260687b1e1ee90adb739fa9e618be63ae531952ad3f955b8d6ce70c773cd5cf5

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-06-2024 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Virussign.2024.06.08/virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe
Size

5.2MB
MD5

044454717ce16bdfddd7dfedfc4fa455
SHA1

2beb7f9914dfa214bbd2d6e69af0c154c13994a6
SHA256

55c3507d0db1a9dde5ee48796d7e0bdc7f3681f62aa8efff98e97b7ff9c1afdd
SHA512

8d55da3d0d1f85f674bdd9eeb4c05af4a45cfa25b83d513582bd7eb7cde0125109cde73e5b96c486d9ab09c845c45da07ef1b2158fd8dd1409da8e6d62174f5a
SSDEEP

49152:exxCp6fPKUYwWBNRaujWa6K2wxIO5B3CJr/FkjpdCnD5il0xbNbDevV05JDVEGmM:StfymWlMM3CtIIn40xbNbDIGJxUQ7

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

Processes:

virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe

description ioc process

File opened for modification C:\Windows\System32\drivers\etc\hosts virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe
Executes dropped EXE 1 IoCs

Processes:

266a88dfe993444789dc84f7310daf89.exe

pid process

1664 266a88dfe993444789dc84f7310daf89.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

description	ioc	process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe

pid	process
1664	266a88dfe993444789dc84f7310daf89.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe

description	pid	process	target process
PID 2284 wrote to memory of 1664	2284	virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe	266a88dfe993444789dc84f7310daf89.exe
PID 2284 wrote to memory of 1664	2284	virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe	266a88dfe993444789dc84f7310daf89.exe
PID 2284 wrote to memory of 1664	2284	virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe	266a88dfe993444789dc84f7310daf89.exe
PID 2284 wrote to memory of 1664	2284	virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe	266a88dfe993444789dc84f7310daf89.exe

C:\Users\Admin\AppData\Local\Temp\Virussign.2024.06.08\virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe
"C:\Users\Admin\AppData\Local\Temp\Virussign.2024.06.08\virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe"
1⤵
- Drops file in Drivers directory
- Suspicious use of WriteProcessMemory
PID:2284

C:\Users\Admin\AppData\Local\Temp\266a88dfe993444789dc84f7310daf89.exe
"C:\Users\Admin\AppData\Local\Temp\266a88dfe993444789dc84f7310daf89.exe" --01
2⤵
- Executes dropped EXE
PID:1664

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\266a88dfe993444789dc84f7310daf89.exe
Filesize
4.8MB

MD5
c18d8858bdedc5492f9b64d5f049e5d3

SHA1
c175dcaaac45554522527ead75845cba50b53622

SHA256
962f67ff9d9609ca911c66f8d86e7717bbb91580b524fbe68b65f7631ad1a283

SHA512
ea5bc49c6dd57e22c7f700ffa5b9060c99eac5d6aa94d7ff3dc15aa9bf4b272d733c039ba7b384a6dccdee52b39d22a54b5fce0f749267988cbe0d59fdb5bcbc

Download Submit
memory/2284-0-0x000007FEF555E000-0x000007FEF555F000-memory.dmp

Filesize
4KB

Download
memory/2284-1-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

Filesize
9.6MB

Download
memory/2284-2-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

Filesize
9.6MB

Download
memory/2284-3-0x000000001B300000-0x000000001B32E000-memory.dmp

Filesize
184KB

Download
memory/2284-4-0x0000000000B60000-0x0000000000B6A000-memory.dmp

Filesize
40KB

Download
memory/2284-11-0x0000000000A40000-0x0000000000A4E000-memory.dmp

Filesize
56KB

Download
memory/2284-12-0x000007FEF52A0000-0x000007FEF5C3D000-memory.dmp

Filesize
9.6MB

Download