Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
09-03-2022 21:51
General
-
Target
SecuriteInfo.com.BackDoor.Siggen2.3475.2384.exe
-
Size
74KB
-
MD5
ba4380237e7a0f220deaaada1fddff73
-
SHA1
394b852855574cffa26a66bec083792a21f87f79
-
SHA256
57df82d0e4547407bdca25692313c2a95b07438991c4cfd44a85d85e5976a965
-
SHA512
5e70426b3547020f93c62764f418ff7d475f4bf772130b056f33884e7b155b9675a4af292b356bd9897c5e6c665488989d7400dfb452d8544d1252b3e3798142
Score
10/10
Malware Config
Signatures
-
VKeylogger
A keylogger first seen in Nov 2020.
-
VKeylogger Payload 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.Siggen2.3475.2384.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.Siggen2.3475.2384.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\SysWOW64\explorer.exe"2⤵
- Adds Run key to start application
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/480-55-0x0000000074EC1000-0x0000000074EC3000-memory.dmpFilesize
8KB
-
memory/1740-57-0x0000000074A11000-0x0000000074A13000-memory.dmpFilesize
8KB
-
memory/1740-58-0x0000000000080000-0x0000000000092000-memory.dmpFilesize
72KB