Overview

overview

10

Static

static

3

SecuriteIn...30.exe

windows7-x64

8

SecuriteIn...30.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/10/2024, 12:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.Siggen29.53958.6245.21630.exe

  • Size

    279KB

  • MD5

    d0cce7870080bd889dba1f4cfd2b3b26

  • SHA1

    a973389aa0908d7b56115aff9cd4878fbd9381f9

  • SHA256

    8ff3039072ecb32c50f446d6857aceef55547486f0572fe70feb5b1fa4c4727a

  • SHA512

    5fde0ed0ad44569d290972f336d0ca29c38f49bacefe7ba974cbb17d6db7a1a57a8e4f8618f438820c2ff386a6b9c5b8b702c24ee8718cae51379d1566729548

  • SSDEEP

    6144:imUMliX/k5k646sOcT86ISrQdoBX67Hgo2TWD:AMl6Y/fyQdWeHgo2a

Score
8/10
persistence

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Drops startup file 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen29.53958.6245.21630.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen29.53958.6245.21630.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
      2⤵
      • Drops file in Drivers directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1472
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 1472 -s 224
        3⤵
          PID:3056

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\System32\drivers\etc\hosts
      Filesize

      1KB

      MD5

      c55e7b590134bae106d2d8170affe162

      SHA1

      13b61495d4b1460ecb770e42a923c880a73ad692

      SHA256

      5d4c55ac6c8371c79f94a81c1e53fa50b0fa4231cda0fc9d93892739c723c7e7

      SHA512

      99162c8512811021c31c98cffe306b3badd07e779ac73d6da16e16d7597c1c8112b1a78dc33a27f717b13333bedf6a804a757e5030f653aeea41a338492c9e27

      Download Submit

    • \Users\Admin\AppData\Roaming\{8021D65EFBA22925382193}\{8021D65EFBA22925382193}.exe
      Filesize

      279KB

      MD5

      d0cce7870080bd889dba1f4cfd2b3b26

      SHA1

      a973389aa0908d7b56115aff9cd4878fbd9381f9

      SHA256

      8ff3039072ecb32c50f446d6857aceef55547486f0572fe70feb5b1fa4c4727a

      SHA512

      5fde0ed0ad44569d290972f336d0ca29c38f49bacefe7ba974cbb17d6db7a1a57a8e4f8618f438820c2ff386a6b9c5b8b702c24ee8718cae51379d1566729548

      Download Submit

    • memory/1472-7-0x000007FFFFFD4000-0x000007FFFFFD5000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1472-58-0x0000000140000000-0x000000014004C000-memory.dmp

      Filesize

      304KB

      Download