Overview

overview

10

Static

static

3

virussign....b0.exe

windows7-x64

10

virussign....b0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 18:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    virussign.com_1bd0d4ca15ce554d6450ee4d9968c6b0.exe

  • Size

    481KB

  • MD5

    1bd0d4ca15ce554d6450ee4d9968c6b0

  • SHA1

    ec2560a00fa6854e61b90a601fda1a1b8e1e3cf8

  • SHA256

    e3b0673e3c8bc8de589d1c5b170b029b1f7452fcdfc70cfb919dca29bb7134a0

  • SHA512

    28a5d547f1493b29a535826653a0fd3624ac13236a694a3358ec9ed659f74e3cc0afdf4750aa98da5c95286550fd9a58a81f96214d4f7e222b95af45bafe2d74

  • SSDEEP

    6144:pjFRiOcXH6XWD0w1tizmtnktLJ6znvxNcCI+1jDIlnJ9+1aTEPTnOK4JKElDnA:nRDc3yWDNU+YUznzNjElWaT07NQtDA

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 2 IoCs
    evasion
  • Adds policy Run key to start application 2 TTPs 4 IoCs
    persistence
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 13 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\virussign.com_1bd0d4ca15ce554d6450ee4d9968c6b0.exe
    "C:\Users\Admin\AppData\Local\Temp\virussign.com_1bd0d4ca15ce554d6450ee4d9968c6b0.exe"
    1⤵
    • Modifies firewall policy service
    • Adds policy Run key to start application
    • Sets service image path in registry
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    PID:3028

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\msrpc.exe
          Filesize

          481KB

          MD5

          033b1f0896cf78e01574ac9d91173867

          SHA1

          f2c008d9c5f00eca65a9ac5f6c9be02d1908e41d

          SHA256

          9d1abc889887988cc92d7fb7fe0024961cc33b3b6534be3b73042895a8f6ab31

          SHA512

          1b6d776004e6c2d1fdfaec8b367e1f801d81398af59b719c46483644d79874490ad7bfc71c0803f6cc46e0e4edfa2781aeb226325c9b75141fca0ecb1c78e4c6

          Download Submit

        • memory/3028-0-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3028-1-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3028-18-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3028-19-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3028-20-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3028-21-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3028-22-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3028-23-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3028-24-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3028-25-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/3028-26-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download