260687b1e1ee90adb739fa9e618be63ae531952ad3f955b8d6ce70c773cd5cf5

Analysis

max time kernel
145s
max time network
154s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
13-06-2024 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Virussign.2024.06.08/virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe
Size

1.7MB
MD5

03bf9f5a5e7769cd9cddf935454e30f1
SHA1

9848f6ac4205b5f38372fd41adc810b53e114302
SHA256

71a9a636f468ed3b08721df281d8bf5372b8db8879464f3718316a40cba5da56
SHA512

f07bba9a610ee96ce13ab585f5c70831d2af5cecdb93f64e91a40c7aa90d7cbec95ad1d4089ae2781f5479eb7750ee39b84a4d5b80e36320f29d12977094716e
SSDEEP

24576:/o5dOf9g8OlZflTja0TZaqdiXSp0c02uFG6dAk3CMq0:/qdOhODf5a0TZaqdwk0c05HGi1

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\Virussign.2024.06.08\SkinH_EL.dll	acprotect

Loads dropped DLL 1 IoCs

Processes:

virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe

pid process

3012 virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\Virussign.2024.06.08\SkinH_EL.dll	upx
behavioral13/memory/3012-5-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral13/memory/3012-8-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral13/memory/3012-7-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral13/memory/3012-9-0x0000000010000000-0x000000001003D000-memory.dmp	upx

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe

pid process

3012 virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe

pid	process
3012	virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe
3012	virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe
3012	virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe
3012	virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe
3012	virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe
3012	virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe
3012	virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe

C:\Users\Admin\AppData\Local\Temp\Virussign.2024.06.08\virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe
"C:\Users\Admin\AppData\Local\Temp\Virussign.2024.06.08\virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Virussign.2024.06.08\SkinH_EL.dll
Filesize
86KB

MD5
147127382e001f495d1842ee7a9e7912

SHA1
92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

SHA256
edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

SHA512
97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

Download Submit
memory/3012-5-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/3012-8-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/3012-7-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/3012-9-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/3012-6-0x0000000010009000-0x000000001000A000-memory.dmp

Filesize
4KB

Download