02877c1523986e1fbb50da0a828df2da4aca704d7de19b11c9225e5befbb0572 | Triage

Analysis

max time kernel
117s
max time network
141s
platform
windows10_x64
resource
win10v200430
submitted
18-07-2020 11:54

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.Siggen9.59975.9415.12682.exe
Size

591KB
MD5

e5383f9ff78e1af6c83f00f618d027c5
SHA1

e247e980e8fc129025a2e64ad72b4bc163284cca
SHA256

02877c1523986e1fbb50da0a828df2da4aca704d7de19b11c9225e5befbb0572
SHA512

5f2ef98f940f607c04903b3675b662341565a3b0e6805e28b54d5da49bd3a3aac56c7256ee7155523e8943ee45c3f40f4beade3b0306e61295e7fb0106900a47

Score

3^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2020	WerFault.exe
Token: SeBackupPrivilege	2020	WerFault.exe
Token: SeDebugPrivilege	2020	WerFault.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe
2020	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2020	2024	WerFault.exe	67

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen9.59975.9415.12682.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen9.59975.9415.12682.exe"
1⤵
PID:2024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 1156
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious behavior: EnumeratesProcesses
  - Program crash
  PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2020-0-0x0000000004270000-0x0000000004271000-memory.dmp

Filesize
4KB

Download