Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18-03-2024 16:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe
-
Size
20KB
-
MD5
871e91829d93e1f5e71464c349e69e53
-
SHA1
2080eaaa779c0860c3fd4d30b8729fc25b02a87d
-
SHA256
e691e80cc044107eb5957ad597dda958611b628ac25cf6b57558187f1542ab84
-
SHA512
5669b5ee8a58d7f41d222416ddbee72ea1a76b08e046106d3cca95e535aee24739ff375f527bdfd6c608d212c0cbfeb262f0628a0a3df9c57594b501262c5c76
-
SSDEEP
192:vsoQXD19XFxg/DngtkJF8xfF+jJWysVF/CMgYaUjX5tKomiQ0uV1oyCua:reTFtkJexfE7itK+m1xa
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe -
Modifies data under HKEY_USERS 6 IoCs
description ioc Process Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe -
Suspicious behavior: EnumeratesProcesses 48 IoCs
pid Process 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe -
Suspicious use of AdjustPrivilegeToken 24 IoCs
description pid Process Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe Token: SeTcbPrivilege 2932 SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe"1⤵PID:2880
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen4.62441.5418.exeC:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen4.62441.5418.exe1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2932