Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
28/05/2024, 19:24
Static task
static1
Behavioral task
behavioral1
Sample
virussign.com_9cfe18ad858015c7e20739978a185660.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
virussign.com_9cfe18ad858015c7e20739978a185660.exe
Resource
win10v2004-20240426-en
General
-
Target
virussign.com_9cfe18ad858015c7e20739978a185660.exe
-
Size
4.3MB
-
MD5
9cfe18ad858015c7e20739978a185660
-
SHA1
8902933058d4b915a6a66b78679a01f32cbd4d13
-
SHA256
38ac7e5e10f98bb4dc3ae4b1e88a2766a7eabcb3750c1d09bdad8ad58088c8f1
-
SHA512
70bc5fb5a6e76ae12b6327c6c31630280c4e75bfa33f4e906a31eecd21f170b6ff987c4c7dd62d5fe0a648e131d8bae7c018a204c2af79be8faaec6324f31933
-
SSDEEP
98304:kf4EIDDHK9nhCbJzEaokXvLZw8jzcO/7KNQS8r7NL5j5tDo3STwK7zUFBVEWLUy:Q4HKDQBKkXy+XWt815j5tDobSUFQsL
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion virussign.com_9cfe18ad858015c7e20739978a185660.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion virussign.com_9cfe18ad858015c7e20739978a185660.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\Z: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\J: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\L: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\M: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\N: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\S: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\U: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\W: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\B: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\G: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\O: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\P: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\Q: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\R: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\T: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\A: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\I: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\V: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\E: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\H: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\K: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\X: virussign.com_9cfe18ad858015c7e20739978a185660.exe File opened (read-only) \??\Y: virussign.com_9cfe18ad858015c7e20739978a185660.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 virussign.com_9cfe18ad858015c7e20739978a185660.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString virussign.com_9cfe18ad858015c7e20739978a185660.exe -
Enumerates system info in registry 2 TTPs 5 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS virussign.com_9cfe18ad858015c7e20739978a185660.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer virussign.com_9cfe18ad858015c7e20739978a185660.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName virussign.com_9cfe18ad858015c7e20739978a185660.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion virussign.com_9cfe18ad858015c7e20739978a185660.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion virussign.com_9cfe18ad858015c7e20739978a185660.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\virussign.com_9cfe18ad858015c7e20739978a185660.exe"C:\Users\Admin\AppData\Local\Temp\virussign.com_9cfe18ad858015c7e20739978a185660.exe"1⤵
- Checks BIOS information in registry
- Enumerates connected drives
- Checks processor information in registry
- Enumerates system info in registry
PID:3244