Overview

overview

7

Static

static

3

virussign....40.exe

windows7-x64

7

virussign....40.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-05-2024 18:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    virussign.com_6fea5545ee17f3c101a39f12a0f6ae40.exe

  • Size

    200KB

  • MD5

    6fea5545ee17f3c101a39f12a0f6ae40

  • SHA1

    4f1878807ef657fe4388b6dd1fd5b76f4aee50ca

  • SHA256

    dc5c5870caaf5dbf02a51ff5e99485222730834916f0ab141b29b883cfde67d2

  • SHA512

    4f268eeac32cc8a5c25ec14db6ab036bba166d96c074a4ced0a99cef5dc16f604a852445291430190da025711f69f17a4ec14284bcbc0a8f10998ee2a0d21b04

  • SSDEEP

    6144:D2vT7ZKUZ+mDBeDDrxdnelyq4h5G2P4m2m3p/pXViG1B7u:D2vT3XBe3Wu7G2P4m2m3p/pXViG1BC

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\virussign.com_6fea5545ee17f3c101a39f12a0f6ae40.exe
    "C:\Users\Admin\AppData\Local\Temp\virussign.com_6fea5545ee17f3c101a39f12a0f6ae40.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 396
      2⤵
      • Program crash
      PID:2732
    • C:\Users\Admin\AppData\Local\Temp\virussign.com_6fea5545ee17f3c101a39f12a0f6ae40.exe
      C:\Users\Admin\AppData\Local\Temp\virussign.com_6fea5545ee17f3c101a39f12a0f6ae40.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:4828
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 376
        3⤵
        • Program crash
        PID:396
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1896 -ip 1896
    1⤵
      PID:5076
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4828 -ip 4828
      1⤵
        PID:3960

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\virussign.com_6fea5545ee17f3c101a39f12a0f6ae40.exe
        Filesize

        200KB

        MD5

        fd675fe1a1f7887414ac49b2d43afb7f

        SHA1

        09cae2a95a1ef7533533db6afcf06872db67f564

        SHA256

        2efc8439cbced472409310bf2c292604896b1a364df03693d6874d2a63ca2921

        SHA512

        be953f59e288fa3f1f545b089cb68514ddb48b5aadbdb7d114321b1f712028c86adf090bfc7f98b99641fd3e5c589654c3658c11d3915b7d7036cf90a408c41f

        Download Submit

      • memory/1896-0-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/1896-6-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/4828-7-0x0000000000400000-0x000000000043F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/4828-8-0x0000000000400000-0x000000000041A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/4828-13-0x0000000001490000-0x00000000014CF000-memory.dmp

        Filesize

        252KB

        Download