Overview
overview
10Static
static
10VirusSign....f3.exe
windows7-x64
10VirusSign....f3.exe
windows10-2004-x64
10VirusSign....ff.exe
windows7-x64
7VirusSign....ff.exe
windows10-2004-x64
7VirusSign....2d.exe
windows7-x64
1VirusSign....2d.exe
windows10-2004-x64
1VirusSign....31.exe
windows7-x64
VirusSign....31.exe
windows10-2004-x64
VirusSign....67.exe
windows7-x64
1VirusSign....67.exe
windows10-2004-x64
10VirusSign....f9.exe
windows7-x64
10VirusSign....f9.exe
windows10-2004-x64
10VirusSign....76.exe
windows7-x64
10VirusSign....76.exe
windows10-2004-x64
10VirusSign....45.exe
windows7-x64
1VirusSign....45.exe
windows10-2004-x64
1VirusSign....3a.exe
windows7-x64
10VirusSign....3a.exe
windows10-2004-x64
10VirusSign....2b.exe
windows7-x64
7VirusSign....2b.exe
windows10-2004-x64
7VirusSign....74.exe
windows7-x64
1VirusSign....74.exe
windows10-2004-x64
1VirusSign....9e.exe
windows7-x64
7VirusSign....9e.exe
windows10-2004-x64
7VirusSign....22.exe
windows7-x64
7VirusSign....22.exe
windows10-2004-x64
7VirusSign....ef.exe
windows7-x64
7VirusSign....ef.exe
windows10-2004-x64
7VirusSign....f3.exe
windows7-x64
3VirusSign....f3.exe
windows10-2004-x64
3VirusSign....d8.exe
windows7-x64
1VirusSign....d8.exe
windows10-2004-x64
7Analysis
-
max time kernel
97s -
max time network
197s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
20/02/2024, 14:37
Static task
static1
Behavioral task
behavioral1
Sample
VirusSign.2024.02.08/036062de97522e2c40b04d1c1c0d5bf3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
VirusSign.2024.02.08/036062de97522e2c40b04d1c1c0d5bf3.exe
Resource
win10v2004-20240220-en
Behavioral task
behavioral3
Sample
VirusSign.2024.02.08/0366d8bc8e9bd5e64e301190356e79ff.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
VirusSign.2024.02.08/0366d8bc8e9bd5e64e301190356e79ff.exe
Resource
win10v2004-20240220-en
Behavioral task
behavioral5
Sample
VirusSign.2024.02.08/0372bdc19184e4dd7461170dfb052a2d.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
VirusSign.2024.02.08/0372bdc19184e4dd7461170dfb052a2d.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
VirusSign.2024.02.08/038db7a1bc9f32408eb32a8b02b5cf31.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
VirusSign.2024.02.08/038db7a1bc9f32408eb32a8b02b5cf31.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
VirusSign.2024.02.08/0399febb08bcbf43227bad19576af767.exe
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
VirusSign.2024.02.08/0399febb08bcbf43227bad19576af767.exe
Resource
win10v2004-20240220-en
Behavioral task
behavioral11
Sample
VirusSign.2024.02.08/03a3a464ef2a1fbe54b35a8effbf54f9.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
VirusSign.2024.02.08/03a3a464ef2a1fbe54b35a8effbf54f9.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
VirusSign.2024.02.08/03a4ed0cb8c9721fc1369cc5f381fd76.exe
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
VirusSign.2024.02.08/03a4ed0cb8c9721fc1369cc5f381fd76.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
VirusSign.2024.02.08/03af51abe00f3c6154bc829f07f83945.exe
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
VirusSign.2024.02.08/03af51abe00f3c6154bc829f07f83945.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
VirusSign.2024.02.08/03b6a8e2d209f10cce366b73bec0283a.exe
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
VirusSign.2024.02.08/03b6a8e2d209f10cce366b73bec0283a.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
VirusSign.2024.02.08/03ba9978296204d2048fb184e546932b.exe
Resource
win7-20240215-en
Behavioral task
behavioral20
Sample
VirusSign.2024.02.08/03ba9978296204d2048fb184e546932b.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
VirusSign.2024.02.08/03e3a2fc4bf137d68962d35b23186a74.exe
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
VirusSign.2024.02.08/03e3a2fc4bf137d68962d35b23186a74.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
VirusSign.2024.02.08/03e8dd811ff56c2ef65a494a29601f9e.exe
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
VirusSign.2024.02.08/03e8dd811ff56c2ef65a494a29601f9e.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
VirusSign.2024.02.08/03eec9b444ff21a20e84fa8592478c22.exe
Resource
win7-20231215-en
Behavioral task
behavioral26
Sample
VirusSign.2024.02.08/03eec9b444ff21a20e84fa8592478c22.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
VirusSign.2024.02.08/04048340f3e175baa6bd71fcc12851ef.exe
Resource
win7-20231215-en
Behavioral task
behavioral28
Sample
VirusSign.2024.02.08/04048340f3e175baa6bd71fcc12851ef.exe
Resource
win10v2004-20240220-en
Behavioral task
behavioral29
Sample
VirusSign.2024.02.08/0409c5c4922e4b79e2017df62f632cf3.exe
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
VirusSign.2024.02.08/0409c5c4922e4b79e2017df62f632cf3.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral31
Sample
VirusSign.2024.02.08/040dcef90aa17a406b8de190fd3330d8.exe
Resource
win7-20240215-en
Behavioral task
behavioral32
Sample
VirusSign.2024.02.08/040dcef90aa17a406b8de190fd3330d8.exe
Resource
win10v2004-20231215-en
General
-
Target
VirusSign.2024.02.08/03eec9b444ff21a20e84fa8592478c22.exe
-
Size
405KB
-
MD5
03eec9b444ff21a20e84fa8592478c22
-
SHA1
9b1b7ff45b73f8cb9ad8f3037c3deeb6ed2e81a5
-
SHA256
705985fea4cbd638e8633fe77894a557420467020b2f71e35408b120df584a22
-
SHA512
826233a9f010e523f14273f78f33c89f8f95e610c406ed4ca017eba2b64668b18eb98f4fbe9ecb2a423607effd5d2e4ed486acb21e9e7e5839b0480f6696f60a
-
SSDEEP
6144:sy+T9tAllM7QuLYfGTLyN6Xu0g3nSnvCGbYCFafAoIhHO:sy+T9ellutLYfG3yNYlg3SvRbr2AoIh
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2084 German.exe -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\French\German.exe 03eec9b444ff21a20e84fa8592478c22.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 3440 03eec9b444ff21a20e84fa8592478c22.exe 3440 03eec9b444ff21a20e84fa8592478c22.exe 3440 03eec9b444ff21a20e84fa8592478c22.exe 3440 03eec9b444ff21a20e84fa8592478c22.exe 2084 German.exe 2084 German.exe 2084 German.exe 2084 German.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3440 wrote to memory of 2084 3440 03eec9b444ff21a20e84fa8592478c22.exe 83 PID 3440 wrote to memory of 2084 3440 03eec9b444ff21a20e84fa8592478c22.exe 83 PID 3440 wrote to memory of 2084 3440 03eec9b444ff21a20e84fa8592478c22.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\VirusSign.2024.02.08\03eec9b444ff21a20e84fa8592478c22.exe"C:\Users\Admin\AppData\Local\Temp\VirusSign.2024.02.08\03eec9b444ff21a20e84fa8592478c22.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3440 -
C:\Program Files\French\German.exe"C:\Program Files\French\German.exe" "33201"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
406KB
MD5df47d86e0afcac3e0ab7104a6263ae0d
SHA19df5b2b3b8ffd7f104ba0d4c6e7d3f44933f6fe6
SHA256125264899407d3347648a2546d218e0c52d6eb0c235969771e41b2685ef2e55b
SHA5124f6c7d5a74a5c068b32330547ab6d992e746d80f4ed133ea2bb0e1fa851781a2e2f27baed38894bc16ca519f4e70bd9bc702d3b2a79def37f90c322f5541a100