8bbbbb12a3c24a9f9b5c9913a5279ca04d0e3c02e6a2b8e2988c26f72b3ca0ec | Triage

Analysis

max time kernel
65s
max time network
116s
platform
windows10_x64
resource
win10
submitted
01-08-2020 13:29

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.PWS.Siggen2.52284.17854.15787.exe
Size

721KB
MD5

efc40f34ce8f5f1398daa482829e36b5
SHA1

ac48362fde1e24677eee874075949e79ad5d1d0e
SHA256

8bbbbb12a3c24a9f9b5c9913a5279ca04d0e3c02e6a2b8e2988c26f72b3ca0ec
SHA512

f49fedab330b18cd7e4a20bd447511b0ad3cca012354f1fcfda3e4e1085520ae605bd7793e65556e7d1144b287f159b4d0bb5365a1ddecb882927cdacda11e3e

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

SecuriteInfo.com.Trojan.PWS.Siggen2.52284.17854.15787.exe

pid process

2728 SecuriteInfo.com.Trojan.PWS.Siggen2.52284.17854.15787.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

SecuriteInfo.com.Trojan.PWS.Siggen2.52284.17854.15787.exe

description pid process

Token: SeDebugPrivilege 2728 SecuriteInfo.com.Trojan.PWS.Siggen2.52284.17854.15787.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Siggen2.52284.17854.15787.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.PWS.Siggen2.52284.17854.15787.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2728

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...