Overview

overview

7

Static

static

3

virussign....40.exe

windows7-x64

7

virussign....40.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 18:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    virussign.com_6fea5545ee17f3c101a39f12a0f6ae40.exe

  • Size

    200KB

  • MD5

    6fea5545ee17f3c101a39f12a0f6ae40

  • SHA1

    4f1878807ef657fe4388b6dd1fd5b76f4aee50ca

  • SHA256

    dc5c5870caaf5dbf02a51ff5e99485222730834916f0ab141b29b883cfde67d2

  • SHA512

    4f268eeac32cc8a5c25ec14db6ab036bba166d96c074a4ced0a99cef5dc16f604a852445291430190da025711f69f17a4ec14284bcbc0a8f10998ee2a0d21b04

  • SSDEEP

    6144:D2vT7ZKUZ+mDBeDDrxdnelyq4h5G2P4m2m3p/pXViG1B7u:D2vT3XBe3Wu7G2P4m2m3p/pXViG1BC

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\virussign.com_6fea5545ee17f3c101a39f12a0f6ae40.exe
    "C:\Users\Admin\AppData\Local\Temp\virussign.com_6fea5545ee17f3c101a39f12a0f6ae40.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Users\Admin\AppData\Local\Temp\virussign.com_6fea5545ee17f3c101a39f12a0f6ae40.exe
      C:\Users\Admin\AppData\Local\Temp\virussign.com_6fea5545ee17f3c101a39f12a0f6ae40.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2832

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\virussign.com_6fea5545ee17f3c101a39f12a0f6ae40.exe
          Filesize

          200KB

          MD5

          0d089d38405988e0faf482d7e58a2d8b

          SHA1

          46902adffdf05ca351a946d8c7813d8ece4ad890

          SHA256

          e85fdb61e18abb336bab42cb6ac873787063c63555b56480e4d3c73772625b54

          SHA512

          7d3514479f3e0bb6d1aa1f5911e8bb83ea5ed065682b480d00eeed205967e36be51c2350f0ee8be42662d8bd8b2033ae2f6e3be200db8abc1c1004ab9cfd260a

          Download Submit

        • memory/1972-0-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/1972-8-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2832-10-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2832-16-0x0000000000390000-0x00000000003CF000-memory.dmp

          Filesize

          252KB

          Download

        • memory/2832-11-0x0000000000400000-0x000000000041A000-memory.dmp

          Filesize

          104KB

          Download