Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
11/04/2024, 00:23
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Siggen21.1874.13361.18609.msi
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Siggen21.1874.13361.18609.msi
Resource
win10v2004-20240226-en
General
-
Target
SecuriteInfo.com.Trojan.Siggen21.1874.13361.18609.msi
-
Size
44.0MB
-
MD5
6a4b83674db39468c27616888fc10cab
-
SHA1
c46c674465c3a0e68710b7932a63cdd87cb32e7d
-
SHA256
32c691936fd1d4e5829866f1a5e84ee1f91abdf0eeb09638ed9b8b44a5dc7980
-
SHA512
048ba6db20f7e541e799a2ae80280b37b7446b2e0ffce32ab2f22a8395480a4a852acecbf4277fd892d5ee70672f3f0ff8e657d411a5cd658b1d4441f05c4732
-
SSDEEP
786432:x5Y4ntUOJwPxk7Q8cMr5LHBNI2SFDLXhWs6yWN+vV4hJei6Y99wDnvkFJtrSI:vY4tUtxV8cM9BN1SF916xN+q56YwDvkM
Malware Config
Signatures
-
Blocklisted process makes network request 3 IoCs
flow pid Process 5 4108 msiexec.exe 11 4108 msiexec.exe 13 4108 msiexec.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\O: msiexec.exe -
Loads dropped DLL 7 IoCs
pid Process 624 MsiExec.exe 624 MsiExec.exe 624 MsiExec.exe 624 MsiExec.exe 624 MsiExec.exe 624 MsiExec.exe 624 MsiExec.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4108 msiexec.exe Token: SeIncreaseQuotaPrivilege 4108 msiexec.exe Token: SeSecurityPrivilege 4972 msiexec.exe Token: SeCreateTokenPrivilege 4108 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4108 msiexec.exe Token: SeLockMemoryPrivilege 4108 msiexec.exe Token: SeIncreaseQuotaPrivilege 4108 msiexec.exe Token: SeMachineAccountPrivilege 4108 msiexec.exe Token: SeTcbPrivilege 4108 msiexec.exe Token: SeSecurityPrivilege 4108 msiexec.exe Token: SeTakeOwnershipPrivilege 4108 msiexec.exe Token: SeLoadDriverPrivilege 4108 msiexec.exe Token: SeSystemProfilePrivilege 4108 msiexec.exe Token: SeSystemtimePrivilege 4108 msiexec.exe Token: SeProfSingleProcessPrivilege 4108 msiexec.exe Token: SeIncBasePriorityPrivilege 4108 msiexec.exe Token: SeCreatePagefilePrivilege 4108 msiexec.exe Token: SeCreatePermanentPrivilege 4108 msiexec.exe Token: SeBackupPrivilege 4108 msiexec.exe Token: SeRestorePrivilege 4108 msiexec.exe Token: SeShutdownPrivilege 4108 msiexec.exe Token: SeDebugPrivilege 4108 msiexec.exe Token: SeAuditPrivilege 4108 msiexec.exe Token: SeSystemEnvironmentPrivilege 4108 msiexec.exe Token: SeChangeNotifyPrivilege 4108 msiexec.exe Token: SeRemoteShutdownPrivilege 4108 msiexec.exe Token: SeUndockPrivilege 4108 msiexec.exe Token: SeSyncAgentPrivilege 4108 msiexec.exe Token: SeEnableDelegationPrivilege 4108 msiexec.exe Token: SeManageVolumePrivilege 4108 msiexec.exe Token: SeImpersonatePrivilege 4108 msiexec.exe Token: SeCreateGlobalPrivilege 4108 msiexec.exe Token: SeCreateTokenPrivilege 4108 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4108 msiexec.exe Token: SeLockMemoryPrivilege 4108 msiexec.exe Token: SeIncreaseQuotaPrivilege 4108 msiexec.exe Token: SeMachineAccountPrivilege 4108 msiexec.exe Token: SeTcbPrivilege 4108 msiexec.exe Token: SeSecurityPrivilege 4108 msiexec.exe Token: SeTakeOwnershipPrivilege 4108 msiexec.exe Token: SeLoadDriverPrivilege 4108 msiexec.exe Token: SeSystemProfilePrivilege 4108 msiexec.exe Token: SeSystemtimePrivilege 4108 msiexec.exe Token: SeProfSingleProcessPrivilege 4108 msiexec.exe Token: SeIncBasePriorityPrivilege 4108 msiexec.exe Token: SeCreatePagefilePrivilege 4108 msiexec.exe Token: SeCreatePermanentPrivilege 4108 msiexec.exe Token: SeBackupPrivilege 4108 msiexec.exe Token: SeRestorePrivilege 4108 msiexec.exe Token: SeShutdownPrivilege 4108 msiexec.exe Token: SeDebugPrivilege 4108 msiexec.exe Token: SeAuditPrivilege 4108 msiexec.exe Token: SeSystemEnvironmentPrivilege 4108 msiexec.exe Token: SeChangeNotifyPrivilege 4108 msiexec.exe Token: SeRemoteShutdownPrivilege 4108 msiexec.exe Token: SeUndockPrivilege 4108 msiexec.exe Token: SeSyncAgentPrivilege 4108 msiexec.exe Token: SeEnableDelegationPrivilege 4108 msiexec.exe Token: SeManageVolumePrivilege 4108 msiexec.exe Token: SeImpersonatePrivilege 4108 msiexec.exe Token: SeCreateGlobalPrivilege 4108 msiexec.exe Token: SeCreateTokenPrivilege 4108 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 4108 msiexec.exe Token: SeLockMemoryPrivilege 4108 msiexec.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4108 msiexec.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4972 wrote to memory of 624 4972 msiexec.exe 88 PID 4972 wrote to memory of 624 4972 msiexec.exe 88 PID 4972 wrote to memory of 624 4972 msiexec.exe 88
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen21.1874.13361.18609.msi1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4108
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4972 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 30DC6C042BA2914ACA238F39B2B2477B C2⤵
- Loads dropped DLL
PID:624
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
587KB
MD59e0aef52f6c03b2fea067342d9d4f22f
SHA1d4431a858c8a7a79315829ec7aa82e838c2714f4
SHA25642b8adafcb4e8496d9822a0c504f449e56456528a9251c153381d3f63d197e5b
SHA51242858a6695d7906b3df4dc97f3b1fac737633a51ffb52e8ec8eddeb21f8cdb53c199bb698e54c4a931155eafd879de6fff114b84f298c84436b776e286ebeeb1