Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
10/07/2024, 03:27
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe
Resource
win10v2004-20240709-en
General
-
Target
SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe
-
Size
1.4MB
-
MD5
2b59053189eda5000eae481f34c2770f
-
SHA1
2d86f4b5798b3d94b8a239c18b1bafb5f37c2cde
-
SHA256
c1910a22c8deb792207d5c6d61d168825cf0445a76a9c5b76cde5400241177b1
-
SHA512
7f1cbe5805ac8e9e17aa7cf13645011e4fd46b0166923909a87878eb290d91e66edbf4821cc4762258d10d21826e3530b1ebae1b63ca885fcb3fb55bcf8dbb84
-
SSDEEP
24576:kwGvIBKN5VI/EtUhUN51zj1SqdAGFQZIxaC45UJoeno:xKNU/EtUuN3zjYq+ZIML5UJoeo
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
pid Process 1796 360TS_Setup.exe -
Loads dropped DLL 6 IoCs
pid Process 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe 1796 360TS_Setup.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files (x86)\1720582183_0\360TS_Setup.exe 360TS_Setup.exe File opened for modification C:\Program Files (x86)\1720582183_0\360TS_Setup.exe 360TS_Setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2376 wrote to memory of 1796 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe 31 PID 2376 wrote to memory of 1796 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe 31 PID 2376 wrote to memory of 1796 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe 31 PID 2376 wrote to memory of 1796 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe 31 PID 2376 wrote to memory of 1796 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe 31 PID 2376 wrote to memory of 1796 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe 31 PID 2376 wrote to memory of 1796 2376 SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen21.32984.5152.16224.exe"1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2376 -
C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe"C:\Users\Admin\AppData\Local\Temp\360TS_Setup.exe" /c:WW.ADBcash.CPI202311S37 /pmode:2 /promo:eyJib290dGltZSI6IjciLCJtZWRhbCI6IjciLCJuZXdzIjoiMCIsIm9wZXJhIjoiNyIsIm9wZXJhX2lucyI6IjAiLCJwb3B1cCI6IjciLCJyZW1pbmRlciI6IjciLCJ1cGdyYWRlX25vdyI6IjAifQo= /s2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:1796
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize654B
MD5df0245a8df2cb33ce6f3a835ab040fe9
SHA1521b113070561b621800dca26ea0e54598bdc80d
SHA256d9450f610b9f8aa9d7013b9e1a7abd38cd6f3e3440a4fecdcf1ec0e3e0f781b9
SHA512a15fe976db677a83a4feed99dc2c4024ed6d65c36de640573e75b5006b1739d5932a082a749d79d8c61ce1f91bce8bc91c5f0873c8a3ae8900c358baff3f03b8
-
C:\Users\Admin\AppData\Local\Temp\[email protected]\setup.ini
Filesize830B
MD559f3348c9b330622912f0c6b6bd4b009
SHA1c1bd6e70c69f47974ff3318083e6bca3d8cabe5a
SHA256fac3db562c43351f670a48c50f7258c6edb852ccb4e0c434bc9af3f8ae28fa24
SHA5121525a779ae950502ac8c16eb197b8a3c5fb46a821e3a67189841cca2c561547f78c4e9d1ca5d6dacc99bf933038f52c0b0ca1e9ec56701d08fd97b4034c04d99
-
Filesize
1.0MB
MD5b192f34d99421dc3207f2328ffe62bd0
SHA1e4bbbba20d05515678922371ea787b39f064cd2c
SHA25658f13d919f44d194827b609b6b267246abc47134bb202472c0dfe033b9d7ed73
SHA51200d4c7a0a0097eb4b31a71a0eaf6ff0d44619f77a335c75688565e34e6d7f4fb6c258917457d560c6b0a5077603845ce012e01d9862e87fb5327d7f8da970f95
-
Filesize
824KB
MD5fc1796add9491ee757e74e65cedd6ae7
SHA1603e87ab8cb45f62ecc7a9ef52d5dedd261ea812
SHA256bf1b96f5b56be51e24d6314bc7ec25f1bdba2435f4dfc5be87de164fe5de9e60
SHA5128fa2e4ff5cbc05034051261c778fec1f998ceb2d5e8dea16b26b91056a989fdc58f33767687b393f32a5aff7c2b8d6df300b386f608abd0ad193068aa9251e0d