Overview

overview

1

Static

static

SecuriteIn....30916

windows7_x64

1

SecuriteIn....30916

windows10_x64

1

Analysis

  • max time kernel
    14s
  • max time network
    12s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    21-11-2020 16:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Linux.Siggen.3357.22805.30916

  • Size

    437KB

  • MD5

    696e284146f1578e1b9150e621e4a8db

  • SHA1

    42dec20164c5759f6e433086d10dec4bae21000c

  • SHA256

    0f6a70f57aa95cfbbd7e4d5a88cf3bc4f6b02a104e316dbfee95525da57bd1ab

  • SHA512

    49d4bd87b601bf5e9bf56230fd31a62508e5c27bf4c84bc31774f7b7eeb38f5302dea041620f4249f63a2a0f6274ee941e53700788e0f920cf23a5acfaaffe53

Score
1/10

Malware Config

Signatures

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Linux.Siggen.3357.22805.30916
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:784
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Linux.Siggen.3357.22805.30916
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1976-0-0x0000000000000000-mapping.dmp
    Download