Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

virussign....00.exe

windows7-x64

8

virussign....00.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 15:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    virussign.com_6dba1b11bb66d156b1af3c0a5d645a00.exe

  • Size

    579KB

  • MD5

    6dba1b11bb66d156b1af3c0a5d645a00

  • SHA1

    5ae2d1cd30f31b608d5400b74770b5a57be68941

  • SHA256

    c61214941383f26350a38acb13572d054087927943f4ad5befd15d5848f5981b

  • SHA512

    df374d5195efc1152465f110509b2f9d1ab22d84477e476b003436aadd4b79c1fe23d3d8c1e0089c2a9f1523df6f536aaff5a1ff8e2beca452d16e117e8c56e5

  • SSDEEP

    12288:7tKe6Zv23YLVFhBsC8iFHSs7xPY1f6HriPwU8mNCZA9M:v6Zv2ivhBVnFys7xP86LkRCmM

Score
8/10
persistenceupx

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • Modifies system executable filetype association 2 TTPs 1 IoCs
    persistence
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Program crash 1 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\virussign.com_6dba1b11bb66d156b1af3c0a5d645a00.exe
    "C:\Users\Admin\AppData\Local\Temp\virussign.com_6dba1b11bb66d156b1af3c0a5d645a00.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    PID:3104
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 752
      2⤵
      • Program crash
      PID:824
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 3104 -ip 3104
    1⤵
      PID:1472

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\concp32.exe
      Filesize

      581KB

      MD5

      fb19e95e03572c752c337224952987ac

      SHA1

      4bcdf47d0180d882df0cb2ab1cefa14d1d50c72d

      SHA256

      faf078666d1de4e9fe21353defca142b77d2e1ca8d61090a593e527b0dbcec21

      SHA512

      20cd0475ea0061c0a7ba8ed7db1dbe864d1208a74097e5687773b4a8d7ad1051e40ca55c37abf3c569e506e72c606e18b0b3cc8345f6214fdcd1892c6adbbed5

      Download Submit

    • memory/3104-0-0x0000000000400000-0x0000000000439000-memory.dmp

      Filesize

      228KB

      Download

    • memory/3104-7-0x0000000000400000-0x0000000000439000-memory.dmp

      Filesize

      228KB

      Download