Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SecuriteInfo.com.Trojan.DownLoad3.28161.23146.13969.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

Details

Filetype:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.970065574881821
Filename:	SecuriteInfo.com.Trojan.DownLoad3.28161.23146.13969.exe
Filesize:	6920232
MD5:	64f3e14650cfa8ad34d2bf90cd41e082
SHA1:	0d82a34f554342d30bea3fa21ebd7ec8e1fc395c
SHA256:	12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691
SHA512:	dd136047e2c33b42a72bffa39d280ab63f6b189368bc6b6ff8475731c517d644c6ccd4ae4a8f30c54ad28f9db69838b70c1a4a195dc0b66f47d09f2e0c692161
SSDEEP:	98304:uCSa4v3dAm8U5ipZ1G7aLxZf1w51p6LDCv4olr4yWWsfTjyJmMoEKQpogf2D:ula4/N8BpmCDf251Xv4oNn6/yprp3S
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1..R.....................j...............p....@..........................p......JPj...@................................

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Overwrites code with unconditional jumps - possibly settings hooks in foreign process	Hooking and other Techniques for Hiding and Protection	Credential API Hooking
PE file contains section with special chars	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion
Drops PE files	Persistence and Installation Behavior
PE file contains an invalid checksum	Data Obfuscation
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Contains functionality to download additional files from the internet	Networking	Ingress Tool Transfer
Creates temporary files	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery
Queries a list of all running processes	Malware Analysis System Evasion	Process Discovery
Reads ini files	System Summary	File and Directory Discovery
Reads software policies	System Summary	System Information Discovery
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\hcbnaf.exe

PE32 executable (GUI) Intel 80386, for MS Windows

modified

Details

File:	C:\Users\user\AppData\Local\Temp\hcbnaf.exe
Category:	modified
Dump:	hcbnaf.exe.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoad3.28161.23146.13969.exe
Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy:	7.9700445985573785
Encrypted:	false
Ssdeep:	98304:uCSa4v3dAm8U5ipZ1G7aLxZf1w51p6LDCv4olr4yWWsfTjyJmMoEKQpogf2+:ula4/N8BpmCDf251Xv4oNn6/yprp3X
Size:	6920400
Whitelisted:	false
Reputation:	low

Signature Hits	Behavior Group	Mitre Attack
Antivirus detection for dropped file	AV Detection
Machine Learning detection for dropped file	AV Detection
Overwrites code with unconditional jumps - possibly settings hooks in foreign process	Hooking and other Techniques for Hiding and Protection	Credential API Hooking
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Found evasive API chain (may stop execution after checking a module file name)	Malware Analysis System Evasion	Native API
Sigma detected: Use Short Name Path in Command Line	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
Spawns processes	System Summary	Process Injection
Tries to load missing DLLs	System Summary	DLL Side-Loading

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoad3.28161.23146.13969.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoad3.28161.23146.13969.exe"

Details

Is windows:	false
Is dropped:	false
PID:	2408
Target ID:	0
Parent PID:	4056
Name:	SecuriteInfo.com.Trojan.DownLoad3.28161.23146.13969.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoad3.28161.23146.13969.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoad3.28161.23146.13969.exe"
Size:	6920232
MD5:	64F3E14650CFA8AD34D2BF90CD41E082
Time:	19:33:35
Date:	22/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x450000
Modulesize:	10907648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Sigma detected: Use Short Name Path in Command Line	System Summary
Uses 32bit PE files	Compliance, System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\hcbnaf.exe

"C:\Users\user~1\AppData\Local\Temp\hcbnaf.exe"

Details

Is windows:	false
Is dropped:	true
PID:	7224
Target ID:	10
Parent PID:	2408
Name:	hcbnaf.exe
Path:	C:\Users\user\AppData\Local\Temp\hcbnaf.exe
Commandline:	"C:\Users\user~1\AppData\Local\Temp\hcbnaf.exe"
Size:	6920400
MD5:	0EA5B0BE7C9A24CB1FEEEEB73EDF66E7
Time:	19:33:41
Date:	22/05/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xaa0000
Modulesize:	10907648
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
Sigma detected: Use Short Name Path in Command Line	System Summary
Creates temporary files	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

URLs

Name

Malicious

https://thisaintpc.com/downloads/tehb.exe

unknown

https://thisaintpc.com/o

unknown

https://thisaintpc.com/downloads/tehb.exew

unknown

https://thisaintpc.com/

unknown

https://thisaintpc.com/Y

unknown

Domains

Name

Malicious

thisaintpc.com

unknown

Details

Name:	thisaintpc.com
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

8D0000

trusted library allocation

page read and write

2FD1000

heap

page read and write

FC0000

heap

page read and write

8B4000

heap

page read and write

2FD1000

heap

page read and write

970000

heap

page read and write

3590000

heap

page read and write

32CE000

stack

page read and write

2FF0000

heap

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

1A1B000

stack

page read and write

1A30000

heap

page read and write

2FD1000

heap

page read and write

1460000

heap

page read and write

2FD1000

heap

page read and write

86D000

stack

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

2FD1000

heap

page read and write

AA7000

unkown

page readonly

1450000

trusted library allocation

page read and write

8B4000

heap

page read and write

8B4000

heap

page read and write

140E000

stack

page read and write

8B4000

heap

page read and write

8B4000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

14E0000

heap

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

AD6000

unkown

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

9DE000

heap

page read and write

2FD1000

heap

page read and write

1630000

direct allocation

page execute and read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

2FE0000

heap

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

17DF000

stack

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

820000

heap

page read and write

14E4000

heap

page read and write

43DB000

stack

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

8B4000

heap

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

1687000

heap

page read and write

AAC000

unkown

page readonly

14E4000

heap

page read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

357E000

stack

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

900000

heap

page read and write

FB0000

heap

page read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

184E000

stack

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

441D000

stack

page read and write

14E4000

heap

page read and write

AB0000

unkown

page execute and read and write

8B4000

heap

page read and write

2FD1000

heap

page read and write

144E000

stack

page read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

429F000

stack

page read and write

14E4000

heap

page read and write

3478000

heap

page read and write

8AE000

stack

page read and write

8B4000

heap

page read and write

8B4000

heap

page read and write

2FD2000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

16DE000

stack

page read and write

43FF000

stack

page read and write

14E4000

heap

page read and write

407E000

stack

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

EB3000

unkown

page readonly

8B4000

heap

page read and write

97A000

heap

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

2FD1000

heap

page read and write

9C6000

heap

page read and write

8B4000

heap

page read and write

3125000

heap

page read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

2FD1000

heap

page read and write

30F0000

heap

page read and write

8B4000

heap

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

415E000

stack

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

19A0000

heap

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

328D000

stack

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

2FD1000

heap

page read and write

419E000

stack

page read and write

8B4000

heap

page read and write

3370000

heap

page read and write

2FD0000

heap

page read and write

2FD1000

heap

page read and write

332E000

stack

page read and write

8B4000

heap

page read and write

81D000

unkown

page execute read

14E4000

heap

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

3F5F000

stack

page read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

15EE000

stack

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

3131000

heap

page read and write

1650000

heap

page read and write

457C000

stack

page read and write

486000

unkown

page read and write

45C000

unkown

page readonly

14E4000

heap

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

3185000

heap

page read and write

451E000

stack

page read and write

8B4000

heap

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

443E000

stack

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

42FE000

stack

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

9D8000

heap

page read and write

3132000

heap

page read and write

8B4000

heap

page read and write

F49000

stack

page read and write

2FD1000

heap

page read and write

461000

unkown

page execute read

42DD000

stack

page read and write

417E000

stack

page read and write

8B4000

heap

page read and write

97E000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

12F8000

stack

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

EB3000

unkown

page readonly

8B4000

heap

page read and write

E6D000

unkown

page execute read

310B000

stack

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

48C000

unkown

page execute read

453F000

stack

page read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

19B0000

heap

page read and write

3120000

heap

page read and write

14E4000

heap

page read and write

A80000

direct allocation

page execute and read and write

AB1000

unkown

page execute read

8B4000

heap

page read and write

2FD1000

heap

page read and write

450000

unkown

page readonly

14E4000

heap

page read and write

8B4000

heap

page read and write

AAA000

unkown

page read and write

8B4000

heap

page read and write

81D000

unkown

page execute read

2FD1000

heap

page read and write

5A9000

stack

page read and write

14E4000

heap

page read and write

AA0000

unkown

page readonly

8B4000

heap

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

165A000

heap

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

3050000

heap

page read and write

8B4000

heap

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

1503000

unkown

page readonly

8B0000

heap

page read and write

3360000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

45A000

unkown

page read and write

33A0000

heap

page read and write

339D000

stack

page read and write

3131000

heap

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

AA0000

unkown

page readonly

14E4000

heap

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

41BE000

stack

page read and write

ADC000

unkown

page execute read

14E4000

heap

page read and write

14E4000

heap

page read and write

E6D000

unkown

page execute read

32D0000

heap

page read and write

467C000

stack

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

42BF000

stack

page read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

335E000

stack

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

8B4000

heap

page read and write

4AB000

stack

page read and write

2FD1000

heap

page read and write

14E4000

heap

page read and write

3110000

heap

page read and write

1620000

heap

page read and write

3180000

heap

page read and write

14E4000

heap

page read and write

2FD1000

heap

page read and write

2FD1000

heap

page read and write

457000

unkown

page readonly

14E4000

heap

page read and write

2FD1000

heap

page read and write

810000

heap

page read and write

8B4000

heap

page read and write

2FD1000

heap

page read and write

331E000

stack

page read and write

460000

unkown

page execute and read and write

2FD1000

heap

page read and write

35A0000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

165E000

heap

page read and write

405F000

stack

page read and write

450000

unkown

page readonly

8B4000

heap

page read and write

451000

unkown

page execute read

2FD1000

heap

page read and write

3131000

heap

page read and write

8B4000

heap

page read and write

1503000

unkown

page readonly

AA1000

unkown

page execute read

14E4000

heap

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

14E4000

heap

page read and write

8B4000

heap

page read and write

There are 327 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Trojan.DownLoad3.28161.23146.13969.exe

Files

Processes

URLs

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Trojan.DownLoad3.28161.23146.13969.exe

Files

Processes

URLs

Domains

Memdumps

IOC Report
SecuriteInfo.com.Trojan.DownLoad3.28161.23146.13969.exe