Analysis
-
max time kernel
142s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
26/07/2024, 01:25
General
-
Target
sigima.exe
-
Size
3.9MB
-
MD5
032496eafa4a0b110d8c37b4c995228c
-
SHA1
3531c2a5723be8a775a1784e434a9c8943ba4f1a
-
SHA256
e9ebb65e312f6e7ecd0d3637c85b64e18ff92949a740f98deeba23d415c14c0c
-
SHA512
ceafb86a8a5810343bcdcaacb627555a7c31347c8d08deef19fe19f3449ead663ea3c81bcdcad52484552070f4a454bd0ca0507b0aef002ed61eaaa1a0a0a884
-
SSDEEP
98304:VFkMoq8JwkyKiWnA7FJ1I8j5haEdt9iDMDN:0i8/yKOJd/ZdtQoDN
Score
9/10
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Sets service image path in registry 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer 5 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\sigima.exe"C:\Users\Admin\AppData\Local\Temp\sigima.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Sets service image path in registry
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color 0A2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11.8MB
-
Filesize
11.8MB
-
Filesize
11.8MB
-
Filesize
11.8MB
-
Filesize
8KB
-
Filesize
11.8MB