Windows Analysis Report
SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.2980

Overview

General Information

Sample Name: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.2980 (renamed file extension from 2980 to exe)
Analysis ID: 616875
MD5: fcf33a18c6f893b4c39f6e15ff3a29e8
SHA1: 1d12c3a2eaec54c6468d02c5ea4cac6247f694f7
SHA256: 5e64bf5061a9d72b4b9eb6aa3e646d3727deb2c087a5887f5c3bcdafe8751f92
Tags: exe
Infos:

Detection

Score: 3
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Uses 32bit PE files
Sample file is different than original file name gathered from version info
Contains functionality to dynamically determine API calls
Found large amount of non-executed APIs
PE file contains strange resources
Uses code obfuscation techniques (call, push, ret)
Creates a process in suspended mode (likely to inject code)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Uses 32bit PE files
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000000.00000002.513541314.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000002.00000002.247174722.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000006.00000002.264046533.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000007.00000000.276020217.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 0000000B.00000000.294349452.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000011.00000000.307321885.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000012.00000002.322656623.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000014.00000002.335587789.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000016.00000002.347608244.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000018.00000000.362445566.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 0000001B.00000002.375479090.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 0000001D.00000000.388227379.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 0000001E.00000002.403278836.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000020.00000002.416622068.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000024.00000002.430353281.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000025.00000000.443579368.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000026.00000000.456986715.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000027.00000002.470719483.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe, 00000028.00000002.484072799.000000000040C000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Binary or memory string: OriginalFilenameWarcraft III.exe vs SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe
PE file contains strange resources
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: classification engine Classification label: clean3.winEXE@39/0@0/0
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Code function: 0_2_004058F5 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_004058F5
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Code function: 0_2_00404E60 push eax; ret 0_2_00404E8E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Code function: 2_2_00404E60 push eax; ret 2_2_00404E8E
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe API coverage: 6.3 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe API call chain: ExitProcess graph end node
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Code function: 0_2_004058F5 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 0_2_004058F5
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe "c:\users\user\desktop\securiteinfo.com.trojan.malware.300983.susgen.26174.exe" war3.exe" -classic Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe Code function: 0_2_00402C5C GetVersionExA,GetEnvironmentVariableA,GetModuleFileNameA, 0_2_00402C5C
windows-stand
Behavior
Click here to start
Slideshow Behavior Animation
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 616875 Sample: SecuriteInfo.com.Trojan.Mal... Startdate: 27/04/2022 Architecture: WINDOWS Score: 3 5 SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe 2->5         started        process3 7 SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe 5->7         started        9 SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe 5->9         started        11 SecuriteInfo.com.Trojan.Malware.300983.susgen.26174.exe 5->11         started        13 15 other processes 5->13
No contacted IP infos