Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SecuriteInfo.com.Trojan.Siggen26.13253.13951.8155.exe

PE32+ executable (console) x86-64, for MS Windows

initial sample

Details

Filetype:	PE32+ executable (console) x86-64, for MS Windows
Entropy:	7.9366972422071305
Filename:	SecuriteInfo.com.Trojan.Siggen26.13253.13951.8155.exe
Filesize:	1648640
MD5:	72762b7ac7c6dfdc7b1c3b3a5171103a
SHA1:	1ff4eb16282c076fbe98c589ba0218a1b39672be
SHA256:	ecc5a64d97d4adb41ed9332e4c0f5dc7dc02a64a77817438d27fc31c69f7c1d3
SHA512:	a8f281da8160a62cf5f07273cc5c3c62dc8aa0aa33f75abd22e9d49b366a63c214274bd1b7140a1c4773584a451a2b54722991880999386d6924932953a6de14
SSDEEP:	49152:TgCwUI2zMCsThgKx7epXo6Ekk6Jy63g9iugMN51fP:Tg9msFgs6u6rk2FgYugMr
Preview:	MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........*.d.K.7.K.7.K.7. .6.K.7. .6&K.7.$+7.K.7.?.6.K.7.?.6.K.7.?.6.K.7. .6.K.77?.6.K.7. .6.K.7.K.7.J.7T>.6.I.77?.6HK.77?.6.K.77?)7.K.

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Query firmware table information (likely to detect VMs)	Malware Analysis System Evasion	Virtualization/Sandbox Evasion Security Software Discovery
Sample file is different than original file name gathered from version info	System Summary
Creates mutexes	System Summary
Disables application error messsages (SetErrorMode)	Hooking and other Techniques for Hiding and Protection
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion
Reads software policies	System Summary	System Information Discovery
Sample is known by Antivirus	System Summary
Tries to load missing DLLs	System Summary	DLL Side-Loading
Uses an in-process (OLE) Automation server	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

\Device\ConDrv

ASCII text, with CRLF, CR line terminators

dropped

Details

File:	\Device\ConDrv
Category:	dropped
Dump:	ConDrv.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.13253.13951.8155.exe
Type:	ASCII text, with CRLF, CR line terminators
Entropy:	4.970687775759423
Encrypted:	false
Ssdeep:	6:o9ZnpCwvG25zZv03CwyTSZv0kt4CwZUTSZvn:oBtAty3tZh
Size:	236
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.13253.13951.8155.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.13253.13951.8155.exe"

Details

Is windows:	false
Is dropped:	false
PID:	1696
Target ID:	0
Parent PID:	2580
Name:	SecuriteInfo.com.Trojan.Siggen26.13253.13951.8155.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.13253.13951.8155.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.13253.13951.8155.exe"
Size:	1648640
MD5:	72762B7AC7C6DFDC7B1C3B3A5171103A
Time:	14:39:56
Date:	04/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff661120000
Modulesize:	7151616
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Machine Learning detection for sample	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a big raw section	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	3332
Target ID:	1
Parent PID:	1696
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	14:39:56
Date:	04/07/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

xmr.330com.com

117.52.82.171

IPs

Domain

Country

Malicious

211.108.74.247

unknown

Korea Republic of

Details

IP:	211.108.74.247
TargetID:	0
Current Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen26.13253.13951.8155.exe
Country:	Korea Republic of
Countrycode:	KOR
ASN number:	9318
ASN name:	SKB-ASSKBroadbandCoLtdKR
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Xmrig

Version

Memdumps

Base Address

Regiontype

Protect

Malicious

256E6EBC000

unkown

page read and write

294E3CC8000

heap

page read and write

256E506B000

heap

page read and write

294EBED8000

heap

page read and write

294E96D8000

heap

page read and write

B8515FE000

unkown

page read and write

256E6840000

heap

page read and write

294E3D0F000

heap

page read and write

B8516FC000

unkown

page read and write

294EB4D8000

heap

page read and write

AAB71FE000

stack

page read and write

256E6C54000

unkown

page read and write

294E3CCD000

heap

page read and write

256E4C00000

heap

page read and write

294E3C65000

heap

page read and write

256E6EAC000

unkown

page read and write

294E3D88000

direct allocation

page execute read

256E8BE0000

unkown

page read and write

256E7190000

unkown

page readonly

B851279000

unkown

page read and write

294E3D30000

heap

page read and write

AAB6CFE000

stack

page read and write

256E5050000

unkown

page readonly

294E6ED8000

heap

page read and write

256E6DF2000

unkown

page read and write

294E3E20000

direct allocation

page execute and read and write

B85177E000

unkown

page readonly

AAB73FE000

stack

page read and write

294E3DD0000

direct allocation

page execute and read and write

B85187E000

unkown

page readonly

256E6E9E000

unkown

page read and write

294ED2D8000

heap

page read and write

294E3D18000

heap

page read and write

256E6E54000

unkown

page read and write

256E6D90000

unkown

page read and write

256E6E8E000

unkown

page read and write

256E4CE0000

unkown

page read and write

294E3E90000

heap

page read and write

256E6CB6000

unkown

page read and write

256E6E76000

unkown

page read and write

294E3B50000

heap

page read and write

256E6790000

unkown

page readonly

B85127B000

unkown

page read and write

256E4D00000

unkown

page read and write

294EAAD8000

heap

page read and write

AAB6DFF000

stack

page read and write

AAB6AFE000

stack

page read and write

256E676E000

unkown

page read and write

294EC8D8000

heap

page read and write

294E3C36000

heap

page read and write

256E4D60000

unkown

page readonly

AAB72FF000

stack

page read and write

256E6EAA000

unkown

page read and write

294E3E10000

direct allocation

page execute and read and write

AAB6FFD000

stack

page read and write

256E6B90000

unkown

page read and write

7FF66165F000

unkown

page execute and write copy

294E3CC4000

heap

page read and write

256E6E34000

unkown

page read and write

294E82D8000

heap

page read and write

256E5060000

heap

page read and write

256E4D21000

unkown

page readonly

AAB76FF000

stack

page read and write

294E3EE5000

heap

page read and write

294E64D8000

heap

page read and write

294E3D50000

heap

page read and write

256E4DB8000

heap

page read and write

256E94E0000

unkown

page read and write

294E3C30000

heap

page read and write

294E3D20000

heap

page read and write

294E59D0000

heap

page read and write

294E3C92000

heap

page read and write

256E729E000

unkown

page read and write

256E6D84000

unkown

page read and write

256E6E9A000

unkown

page read and write

256E8CE0000

unkown

page read and write

294E3C61000

heap

page read and write

256E6ECF000

unkown

page read and write

256E4D90000

unkown

page read and write

294E5AD8000

heap

page read and write

256E4DB0000

heap

page read and write

256E6843000

heap

page read and write

256E6EB8000

unkown

page read and write

294E78D8000

heap

page read and write

7FF6617F1000

unkown

page write copy

294EA0D8000

heap

page read and write

B85167E000

unkown

page readonly

294E5A10000

heap

page read and write

256E4BF0000

unkown

page readonly

256E6D6A000

unkown

page read and write

AAB672B000

stack

page read and write

256E4D50000

unkown

page read and write

294E5A2A000

heap

page read and write

B851273000

unkown

page read and write

294E3EE0000

heap

page read and write

B8517FB000

unkown

page read and write

256E6D00000

unkown

page read and write

256E5065000

heap

page read and write

AAB70FB000

stack

page read and write

256E5270000

unkown

page readonly

256E6BF2000

unkown

page read and write

294E3C3C000

heap

page read and write

256E6D8A000

unkown

page read and write

294E3C52000

heap

page read and write

294E3D96000

direct allocation

page execute read

7FF661120000

unkown

page readonly

294E5A32000

heap

page read and write

294E3D80000

direct allocation

page execute read

294E8CD8000

heap

page read and write

B8511DE000

stack

page read and write

256E6680000

unkown

page read and write

There are 101 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Trojan.Siggen26.13253.13951.8155.exe

Files

Processes

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Trojan.Siggen26.13253.13951.8155.exe

Files

Processes

Domains

IPs

Registry

Memdumps

IOC Report
SecuriteInfo.com.Trojan.Siggen26.13253.13951.8155.exe