21c1c5b62ceebdd74177318f5aa3818680e687012d3ca057f410825db313e2ef

Submit
Reports

Overview

overview

Static

static

Virussign....rn.exe

windows7-x64

Virussign....rn.exe

windows10-2004-x64

Virussign....rn.exe

windows7-x64

Virussign....rn.exe

windows10-2004-x64

Virussign....up.exe

windows7-x64

Virussign....up.exe

windows10-2004-x64

Virussign....8c.exe

windows7-x64

Virussign....8c.exe

windows10-2004-x64

Virussign....46.exe

windows7-x64

Virussign....46.exe

windows10-2004-x64

Virussign....30.dll

windows7-x64

Virussign....30.dll

windows10-2004-x64

Virussign....1e.exe

windows7-x64

Virussign....1e.exe

windows10-2004-x64

Virussign....61.exe

windows7-x64

Virussign....61.exe

windows10-2004-x64

Virussign....9b.exe

windows7-x64

Virussign....9b.exe

windows10-2004-x64

Virussign....6e.exe

windows7-x64

Virussign....6e.exe

windows10-2004-x64

Virussign....87.exe

windows7-x64

Virussign....87.exe

windows10-2004-x64

Virussign....95.exe

windows7-x64

Virussign....95.exe

windows10-2004-x64

Virussign....a8.dll

windows7-x64

Virussign....a8.dll

windows10-2004-x64

Virussign....a1.dll

windows7-x64

Virussign....a1.dll

windows10-2004-x64

Virussign....f8.exe

windows7-x64

Virussign....f8.exe

windows10-2004-x64

Virussign....8d.exe

windows7-x64

Virussign....8d.exe

windows10-2004-x64

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 01:51

Sharing

Copy URL

Twitter E-mail

Static task

static1

8 signatures

Behavioral task

behavioral1

Sample

Virussign.2024.05.18/calc_avx_clear_pattern.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

Virussign.2024.05.18/calc_avx_clear_pattern.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

Virussign.2024.05.18/notepad_ovl_avx_clear_pattern.exe

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

Virussign.2024.05.18/notepad_ovl_avx_clear_pattern.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

Virussign.2024.05.18/setup.exe

Resource

win7-20240220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral6

Sample

Virussign.2024.05.18/setup.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral7

Sample

Virussign.2024.05.18/virussign.com_00ceb6c3a68f258ea4ccdc52d737df8c.exe

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Virussign.2024.05.18/virussign.com_00ceb6c3a68f258ea4ccdc52d737df8c.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Virussign.2024.05.18/virussign.com_04fb05c549d5a52ec70626fe4534fb46.exe

Resource

win7-20240419-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

Virussign.2024.05.18/virussign.com_04fb05c549d5a52ec70626fe4534fb46.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

Virussign.2024.05.18/virussign.com_0631206e87f9a6629676bd2c54c2c330.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral12

Sample

Virussign.2024.05.18/virussign.com_0631206e87f9a6629676bd2c54c2c330.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral13

Sample

Virussign.2024.05.18/virussign.com_0644f7190db49dab20359cedf541f21e.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

Virussign.2024.05.18/virussign.com_0644f7190db49dab20359cedf541f21e.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Virussign.2024.05.18/virussign.com_0670da5e605648d3612479c1b8c2b161.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

Virussign.2024.05.18/virussign.com_0670da5e605648d3612479c1b8c2b161.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

Virussign.2024.05.18/virussign.com_06d660813c67035f568796f6a305b69b.exe

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

Virussign.2024.05.18/virussign.com_06d660813c67035f568796f6a305b69b.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

Virussign.2024.05.18/virussign.com_07952ee09f86d961f8a8f90d84c8646e.exe

Resource

win7-20240215-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

Virussign.2024.05.18/virussign.com_07952ee09f86d961f8a8f90d84c8646e.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral21

Sample

Virussign.2024.05.18/virussign.com_07adf85d6149a7aa1fa528bfbbcf7187.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

Virussign.2024.05.18/virussign.com_07adf85d6149a7aa1fa528bfbbcf7187.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

Virussign.2024.05.18/virussign.com_08a6c34267000edb55071c7e51c17a95.exe

Resource

win7-20240221-en

bootkit persistence

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral24

Sample

Virussign.2024.05.18/virussign.com_08a6c34267000edb55071c7e51c17a95.exe

Resource

win10v2004-20240508-en

bootkit persistence

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral25

Sample

Virussign.2024.05.18/virussign.com_0a1b6be85247a893173f6358899f6ea8.dll

Resource

win7-20240220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral26

Sample

Virussign.2024.05.18/virussign.com_0a1b6be85247a893173f6358899f6ea8.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral27

Sample

Virussign.2024.05.18/virussign.com_0add1be69ec253397ac34e7cd6e235a1.dll

Resource

win7-20240220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

Virussign.2024.05.18/virussign.com_0add1be69ec253397ac34e7cd6e235a1.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

Virussign.2024.05.18/virussign.com_0ce34849ed68e6c96adc6b5b396c51f8.exe

Resource

win7-20231129-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral30

Sample

Virussign.2024.05.18/virussign.com_0ce34849ed68e6c96adc6b5b396c51f8.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

Virussign.2024.05.18/virussign.com_0d19b6b1baaa8f6ea8c83a39e74ffa8d.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

Virussign.2024.05.18/virussign.com_0d19b6b1baaa8f6ea8c83a39e74ffa8d.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

Virussign.2024.05.18/virussign.com_0ce34849ed68e6c96adc6b5b396c51f8.exe
Size

1.7MB
MD5

0ce34849ed68e6c96adc6b5b396c51f8
SHA1

13cec5096e74a97f05f603dcbb15373d279e857f
SHA256

143c775f3192ac837028e02e71125c8f3c216ac7c1e7fa03b65d8be26d5717b7
SHA512

e545ff7dcfb8bc6070af6b1c168c6544e44205618b8d7621a25ad9fd17444e3b9d48711f3a3ea3aeeb18fb0b8a9ad812525af965b76ad79705d8e4c9e5194d54
SSDEEP

49152:Qchq5LrtH8GUz3x07wb5qKGjs9+UyAAXcADHyLash66cC918KxKz3x07wb5qKGjn:Qf53WGYyM

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

virussign.com_0ce34849ed68e6c96adc6b5b396c51f8.exe

pid process

320 virussign.com_0ce34849ed68e6c96adc6b5b396c51f8.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

virussign.com_0ce34849ed68e6c96adc6b5b396c51f8.exe

pid process

320 virussign.com_0ce34849ed68e6c96adc6b5b396c51f8.exe

pid	process
320	virussign.com_0ce34849ed68e6c96adc6b5b396c51f8.exe

pid	process
320	virussign.com_0ce34849ed68e6c96adc6b5b396c51f8.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Virussign.2024.05.18\virussign.com_0ce34849ed68e6c96adc6b5b396c51f8.exe
"C:\Users\Admin\AppData\Local\Temp\Virussign.2024.05.18\virussign.com_0ce34849ed68e6c96adc6b5b396c51f8.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/320-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/320-2-0x0000000000400000-0x00000000005B5000-memory.dmp

Filesize
1.7MB

Download