Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
28-03-2021 20:34
General
-
Target
SecuriteInfo.com.Trojan.Siggen12.45560.23148.430.exe
-
Size
313KB
-
MD5
a41a6a4e3cfddfe3e10bdd5323a58d3a
-
SHA1
a5dc8c3bc109aa0abf9df3b7c86917bc6fd99cac
-
SHA256
388d18b98704bff34ac1cb0a6603e68ba300205ee2f14e4bf482f1012d933231
-
SHA512
70ac37285868f1d2ec07aaf87fda3a186222f57942dc421e263f64a48e02fc82e13d4800a2ceffcc11aaa8f5c4bde86b8881229de08947fa9fc89940624d464c
Score
3/10
Malware Config
Signatures
-
Program crash 7 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen12.45560.23148.430.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen12.45560.23148.430.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 6602⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 7362⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 6322⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 8242⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 8842⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 7602⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 44602⤵
- Program crash
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/196-13-0x0000000004120000-0x0000000004121000-memory.dmpFilesize
4KB
-
memory/636-2-0x00000000026B0000-0x00000000026B1000-memory.dmpFilesize
4KB
-
memory/636-3-0x0000000002590000-0x00000000025BD000-memory.dmpFilesize
180KB
-
memory/636-8-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/1776-17-0x0000000004120000-0x0000000004121000-memory.dmpFilesize
4KB
-
memory/1776-21-0x0000000004120000-0x0000000004121000-memory.dmpFilesize
4KB
-
memory/3148-9-0x0000000004C90000-0x0000000004C91000-memory.dmpFilesize
4KB
-
memory/3160-30-0x0000000004950000-0x0000000004951000-memory.dmpFilesize
4KB
-
memory/3208-4-0x0000000004120000-0x0000000004121000-memory.dmpFilesize
4KB
-
memory/3208-5-0x0000000004120000-0x0000000004121000-memory.dmpFilesize
4KB
-
memory/3408-22-0x0000000004F50000-0x0000000004F51000-memory.dmpFilesize
4KB
-
memory/3752-26-0x0000000004910000-0x0000000004911000-memory.dmpFilesize
4KB