8c5d544c8813508e9ac6d6fd9f11ffab55b1b8b122b1e92e3ff8b2268aec302e

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 15:49

Target

virussign.com_d06dabffed8f329def85b45cde0cc660.exe
Size

29KB
MD5

d06dabffed8f329def85b45cde0cc660
SHA1

4d901bc68edab04ae0e72e3c2281a764f0e02975
SHA256

8c5d544c8813508e9ac6d6fd9f11ffab55b1b8b122b1e92e3ff8b2268aec302e
SHA512

8a2586ddb42c11e9dab1ed4a50cc2f333d278d2f8be777b35c0dabaa2390c0bbc9bc727d33b4828ad75d5aede8049249ceb95f1c943936f20ee1f32812f6cbe0
SSDEEP

384:v/4LNJY74JwOllSBQmrb0i5PrmqHIKpa54b5f0iws0wGF4K:v/qSamrxDmqoKM4Z0iwtwc4K

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
1588	2024052815.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4728	virussign.com_d06dabffed8f329def85b45cde0cc660.exe
1588	2024052815.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 1588	4728	virussign.com_d06dabffed8f329def85b45cde0cc660.exe	91
PID 4728 wrote to memory of 1588	4728	virussign.com_d06dabffed8f329def85b45cde0cc660.exe	91
PID 4728 wrote to memory of 1588	4728	virussign.com_d06dabffed8f329def85b45cde0cc660.exe	91
PID 4728 wrote to memory of 2424	4728	virussign.com_d06dabffed8f329def85b45cde0cc660.exe	92
PID 4728 wrote to memory of 2424	4728	virussign.com_d06dabffed8f329def85b45cde0cc660.exe	92
PID 4728 wrote to memory of 2424	4728	virussign.com_d06dabffed8f329def85b45cde0cc660.exe	92

C:\Users\Admin\AppData\Local\Temp\virussign.com_d06dabffed8f329def85b45cde0cc660.exe
"C:\Users\Admin\AppData\Local\Temp\virussign.com_d06dabffed8f329def85b45cde0cc660.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Users\Admin\AppData\Local\Temp\2024052815.exe
  C:\Users\Admin\AppData\Local\Temp\2024052815.exe down
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1588
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\del.bat
  2⤵
  PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4020 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\2024052815.exe

Filesize
29KB

MD5
30b06deb9a9490b2050ee4e67ddc1432

SHA1
91af7a6aacc1f47657b697873032333e7d00dc85

SHA256
c50c561c15734a8c0b7a1964405c0f9c59cd8b2532094826763e42b66f36eb37

SHA512
a3378d650b00b404294778af4107f11059d26e1ed61c02743c2631ecd6fef92a2c40579347583c80f9c9a6fa18bd312a2bbc5e4e1df1951eb8771d72c5474a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\del.bat

Filesize
213B

MD5
1e59b74a195d1c62d15aaee6283c470d

SHA1
fe15c70b1ee869bfdc5f633b2caf67b0f3b35fa4

SHA256
46c40027fce6ff6ca20f1fadd6eede54e7933ba2ccf41b3d94566cf70d623f46

SHA512
531342dfb900c6368d4db6dde6e790fc42ec0656e0d3d4c6b9f43c05d2352d21c2d2398aa7ac5aafb2d9b297339a363105b4f77f8cc8f01a0a7fc2a86017dd57

Download Submit
memory/1588-14-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download