Overview

overview

7

Static

static

3

virussign....e0.exe

windows7-x64

7

virussign....e0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 18:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    virussign.com_01a41a275fcb2c20cf722f76a78429e0.exe

  • Size

    65KB

  • MD5

    01a41a275fcb2c20cf722f76a78429e0

  • SHA1

    2ce65e088cb43ef240d2cbffbef1e729cb09c7a1

  • SHA256

    c4e6cdf494928a93a07ef02ad70b9b99b6b789df7dc57b996a6b447ce53faab9

  • SHA512

    af8874e113da40e05ed29ec5ca198a0be28403ee80d765bb3d3bf587b897b79466dac95e6a9a14f3ce74ba405a5d518742790c3bd0d06f32186b50d2fcc8f69d

  • SSDEEP

    768:3eQIvFKPZo2smEasjcj29NWngAHxcw9ppEaxglaX5uAS:39IvEPZo6Ead29NQgA2wQle56

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\virussign.com_01a41a275fcb2c20cf722f76a78429e0.exe
    "C:\Users\Admin\AppData\Local\Temp\virussign.com_01a41a275fcb2c20cf722f76a78429e0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:396
    • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      C:\Users\Admin\AppData\Roaming\ewiuer2.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Windows\SysWOW64\ewiuer2.exe
        C:\Windows\System32\ewiuer2.exe
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Suspicious use of WriteProcessMemory
        PID:3628
        • C:\Windows\SysWOW64\ewiuer2.exe
          C:\Windows\SysWOW64\ewiuer2.exe /nomove
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          PID:1172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\ewiuer2.exe
    Filesize

    65KB

    MD5

    b3d6c7ba9bdef0c173162d18d372d5e0

    SHA1

    067249b23eae642d9059f80ec4507163fe9fb0af

    SHA256

    461fe2fd8f4be368464db72259d55b54d4db58789ecbaafc04367cee9adb8aed

    SHA512

    d6132858326bf7330a76027e3d4e8c3b70bb8ee80894360c8ebd792708b45bff1974bdd3c1484e8b15f5a9ccd24cdc619952110d88e49b5622555b6e1af3102f

    Download Submit

  • C:\Windows\SysWOW64\ewiuer2.exe
    Filesize

    65KB

    MD5

    10c7a44e02783f6514debc618b1ca96d

    SHA1

    c4a8ea97e4de0dacefc9f156042b4bb7b2bf29f7

    SHA256

    31e71b8b1014dbdd25623b51b800c55ef93ff34d685b9049aaf7759d8c385fed

    SHA512

    dcb07f70b5b64fac0b4cee8a2a07a40b32b3e47485645e1ac65be9032d7e0c1411b06646b1864fcaca64de87f9ac842904086db8c57b44f6aac92228a826c884

    Download Submit

  • memory/396-1-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1172-16-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1172-17-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2804-5-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2804-6-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2804-11-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3628-12-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3628-13-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3628-15-0x0000000000400000-0x000000000042A000-memory.dmp

    Filesize

    168KB

    Download