56

SHA256
66f2f6b2e8c24827d63f6415094ae40fddd50f30e097cda395cc0116d57356a6

SHA512
941e41ed4031674168d4b4380d52cdea4d3077c1e871a9f61d8c85030befda654b06cb5da666d906130fa2d5b985573b274f9d77ac570b634be295baefa385e5

Download Submit
\Users\Admin\AppData\Local\Temp\is-3IUBP.tmp\vcl250.bpl

Filesize
3.9MB

MD5
e4f482e3f7eb949256402c38e467122f

SHA1
2910db3ffc1769d2ae83b6569fa91e79faaa4033

SHA256
10b9d8569b8f9e9e46e7a579855492353c43f1e3b5d4a28959015bed5570350c

SHA512
8dc4eadc0ebe0cc86e7ac85843c16be5cc563a5dce2985f34b4769786e5d2f7176b62506854ef5e5b75a58aa1cbe45934650e7cab098a639bc62affe9119241b

Download Submit
\Users\Admin\AppData\Local\Temp\is-3IUBP.tmp\vclimg250.bpl

Filesize
355KB

MD5
57496780b9a5c733144e5663f088f42a

SHA1
ccdd74d1a638629f8fdba43ce1180a23d7a463dc

SHA256
6be794294ff9c4b27debc6ed50fce865d028cf496d4e39fcce9c4f8e48cbfbfd

SHA512
50cf52cc8524551e9fd106c823039f604df2b92d2de859ef2d4b85016d603a6c31dc928e155949554c20ebd63f5b5665b627cc8853576a6149f2213b533f16d0

Download Submit
\Users\Admin\AppData\Local\Temp\is-EMJG2.tmp\SecuriteInfo.com.Program.Unwanted.5599.24375.1194.tmp

Filesize
1.2MB

MD5
0c8aad3db1436371794e0440b585ee9e

SHA1
c67b07c3498eafb561be7c8a06ce912899f6cb14

SHA256
9b61476504c3ed1ee746df2d4d4a1e98152ce57b95b1bc9da90f073918c6674a

SHA512
4872f63f3e6a1fe10aca0fda34f2beb7ca8b8649283a2f59258576b9951123a96da2bdbb4d3aefde1e00477e484429f8f585501facad35799021a87ad2fc48cd

Download Submit
memory/1820-120-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1820-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1820-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2760-74-0x0000000002160000-0x0000000002180000-memory.dmp

Filesize
128KB

Download
memory/2760-109-0x00000000072E0000-0x0000000007472000-memory.dmp

Filesize
1.6MB

Download
memory/2760-54-0x0000000000570000-0x0000000000590000-memory.dmp

Filesize
128KB

Download
memory/2760-53-0x0000000000570000-0x0000000000590000-memory.dmp

Filesize
128KB

Download
memory/2760-73-0x0000000002160000-0x0000000002180000-memory.dmp

Filesize
128KB

Download
memory/2760-71-0x00000000080E0000-0x0000000008139000-memory.dmp

Filesize
356KB

Download
memory/2760-46-0x0000000007D60000-0x0000000007FD8000-memory.dmp

Filesize
2.5MB

Download
memory/2760-90-0x0000000008210000-0x000000000823E000-memory.dmp

Filesize
184KB

Download
memory/2760-43-0x0000000007480000-0x0000000007D59000-memory.dmp

Filesize
8.8MB

Download
memory/2760-87-0x00000000081F0000-0x000000000820B000-memory.dmp

Filesize
108KB

Download
memory/2760-36-0x00000000003A0000-0x00000000003FA000-memory.dmp

Filesize
360KB

Download
memory/2760-33-0x00000000072E0000-0x0000000007472000-memory.dmp

Filesize
1.6MB

Download
memory/2760-94-0x0000000009890000-0x0000000009A97000-memory.dmp

Filesize
2.0MB

Download
memory/2760-64-0x00000000020B0000-0x00000000020E2000-memory.dmp

Filesize
200KB

Download
memory/2760-110-0x00000000003A0000-0x00000000003FA000-memory.dmp

Filesize
360KB

Download
memory/2760-8-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2760-119-0x0000000009890000-0x0000000009A97000-memory.dmp

Filesize
2.0MB

Download
memory/2760-118-0x0000000008210000-0x000000000823E000-memory.dmp

Filesize
184KB

Download
memory/2760-117-0x00000000081F0000-0x000000000820B000-memory.dmp

Filesize
108KB

Download
memory/2760-116-0x00000000080E0000-0x0000000008139000-memory.dmp

Filesize
356KB

Download
memory/2760-115-0x00000000020B0000-0x00000000020E2000-memory.dmp

Filesize
200KB

Download
memory/2760-114-0x0000000007D60000-0x0000000007FD8000-memory.dmp

Filesize
2.5MB

Download
memory/2760-112-0x0000000050A80000-0x0000000050E72000-memory.dmp

Filesize
3.9MB

Download
memory/2760-111-0x0000000050050000-0x0000000050A76000-memory.dmp

Filesize
10.1MB

Download
memory/2760-108-0x0000000000400000-0x0000000000533000-memory.dmp

Filesize
1.2MB

Download
memory/2760-113-0x0000000007480000-0x0000000007D59000-memory.dmp

Filesize
8.8MB

Download