8c5d544c8813508e9ac6d6fd9f11ffab55b1b8b122b1e92e3ff8b2268aec302e

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 15:49

Target

virussign.com_d06dabffed8f329def85b45cde0cc660.exe
Size

29KB
MD5

d06dabffed8f329def85b45cde0cc660
SHA1

4d901bc68edab04ae0e72e3c2281a764f0e02975
SHA256

8c5d544c8813508e9ac6d6fd9f11ffab55b1b8b122b1e92e3ff8b2268aec302e
SHA512

8a2586ddb42c11e9dab1ed4a50cc2f333d278d2f8be777b35c0dabaa2390c0bbc9bc727d33b4828ad75d5aede8049249ceb95f1c943936f20ee1f32812f6cbe0
SSDEEP

384:v/4LNJY74JwOllSBQmrb0i5PrmqHIKpa54b5f0iws0wGF4K:v/qSamrxDmqoKM4Z0iwtwc4K

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2644	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
560	2024052815.exe

Loads dropped DLL 2 IoCs

pid	Process
2372	virussign.com_d06dabffed8f329def85b45cde0cc660.exe
2372	virussign.com_d06dabffed8f329def85b45cde0cc660.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2372	virussign.com_d06dabffed8f329def85b45cde0cc660.exe
560	2024052815.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 560	2372	virussign.com_d06dabffed8f329def85b45cde0cc660.exe	28
PID 2372 wrote to memory of 560	2372	virussign.com_d06dabffed8f329def85b45cde0cc660.exe	28
PID 2372 wrote to memory of 560	2372	virussign.com_d06dabffed8f329def85b45cde0cc660.exe	28
PID 2372 wrote to memory of 560	2372	virussign.com_d06dabffed8f329def85b45cde0cc660.exe	28
PID 2372 wrote to memory of 2644	2372	virussign.com_d06dabffed8f329def85b45cde0cc660.exe	29
PID 2372 wrote to memory of 2644	2372	virussign.com_d06dabffed8f329def85b45cde0cc660.exe	29
PID 2372 wrote to memory of 2644	2372	virussign.com_d06dabffed8f329def85b45cde0cc660.exe	29
PID 2372 wrote to memory of 2644	2372	virussign.com_d06dabffed8f329def85b45cde0cc660.exe	29

C:\Users\Admin\AppData\Local\Temp\virussign.com_d06dabffed8f329def85b45cde0cc660.exe
"C:\Users\Admin\AppData\Local\Temp\virussign.com_d06dabffed8f329def85b45cde0cc660.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\2024052815.exe
  C:\Users\Admin\AppData\Local\Temp\2024052815.exe down
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:560
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\del.bat
  2⤵
  - Deletes itself
  PID:2644

C:\Users\Admin\AppData\Local\Temp\2024052815.exe

Filesize
29KB

MD5
b86ba3b378ec9e377dc9f59f90aa3236

SHA1
dad102135de6dea66963a6e0f4a09144775a5327

SHA256
ab58dc10f265c7094d5b56e12e63c3ba0082c5eab0a698a9443ac2da28d84110

SHA512
8de9da794da827449e2d780c605e51b640c576c14e8dde9beb227395e2a6dc2b85e05f3e2dcebebe99d1c45f15bc1092ebfca2369cbb0edaf3f80e9aa3040b30

Download Submit
C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
213B

MD5
1e59b74a195d1c62d15aaee6283c470d

SHA1
fe15c70b1ee869bfdc5f633b2caf67b0f3b35fa4

SHA256
46c40027fce6ff6ca20f1fadd6eede54e7933ba2ccf41b3d94566cf70d623f46

SHA512
531342dfb900c6368d4db6dde6e790fc42ec0656e0d3d4c6b9f43c05d2352d21c2d2398aa7ac5aafb2d9b297339a363105b4f77f8cc8f01a0a7fc2a86017dd57

Download Submit
memory/560-24-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download