ec4171872384e62627b06976f6e513650087c00e8c42f70d6b9d29b54e18a8e6

General

Target

SecuriteInfo.com.Trojan.Siggen9.46491.30495.5886.dll
Size

3.3MB
MD5

3ce1a9571feef80297bd3c7c33e53476
SHA1

bdc733c1c239adc0d10b89e630862f6fe692c189
SHA256

ec4171872384e62627b06976f6e513650087c00e8c42f70d6b9d29b54e18a8e6
SHA512

aee3109d59536bf0054a58a60f1a405c37fc08cfa16df1257dc79a771abc534458c78f71f2e54e3b0ad4a653669489537e24d42d98a9b2d63f8d2f81ad51e333

Score

8^/10

Blocklisted process makes network request 5 IoCs

Processes:

rundll32.exe

flow pid process

5 1084 rundll32.exe
6 1084 rundll32.exe
7 1084 rundll32.exe
10 1084 rundll32.exe
11 1084 rundll32.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

924 1928 WerFault.exe rundll32.exe
Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

WerFault.exe

pid process

924 WerFault.exe
924 WerFault.exe
924 WerFault.exe
924 WerFault.exe
924 WerFault.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WerFault.exe

description pid process

Token: SeDebugPrivilege 924 WerFault.exe

pid	pid_target	process	target process
924	1928	WerFault.exe	rundll32.exe

description	pid	process
Token: SeDebugPrivilege	924	WerFault.exe

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 1704 wrote to memory of 1928	1704	rundll32.exe	rundll32.exe
PID 1704 wrote to memory of 1928	1704	rundll32.exe	rundll32.exe
PID 1704 wrote to memory of 1928	1704	rundll32.exe	rundll32.exe
PID 1704 wrote to memory of 1928	1704	rundll32.exe	rundll32.exe
PID 1704 wrote to memory of 1928	1704	rundll32.exe	rundll32.exe
PID 1704 wrote to memory of 1928	1704	rundll32.exe	rundll32.exe
PID 1704 wrote to memory of 1928	1704	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1084	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1084	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1084	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1084	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1084	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1084	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1084	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 924	1928	rundll32.exe	WerFault.exe
PID 1928 wrote to memory of 924	1928	rundll32.exe	WerFault.exe
PID 1928 wrote to memory of 924	1928	rundll32.exe	WerFault.exe
PID 1928 wrote to memory of 924	1928	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen9.46491.30495.5886.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1704

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen9.46491.30495.5886.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:1928

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen9.46491.30495.5886.dll,f0
3⤵
- Blocklisted process makes network request
PID:1084

memory/924-2-0x0000000000000000-mapping.dmp

Download
memory/924-3-0x0000000002030000-0x0000000002041000-memory.dmp

Filesize
68KB

Download
memory/924-6-0x00000000025C0000-0x00000000025D1000-memory.dmp

Filesize
68KB

Download
memory/1084-1-0x0000000000000000-mapping.dmp

Download
memory/1928-0-0x0000000000000000-mapping.dmp

Download
memory/1928-4-0x0000000000000000-mapping.dmp

Download
memory/1928-5-0x0000000000000000-mapping.dmp

Download