260687b1e1ee90adb739fa9e618be63ae531952ad3f955b8d6ce70c773cd5cf5

Analysis

max time kernel
135s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Virussign.2024.06.08/virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe
Size

5.2MB
MD5

044454717ce16bdfddd7dfedfc4fa455
SHA1

2beb7f9914dfa214bbd2d6e69af0c154c13994a6
SHA256

55c3507d0db1a9dde5ee48796d7e0bdc7f3681f62aa8efff98e97b7ff9c1afdd
SHA512

8d55da3d0d1f85f674bdd9eeb4c05af4a45cfa25b83d513582bd7eb7cde0125109cde73e5b96c486d9ab09c845c45da07ef1b2158fd8dd1409da8e6d62174f5a
SSDEEP

49152:exxCp6fPKUYwWBNRaujWa6K2wxIO5B3CJr/FkjpdCnD5il0xbNbDevV05JDVEGmM:StfymWlMM3CtIIn40xbNbDIGJxUQ7

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

Processes:

virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe

description ioc process

File opened for modification C:\Windows\System32\drivers\etc\hosts virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe
Executes dropped EXE 1 IoCs

Processes:

5c53b93874f242c2ae6816a5d87a59bb.exe

pid process

2016 5c53b93874f242c2ae6816a5d87a59bb.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

description	ioc	process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe

pid	process
2016	5c53b93874f242c2ae6816a5d87a59bb.exe

Drops desktop.ini file(s) 2 IoCs

Processes:

virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe

description	ioc	process
File created	C:\Windows\assembly\Desktop.ini	virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe

Drops file in Windows directory 3 IoCs

Processes:

virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe

description	ioc	process
File created	C:\Windows\assembly\Desktop.ini	virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe
File opened for modification	C:\Windows\assembly	virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe

description	pid	process	target process
PID 4204 wrote to memory of 2016	4204	virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe	5c53b93874f242c2ae6816a5d87a59bb.exe
PID 4204 wrote to memory of 2016	4204	virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe	5c53b93874f242c2ae6816a5d87a59bb.exe
PID 4204 wrote to memory of 2016	4204	virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe	5c53b93874f242c2ae6816a5d87a59bb.exe

C:\Users\Admin\AppData\Local\Temp\Virussign.2024.06.08\virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe
"C:\Users\Admin\AppData\Local\Temp\Virussign.2024.06.08\virussign.com_044454717ce16bdfddd7dfedfc4fa455.exe"
1⤵
- Drops file in Drivers directory
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4204

C:\Users\Admin\AppData\Local\Temp\5c53b93874f242c2ae6816a5d87a59bb.exe
"C:\Users\Admin\AppData\Local\Temp\5c53b93874f242c2ae6816a5d87a59bb.exe" --01
2⤵
- Executes dropped EXE
PID:2016

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5c53b93874f242c2ae6816a5d87a59bb.exe
Filesize
4.8MB

MD5
c18d8858bdedc5492f9b64d5f049e5d3

SHA1
c175dcaaac45554522527ead75845cba50b53622

SHA256
962f67ff9d9609ca911c66f8d86e7717bbb91580b524fbe68b65f7631ad1a283

SHA512
ea5bc49c6dd57e22c7f700ffa5b9060c99eac5d6aa94d7ff3dc15aa9bf4b272d733c039ba7b384a6dccdee52b39d22a54b5fce0f749267988cbe0d59fdb5bcbc

Download Submit
memory/4204-6-0x000000001C900000-0x000000001C92E000-memory.dmp

Filesize
184KB

Download
memory/4204-2-0x000000001C140000-0x000000001C60E000-memory.dmp

Filesize
4.8MB

Download
memory/4204-3-0x000000001C6B0000-0x000000001C74C000-memory.dmp

Filesize
624KB

Download
memory/4204-4-0x00007FFA2F450000-0x00007FFA2FDF1000-memory.dmp

Filesize
9.6MB

Download
memory/4204-5-0x0000000001750000-0x0000000001758000-memory.dmp

Filesize
32KB

Download
memory/4204-0-0x00007FFA2F705000-0x00007FFA2F706000-memory.dmp

Filesize
4KB

Download
memory/4204-9-0x000000001DA90000-0x000000001DA9A000-memory.dmp

Filesize
40KB

Download
memory/4204-1-0x00007FFA2F450000-0x00007FFA2FDF1000-memory.dmp

Filesize
9.6MB

Download
memory/4204-13-0x00007FFA2F450000-0x00007FFA2FDF1000-memory.dmp

Filesize
9.6MB

Download
memory/4204-16-0x000000001BC60000-0x000000001BC6E000-memory.dmp

Filesize
56KB

Download
memory/4204-17-0x000000001E570000-0x000000001E590000-memory.dmp

Filesize
128KB

Download
memory/4204-18-0x000000001E5B0000-0x000000001E5C8000-memory.dmp

Filesize
96KB

Download
memory/4204-20-0x00007FFA2F450000-0x00007FFA2FDF1000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads