General

  • Target

    SecuriteInfo.com.Exploit.Siggen3.17232.12175.13760

  • Size

    33KB

  • Sample

    220816-jlfe4shab7

  • MD5

    7ca761f85ea35147e76d32bcc9640c84

  • SHA1

    0457ca3fe9994baeebb9aadd052b7fd322f4a05a

  • SHA256

    76eb0b03bf4f4e169846f14a82b3ff02e55bfdea97a946c166d032c0034a8317

  • SHA512

    0ed0970a94da2c35db4ce5778a6966285580518f034b4e84b009a6836ca19e65caadc6b950ef26508dc9b6415b59e26cef988979fa929ee24f3477f71f598e6a

Score
10/10

Malware Config

Targets

    • Target

      SecuriteInfo.com.Exploit.Siggen3.17232.12175.13760

    • Size

      33KB

    • MD5

      7ca761f85ea35147e76d32bcc9640c84

    • SHA1

      0457ca3fe9994baeebb9aadd052b7fd322f4a05a

    • SHA256

      76eb0b03bf4f4e169846f14a82b3ff02e55bfdea97a946c166d032c0034a8317

    • SHA512

      0ed0970a94da2c35db4ce5778a6966285580518f034b4e84b009a6836ca19e65caadc6b950ef26508dc9b6415b59e26cef988979fa929ee24f3477f71f598e6a

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks