d0051eec84e965bcc80b3d5cbcabfff3a92ad475d6a7b45d8fd2fd37cbe6bed5

Submit
Reports

Overview

overview

Static

static

VirusSign....f3.exe

windows7-x64

VirusSign....f3.exe

windows10-2004-x64

VirusSign....ff.exe

windows7-x64

VirusSign....ff.exe

windows10-2004-x64

VirusSign....2d.exe

windows7-x64

VirusSign....2d.exe

windows10-2004-x64

VirusSign....31.exe

windows7-x64

VirusSign....31.exe

windows10-2004-x64

VirusSign....67.exe

windows7-x64

VirusSign....67.exe

windows10-2004-x64

VirusSign....f9.exe

windows7-x64

VirusSign....f9.exe

windows10-2004-x64

VirusSign....76.exe

windows7-x64

VirusSign....76.exe

windows10-2004-x64

VirusSign....45.exe

windows7-x64

VirusSign....45.exe

windows10-2004-x64

VirusSign....3a.exe

windows7-x64

VirusSign....3a.exe

windows10-2004-x64

VirusSign....2b.exe

windows7-x64

VirusSign....2b.exe

windows10-2004-x64

VirusSign....74.exe

windows7-x64

VirusSign....74.exe

windows10-2004-x64

VirusSign....9e.exe

windows7-x64

VirusSign....9e.exe

windows10-2004-x64

VirusSign....22.exe

windows7-x64

VirusSign....22.exe

windows10-2004-x64

VirusSign....ef.exe

windows7-x64

VirusSign....ef.exe

windows10-2004-x64

VirusSign....f3.exe

windows7-x64

VirusSign....f3.exe

windows10-2004-x64

VirusSign....d8.exe

windows7-x64

VirusSign....d8.exe

windows10-2004-x64

Analysis

max time kernel
118s
max time network
140s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 14:37

Sharing

Copy URL

Twitter E-mail

Static task

static1

28 signatures

Behavioral task

behavioral1

Sample

VirusSign.2024.02.08/036062de97522e2c40b04d1c1c0d5bf3.exe

Resource

win7-20231215-en

njrat persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

VirusSign.2024.02.08/036062de97522e2c40b04d1c1c0d5bf3.exe

Resource

win10v2004-20240220-en

persistence

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

VirusSign.2024.02.08/0366d8bc8e9bd5e64e301190356e79ff.exe

Resource

win7-20231215-en

persistence spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

VirusSign.2024.02.08/0366d8bc8e9bd5e64e301190356e79ff.exe

Resource

win10v2004-20240220-en

persistence spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral5

Sample

VirusSign.2024.02.08/0372bdc19184e4dd7461170dfb052a2d.exe

Resource

win7-20231215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

VirusSign.2024.02.08/0372bdc19184e4dd7461170dfb052a2d.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

VirusSign.2024.02.08/038db7a1bc9f32408eb32a8b02b5cf31.exe

Resource

win7-20231215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

VirusSign.2024.02.08/038db7a1bc9f32408eb32a8b02b5cf31.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

VirusSign.2024.02.08/0399febb08bcbf43227bad19576af767.exe

Resource

win7-20240215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

VirusSign.2024.02.08/0399febb08bcbf43227bad19576af767.exe

Resource

win10v2004-20240220-en

blackmoon banker trojan upx

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral11

Sample

VirusSign.2024.02.08/03a3a464ef2a1fbe54b35a8effbf54f9.exe

Resource

win7-20231215-en

persistence

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral12

Sample

VirusSign.2024.02.08/03a3a464ef2a1fbe54b35a8effbf54f9.exe

Resource

win10v2004-20231215-en

persistence

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral13

Sample

VirusSign.2024.02.08/03a4ed0cb8c9721fc1369cc5f381fd76.exe

Resource

win7-20231215-en

persistence

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral14

Sample

VirusSign.2024.02.08/03a4ed0cb8c9721fc1369cc5f381fd76.exe

Resource

win10v2004-20231215-en

persistence

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral15

Sample

VirusSign.2024.02.08/03af51abe00f3c6154bc829f07f83945.exe

Resource

win7-20231215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

VirusSign.2024.02.08/03af51abe00f3c6154bc829f07f83945.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

VirusSign.2024.02.08/03b6a8e2d209f10cce366b73bec0283a.exe

Resource

win7-20240220-en

blackmoon banker trojan upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral18

Sample

VirusSign.2024.02.08/03b6a8e2d209f10cce366b73bec0283a.exe

Resource

win10v2004-20231215-en

blackmoon banker trojan upx

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral19

Sample

VirusSign.2024.02.08/03ba9978296204d2048fb184e546932b.exe

Resource

win7-20240215-en

persistence spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral20

Sample

VirusSign.2024.02.08/03ba9978296204d2048fb184e546932b.exe

Resource

win10v2004-20231215-en

persistence spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral21

Sample

VirusSign.2024.02.08/03e3a2fc4bf137d68962d35b23186a74.exe

Resource

win7-20231215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

VirusSign.2024.02.08/03e3a2fc4bf137d68962d35b23186a74.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

VirusSign.2024.02.08/03e8dd811ff56c2ef65a494a29601f9e.exe

Resource

win7-20231215-en

persistence spyware stealer upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral24

Sample

VirusSign.2024.02.08/03e8dd811ff56c2ef65a494a29601f9e.exe

Resource

win10v2004-20231215-en

persistence spyware stealer upx

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral25

Sample

VirusSign.2024.02.08/03eec9b444ff21a20e84fa8592478c22.exe

Resource

win7-20231215-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral26

Sample

VirusSign.2024.02.08/03eec9b444ff21a20e84fa8592478c22.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral27

Sample

VirusSign.2024.02.08/04048340f3e175baa6bd71fcc12851ef.exe

Resource

win7-20231215-en

upx

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral28

Sample

VirusSign.2024.02.08/04048340f3e175baa6bd71fcc12851ef.exe

Resource

win10v2004-20240220-en

upx

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral29

Sample

VirusSign.2024.02.08/0409c5c4922e4b79e2017df62f632cf3.exe

Resource

win7-20240220-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

VirusSign.2024.02.08/0409c5c4922e4b79e2017df62f632cf3.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral31

Sample

VirusSign.2024.02.08/040dcef90aa17a406b8de190fd3330d8.exe

Resource

win7-20240215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

VirusSign.2024.02.08/040dcef90aa17a406b8de190fd3330d8.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

7 signatures

150 seconds

Report Analysis Logs

General

Target

VirusSign.2024.02.08/0409c5c4922e4b79e2017df62f632cf3.exe
Size

109KB
MD5

0409c5c4922e4b79e2017df62f632cf3
SHA1

08010654c34d1089997bb40e9376cc909c590456
SHA256

943776066d0dc04b383196e89a856a5114a53d48a11d76d7ee5bcd79474941c7
SHA512

4044133ab5c03e4d1d742b19d700127546a337609249991b9f30fb950da1961d12ca673c9ef185fca91a624761d8da6e32608c6ec55c4221ae2f9964ea09458b
SSDEEP

3072:spC1CWV2LuEjp5ErAmjzQw+hM45Fhexg+:sioLRjp5ErAmww14Exg

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process
1724	1956	WerFault.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 1724	1956	0409c5c4922e4b79e2017df62f632cf3.exe	14
PID 1956 wrote to memory of 1724	1956	0409c5c4922e4b79e2017df62f632cf3.exe	14
PID 1956 wrote to memory of 1724	1956	0409c5c4922e4b79e2017df62f632cf3.exe	14
PID 1956 wrote to memory of 1724	1956	0409c5c4922e4b79e2017df62f632cf3.exe	14

Processes

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 36
1⤵
- Program crash
PID:1724

C:\Users\Admin\AppData\Local\Temp\VirusSign.2024.02.08\0409c5c4922e4b79e2017df62f632cf3.exe
"C:\Users\Admin\AppData\Local\Temp\VirusSign.2024.02.08\0409c5c4922e4b79e2017df62f632cf3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1956-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download