Overview
overview
10Static
static
10Virussign....41.exe
windows7-x64
Virussign....41.exe
windows10-2004-x64
Virussign....83.exe
windows7-x64
1Virussign....83.exe
windows10-2004-x64
1Virussign....0a.exe
windows7-x64
Virussign....0a.exe
windows10-2004-x64
Virussign....b9.exe
windows7-x64
Virussign....b9.exe
windows10-2004-x64
Virussign....35.exe
windows7-x64
Virussign....35.exe
windows10-2004-x64
Virussign....7d.exe
windows7-x64
Virussign....7d.exe
windows10-2004-x64
Virussign....f1.exe
windows7-x64
7Virussign....f1.exe
windows10-2004-x64
7Virussign....ad.exe
windows7-x64
1Virussign....ad.exe
windows10-2004-x64
1Virussign....9c.exe
windows7-x64
1Virussign....9c.exe
windows10-2004-x64
1Virussign....55.exe
windows7-x64
8Virussign....55.exe
windows10-2004-x64
8Virussign....c5.exe
windows7-x64
3Virussign....c5.exe
windows10-2004-x64
3$PLUGINSDI...de.dll
windows7-x64
3$PLUGINSDI...de.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$SYSDIR/GPhotos.scr
windows7-x64
1$SYSDIR/GPhotos.scr
windows10-2004-x64
1$TEMP/Pica...sg.dll
windows7-x64
1$TEMP/Pica...sg.dll
windows10-2004-x64
1Analysis
-
max time kernel
145s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 02:42
Behavioral task
behavioral1
Sample
Virussign.2024.06.08/virussign.com_001d2d017b5a7716053d3f1486270f41.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Virussign.2024.06.08/virussign.com_001d2d017b5a7716053d3f1486270f41.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
Virussign.2024.06.08/virussign.com_00d73b2201d137dafcd073e6f90ed283.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
Virussign.2024.06.08/virussign.com_00d73b2201d137dafcd073e6f90ed283.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Virussign.2024.06.08/virussign.com_012d6250b2f03cc71381041c4eeeb50a.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
Virussign.2024.06.08/virussign.com_012d6250b2f03cc71381041c4eeeb50a.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Virussign.2024.06.08/virussign.com_0253492c47e1aae5c1906a4b099e13b9.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Virussign.2024.06.08/virussign.com_0253492c47e1aae5c1906a4b099e13b9.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Virussign.2024.06.08/virussign.com_025c0616d26ebf93aa583d575245bf35.exe
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
Virussign.2024.06.08/virussign.com_025c0616d26ebf93aa583d575245bf35.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Virussign.2024.06.08/virussign.com_02c31485fa69ef9d1a370034d043587d.exe
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
Virussign.2024.06.08/virussign.com_02c31485fa69ef9d1a370034d043587d.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
Virussign.2024.06.08/virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
Virussign.2024.06.08/virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
Virussign.2024.06.08/virussign.com_03d6ebf12ae52644ac8fbc893526aaad.exe
Resource
win7-20240611-en
Behavioral task
behavioral16
Sample
Virussign.2024.06.08/virussign.com_03d6ebf12ae52644ac8fbc893526aaad.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Virussign.2024.06.08/virussign.com_0437640434489c178ddce32f6bc8bd9c.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Virussign.2024.06.08/virussign.com_0437640434489c178ddce32f6bc8bd9c.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
Virussign.2024.06.08/virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
Virussign.2024.06.08/virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
Virussign.2024.06.08/virussign.com_0622fa4ddac7802def045e83a4ccb8c5.exe
Resource
win7-20240611-en
Behavioral task
behavioral22
Sample
Virussign.2024.06.08/virussign.com_0622fa4ddac7802def045e83a4ccb8c5.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/NSIS_Picasa_Unicode.dll
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/NSIS_Picasa_Unicode.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240611-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
$SYSDIR/GPhotos.scr
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
$SYSDIR/GPhotos.scr
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
$TEMP/PicasaInstaller/spmsg.dll
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
$TEMP/PicasaInstaller/spmsg.dll
Resource
win10v2004-20240611-en
General
-
Target
Virussign.2024.06.08/virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe
-
Size
1.7MB
-
MD5
03bf9f5a5e7769cd9cddf935454e30f1
-
SHA1
9848f6ac4205b5f38372fd41adc810b53e114302
-
SHA256
71a9a636f468ed3b08721df281d8bf5372b8db8879464f3718316a40cba5da56
-
SHA512
f07bba9a610ee96ce13ab585f5c70831d2af5cecdb93f64e91a40c7aa90d7cbec95ad1d4089ae2781f5479eb7750ee39b84a4d5b80e36320f29d12977094716e
-
SSDEEP
24576:/o5dOf9g8OlZflTja0TZaqdiXSp0c02uFG6dAk3CMq0:/qdOhODf5a0TZaqdwk0c05HGi1
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\Virussign.2024.06.08\SkinH_EL.dll acprotect -
Loads dropped DLL 1 IoCs
Processes:
virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exepid process 3012 virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe -
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\Virussign.2024.06.08\SkinH_EL.dll upx behavioral13/memory/3012-5-0x0000000010000000-0x000000001003D000-memory.dmp upx behavioral13/memory/3012-8-0x0000000010000000-0x000000001003D000-memory.dmp upx behavioral13/memory/3012-7-0x0000000010000000-0x000000001003D000-memory.dmp upx behavioral13/memory/3012-9-0x0000000010000000-0x000000001003D000-memory.dmp upx -
Processes:
virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exepid process 3012 virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exepid process 3012 virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe 3012 virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe 3012 virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe 3012 virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe 3012 virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe 3012 virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe 3012 virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Virussign.2024.06.08\virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe"C:\Users\Admin\AppData\Local\Temp\Virussign.2024.06.08\virussign.com_03bf9f5a5e7769cd9cddf935454e30f1.exe"1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3012
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\Virussign.2024.06.08\SkinH_EL.dllFilesize
86KB
MD5147127382e001f495d1842ee7a9e7912
SHA192d1ed56032183c75d4b57d7ce30b1c4ae11dc9b
SHA256edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc
SHA51297f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d
-
memory/3012-5-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/3012-8-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/3012-7-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/3012-9-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/3012-6-0x0000000010009000-0x000000001000A000-memory.dmpFilesize
4KB