Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    125s
  • max time network
    61s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    08/07/2020, 01:42 UTC

General

  • Target

    SecuriteInfo.com.Trojan.Siggen9.57092.31927.3703.exe

  • Size

    632KB

  • MD5

    cad5288b0b24d63cfb23d4a405f8a135

  • SHA1

    ccd86173be08dc5e9b49f4c6741459b429c07284

  • SHA256

    7aaae6c45ee6feb80b03a8fc68cde52b3f7449bd4a69e1aabebbb2a34025e9ba

  • SHA512

    5c304720f6f9ba107c44b0df08226b155756a3e45135c6bd5b57d9f211a1544735b91792894d33342d1f105e796b9b95c47c01c2b2ad53c0e86ebda1785564c1

Score
7/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Suspicious use of WriteProcessMemory 13 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen9.57092.31927.3703.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen9.57092.31927.3703.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    • Suspicious use of SetThreadContext
    PID:1012
    • C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\DsDiGGHcE" /XML "C:\Users\Admin\AppData\Local\Temp\tmp23C5.tmp"
      2⤵
      • Creates scheduled task(s)
      PID:1412
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen9.57092.31927.3703.exe
      "{path}"
      2⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious behavior: EnumeratesProcesses
      PID:1800

Network

    No results found
No results found
  • 239.255.255.250:1900
    966 B
    6
  • 239.255.255.250:1900

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1800-4-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

  • memory/1800-6-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

  • memory/1800-7-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.