Overview
overview
10Static
static
10VirusSign....f3.exe
windows7-x64
10VirusSign....f3.exe
windows10-2004-x64
10VirusSign....ff.exe
windows7-x64
7VirusSign....ff.exe
windows10-2004-x64
7VirusSign....2d.exe
windows7-x64
1VirusSign....2d.exe
windows10-2004-x64
1VirusSign....31.exe
windows7-x64
VirusSign....31.exe
windows10-2004-x64
VirusSign....67.exe
windows7-x64
1VirusSign....67.exe
windows10-2004-x64
10VirusSign....f9.exe
windows7-x64
10VirusSign....f9.exe
windows10-2004-x64
10VirusSign....76.exe
windows7-x64
10VirusSign....76.exe
windows10-2004-x64
10VirusSign....45.exe
windows7-x64
1VirusSign....45.exe
windows10-2004-x64
1VirusSign....3a.exe
windows7-x64
10VirusSign....3a.exe
windows10-2004-x64
10VirusSign....2b.exe
windows7-x64
7VirusSign....2b.exe
windows10-2004-x64
7VirusSign....74.exe
windows7-x64
1VirusSign....74.exe
windows10-2004-x64
1VirusSign....9e.exe
windows7-x64
7VirusSign....9e.exe
windows10-2004-x64
7VirusSign....22.exe
windows7-x64
7VirusSign....22.exe
windows10-2004-x64
7VirusSign....ef.exe
windows7-x64
7VirusSign....ef.exe
windows10-2004-x64
7VirusSign....f3.exe
windows7-x64
3VirusSign....f3.exe
windows10-2004-x64
3VirusSign....d8.exe
windows7-x64
1VirusSign....d8.exe
windows10-2004-x64
7Analysis
-
max time kernel
7s -
max time network
53s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
20-02-2024 14:37
Static task
static1
Behavioral task
behavioral1
Sample
VirusSign.2024.02.08/036062de97522e2c40b04d1c1c0d5bf3.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
VirusSign.2024.02.08/036062de97522e2c40b04d1c1c0d5bf3.exe
Resource
win10v2004-20240220-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
VirusSign.2024.02.08/0366d8bc8e9bd5e64e301190356e79ff.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
VirusSign.2024.02.08/0366d8bc8e9bd5e64e301190356e79ff.exe
Resource
win10v2004-20240220-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
VirusSign.2024.02.08/0372bdc19184e4dd7461170dfb052a2d.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
VirusSign.2024.02.08/0372bdc19184e4dd7461170dfb052a2d.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
VirusSign.2024.02.08/038db7a1bc9f32408eb32a8b02b5cf31.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
VirusSign.2024.02.08/038db7a1bc9f32408eb32a8b02b5cf31.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
VirusSign.2024.02.08/0399febb08bcbf43227bad19576af767.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral10
Sample
VirusSign.2024.02.08/0399febb08bcbf43227bad19576af767.exe
Resource
win10v2004-20240220-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
VirusSign.2024.02.08/03a3a464ef2a1fbe54b35a8effbf54f9.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
VirusSign.2024.02.08/03a3a464ef2a1fbe54b35a8effbf54f9.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
VirusSign.2024.02.08/03a4ed0cb8c9721fc1369cc5f381fd76.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
VirusSign.2024.02.08/03a4ed0cb8c9721fc1369cc5f381fd76.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
VirusSign.2024.02.08/03af51abe00f3c6154bc829f07f83945.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
VirusSign.2024.02.08/03af51abe00f3c6154bc829f07f83945.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
VirusSign.2024.02.08/03b6a8e2d209f10cce366b73bec0283a.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral18
Sample
VirusSign.2024.02.08/03b6a8e2d209f10cce366b73bec0283a.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
VirusSign.2024.02.08/03ba9978296204d2048fb184e546932b.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral20
Sample
VirusSign.2024.02.08/03ba9978296204d2048fb184e546932b.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
VirusSign.2024.02.08/03e3a2fc4bf137d68962d35b23186a74.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
VirusSign.2024.02.08/03e3a2fc4bf137d68962d35b23186a74.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
VirusSign.2024.02.08/03e8dd811ff56c2ef65a494a29601f9e.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
VirusSign.2024.02.08/03e8dd811ff56c2ef65a494a29601f9e.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
VirusSign.2024.02.08/03eec9b444ff21a20e84fa8592478c22.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral26
Sample
VirusSign.2024.02.08/03eec9b444ff21a20e84fa8592478c22.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
VirusSign.2024.02.08/04048340f3e175baa6bd71fcc12851ef.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
VirusSign.2024.02.08/04048340f3e175baa6bd71fcc12851ef.exe
Resource
win10v2004-20240220-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
VirusSign.2024.02.08/0409c5c4922e4b79e2017df62f632cf3.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral30
Sample
VirusSign.2024.02.08/0409c5c4922e4b79e2017df62f632cf3.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
VirusSign.2024.02.08/040dcef90aa17a406b8de190fd3330d8.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral32
Sample
VirusSign.2024.02.08/040dcef90aa17a406b8de190fd3330d8.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
VirusSign.2024.02.08/03eec9b444ff21a20e84fa8592478c22.exe
-
Size
405KB
-
MD5
03eec9b444ff21a20e84fa8592478c22
-
SHA1
9b1b7ff45b73f8cb9ad8f3037c3deeb6ed2e81a5
-
SHA256
705985fea4cbd638e8633fe77894a557420467020b2f71e35408b120df584a22
-
SHA512
826233a9f010e523f14273f78f33c89f8f95e610c406ed4ca017eba2b64668b18eb98f4fbe9ecb2a423607effd5d2e4ed486acb21e9e7e5839b0480f6696f60a
-
SSDEEP
6144:sy+T9tAllM7QuLYfGTLyN6Xu0g3nSnvCGbYCFafAoIhHO:sy+T9ellutLYfG3yNYlg3SvRbr2AoIh
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2760 Custom.exe -
Loads dropped DLL 2 IoCs
pid Process 2688 03eec9b444ff21a20e84fa8592478c22.exe 2688 03eec9b444ff21a20e84fa8592478c22.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\Standard\Custom.exe 03eec9b444ff21a20e84fa8592478c22.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2688 03eec9b444ff21a20e84fa8592478c22.exe 2688 03eec9b444ff21a20e84fa8592478c22.exe 2688 03eec9b444ff21a20e84fa8592478c22.exe 2688 03eec9b444ff21a20e84fa8592478c22.exe 2760 Custom.exe 2760 Custom.exe 2760 Custom.exe 2760 Custom.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2688 wrote to memory of 2760 2688 03eec9b444ff21a20e84fa8592478c22.exe 29 PID 2688 wrote to memory of 2760 2688 03eec9b444ff21a20e84fa8592478c22.exe 29 PID 2688 wrote to memory of 2760 2688 03eec9b444ff21a20e84fa8592478c22.exe 29 PID 2688 wrote to memory of 2760 2688 03eec9b444ff21a20e84fa8592478c22.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\VirusSign.2024.02.08\03eec9b444ff21a20e84fa8592478c22.exe"C:\Users\Admin\AppData\Local\Temp\VirusSign.2024.02.08\03eec9b444ff21a20e84fa8592478c22.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Program Files\Standard\Custom.exe"C:\Program Files\Standard\Custom.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
405KB
MD5d5fe977b055fe50172dc87fc08794bdc
SHA15a62a0dd4b30bf721f9b13a8fb156261d7fbc8b0
SHA2560391ee32cb5daecec3252a8957f961ec29d4932aeef19ad33d876acb2a5bbe78
SHA5127404497d1dd6eea00fd5cf4f1f9ed2b9b5fdbe3261de831f45f74185a191fcb115aadcb8f95ab8e0fba367784902c6f8a4ae7d6d7beb58803eb9c9b246c80ecc