General
-
Target
SecuriteInfo.com.Exploit.Siggen2.9920.3882.15200
-
Size
175KB
-
Sample
200801-svmwp1912a
-
MD5
0044ba776778e2f3ec800a96294ce8b3
-
SHA1
0a3c6df795a29e3eef7ddf0aa2bfa03daf401e6e
-
SHA256
7ef18f7b96100c4dc8a648050ff5c5995b2ba175593ecbdde9a2c66ddb0a5efe
-
SHA512
d7ff746f87d9d43b5e104bebe979585de4a96d292bf3dfb057e8cc1a06298373bd762f7c18759c9f2cfd93abddc573d03c5baf3c0c62632b73dc7c418a0e4ded
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.Siggen2.9920.3882.15200.doc
Resource
win7v200722
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.Siggen2.9920.3882.15200.doc
Resource
win10v200722
Malware Config
Extracted
https://fastreadhotnews.com/assets/87nzy_l5_nsek/
http://xycgsck.com/wp-admin/4ltp_6h_d6hcijri8/
https://boulderinn.com/cgi-bin/710sj1hy96ynyfens7bm53a9h_7gpg2a_g1487pb/
http://chcquimica.com.br/loja/qtbmmjrt14kd4ot_t9cfy83_g42n8ts6/
http://gijsvanroij.nl/170101/cua5mnzjfcg8bi8esjju_ryiud_qjv2zcgixs/
Targets
-
-
Target
SecuriteInfo.com.Exploit.Siggen2.9920.3882.15200
-
Size
175KB
-
MD5
0044ba776778e2f3ec800a96294ce8b3
-
SHA1
0a3c6df795a29e3eef7ddf0aa2bfa03daf401e6e
-
SHA256
7ef18f7b96100c4dc8a648050ff5c5995b2ba175593ecbdde9a2c66ddb0a5efe
-
SHA512
d7ff746f87d9d43b5e104bebe979585de4a96d292bf3dfb057e8cc1a06298373bd762f7c18759c9f2cfd93abddc573d03c5baf3c0c62632b73dc7c418a0e4ded
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-