SecuriteInfo.com.Linux.Siggen.3357.22805.30916

General
Target

SecuriteInfo.com.Linux.Siggen.3357.22805.30916

Filesize

437KB

Completed

21-11-2020 16:58

Score
1 /10
MD5

696e284146f1578e1b9150e621e4a8db

SHA1

42dec20164c5759f6e433086d10dec4bae21000c

SHA256

0f6a70f57aa95cfbbd7e4d5a88cf3bc4f6b02a104e316dbfee95525da57bd1ab

Malware Config
Signatures 2

Filter: none

  • Modifies registry class
    cmd.exeOpenWith.exe

    Reported IOCs

    descriptioniocprocess
    Key created\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000_Classes\Local SettingsOpenWith.exe
    Key created\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000_Classes\Local Settingscmd.exe
  • Suspicious use of SetWindowsHookEx
    OpenWith.exe

    Reported IOCs

    pidprocess
    2216OpenWith.exe
Processes 2
  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Linux.Siggen.3357.22805.30916
    Modifies registry class
    PID:492
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    Modifies registry class
    Suspicious use of SetWindowsHookEx
    PID:2216
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads