Analysis
-
max time kernel
137s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
01-03-2024 18:28
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe
Resource
win10v2004-20240226-en
General
-
Target
SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe
-
Size
1.6MB
-
MD5
f06289187cf808ecff5d056ee633894a
-
SHA1
94c2cb9df16bc52d5c4342ebb506dae6c35335b9
-
SHA256
bde11b06b5ca98c10855cd656c3ccc9558eed98869a868b6aa793c6065f71cb5
-
SHA512
13ac32c52ce9aae54445772af0a5b413456e22047425ab73b1486f1590401384062ca65140f90c3955d1b7235f57c4a7fc1c972e9811a9573f42baa2f73fdaba
-
SSDEEP
49152:3/Nnfd+Cz+puNrWX+YFIvRYLZ7RqvCMxr86BO5J:PNnf4Cz+8NrWX+YF570vCMw5J
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
SecuriteInfo.com.Trojan.Siggen21.12106.29399.exedescription ioc process File opened for modification \??\PhysicalDrive0 SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe -
Modifies registry class 11 IoCs
Processes:
SecuriteInfo.com.Trojan.Siggen21.12106.29399.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}\did = "7B7914547E0E3EB053ED2FB6204FE0B2" SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8AB9CCC4-75EC-438b-B6C0-D8D78882A12D}\Implemented Categories\{6BC04964-67B7-4d50-BB9B-3653A5C305B3} SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8AB9CCC4-75EC-438b-B6C0-D8D78882A12D} SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8AB9CCC4-75EC-438b-B6C0-D8D78882A12D}\Implemented Categories SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8AB9CCC4-75EC-438b-B6C0-D8D78882A12D}\Implemented Categories\{6BC04964-67B7-4d50-BB9B-3653A5C305B3}\idex = "e01b2fac270fb2c0e16c85e483bf5d03" SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8AB9CCC4-75EC-438b-B6C0-D8D78882A12D}\Implemented Categories\{6BC04964-67B7-4d50-BB9B-3653A5C305B3}\idno = "1" SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E} SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278} SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
SecuriteInfo.com.Trojan.Siggen21.12106.29399.exepid process 2312 SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
SecuriteInfo.com.Trojan.Siggen21.12106.29399.exepid process 2312 SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe 2312 SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe -
Suspicious use of SendNotifyMessage 2 IoCs
Processes:
SecuriteInfo.com.Trojan.Siggen21.12106.29399.exepid process 2312 SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe 2312 SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen21.12106.29399.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2312