SecuriteInfo.com.Linux.Siggen.3357.22805.30916
General
Target
Filesize
Completed
SecuriteInfo.com.Linux.Siggen.3357.22805.30916
437KB
21-11-2020 16:58
Score
1
/10
MD5
SHA1
SHA256
696e284146f1578e1b9150e621e4a8db
42dec20164c5759f6e433086d10dec4bae21000c
0f6a70f57aa95cfbbd7e4d5a88cf3bc4f6b02a104e316dbfee95525da57bd1ab
Malware Config
Signatures 3
Filter: none
-
Modifies registry classrundll32.exe
Reported IOCs
description ioc process Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache rundll32.exe -
Suspicious behavior: GetForegroundWindowSpamrundll32.exe
Reported IOCs
pid process 1976 rundll32.exe -
Suspicious use of WriteProcessMemorycmd.exe
Reported IOCs
description pid process target process PID 784 wrote to memory of 1976 784 cmd.exe rundll32.exe PID 784 wrote to memory of 1976 784 cmd.exe rundll32.exe PID 784 wrote to memory of 1976 784 cmd.exe rundll32.exe
Processes 2
-
C:\Windows\system32\cmd.exePID:784cmd /c C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Linux.Siggen.3357.22805.30916Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exePID:1976"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Linux.Siggen.3357.22805.30916Modifies registry classSuspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
Download
memory/1976-0-0x0000000000000000-mapping.dmp
Title
Loading Data