Analysis
-
max time kernel
58s -
max time network
75s -
platform
windows7_x64 -
resource
win7 -
submitted
25-06-2020 10:53
General
-
Target
SecuriteInfo.com.Trojan.Siggen9.44470.4073.18299.dll
-
Size
758KB
-
MD5
6d0e6befc551c292aeaa921202969e8d
-
SHA1
4c47d52c7f4e3e7c98395bca40f7177f7a7671e8
-
SHA256
c93e7028a1fa69efc978b71587df57ad05d06b9e290c33329c5f3fa83e10e247
-
SHA512
c8333267a344d6d27b00db9c813ff397df829be4a1884bbeb613fd9f70c5ce44b7ed54fce6439a0ffab744a2ba59cb1947cfd40bc2f8e8e4e3051632d11c4aab
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 10 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen9.44470.4073.18299.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen9.44470.4073.18299.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen9.44470.4073.18299.dll,f03⤵
- Blocklisted process makes network request
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 3683⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1300-0-0x0000000000000000-mapping.dmp
-
memory/1300-4-0x0000000000000000-mapping.dmp
-
memory/1300-5-0x0000000000000000-mapping.dmp
-
memory/1420-1-0x0000000000000000-mapping.dmp
-
memory/1460-2-0x0000000000000000-mapping.dmp
-
memory/1460-3-0x0000000001D00000-0x0000000001D11000-memory.dmpFilesize
68KB
-
memory/1460-6-0x0000000002760000-0x0000000002771000-memory.dmpFilesize
68KB