965c03c1440a12d996905d6c365b4aac7ba463e5a7b3add65be68ec6af460993

Analysis

max time kernel
134s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virussign.exe
Size

214KB
MD5

035092f5c7d84ba03cf9d35d853c130f
SHA1

a3aace7fb445223bc5ea83cc5a2dee4852c109f8
SHA256

6e5f2dd63e046d77e2404ef8caf3863ee9d2d49dbb1d9a3db9d61f190b10c232
SHA512

779bcc5df993f0f2ab3fba4e7e146fc3be31aaf9dd79e9745ad7ef1181d82dfb255a04e177ab9528346d236a019d330cbb49505ce7cde2361fdf3aedc6d33be4
SSDEEP

6144:rmJIK+h5aRQuMulRZ5HiXsMrBjcKi1y4rJGzOp9iH4Bi:rmJB+h5SmulRmcMVjWddGzQ9iHr

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1616	Au_.exe

Loads dropped DLL 3 IoCs

pid	Process
1616	Au_.exe
1616	Au_.exe
1616	Au_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	virussign.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Au_.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 1616	2472	virussign.exe	86
PID 2472 wrote to memory of 1616	2472	virussign.exe	86
PID 2472 wrote to memory of 1616	2472	virussign.exe	86

C:\Users\Admin\AppData\Local\Temp\virussign.exe
"C:\Users\Admin\AppData\Local\Temp\virussign.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsqD39E.tmp\InstallOptions.dll

Filesize
15KB

MD5
6e663f1a0de94bc05d64d020da5d6f36

SHA1
c5abb0033776d6ab1f07e5b3568f7d64f90e5b04

SHA256
458b70e1745dc6e768d2338ccf3e6e86436488954ca3763472d8ffec4e7177e4

SHA512
2a037c39f3a08d4a80494227990f36c4fef2f73c4a6ad74dcc334317a1372234c25d08d8b80d79e126881a49fa4b3f2fffe3604c959d9ceceb47acc7192cc6a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqD39E.tmp\ProcDll.dll

Filesize
348KB

MD5
7c86e1f6b310fc8035c87386b8d2ed04

SHA1
cd25fe27443fc172d581f6eec26291218d66b5ff

SHA256
fae6ead8f70b1d7d5cce53a6875a3c83916bb06c6fd6dff12e859857d56547a1

SHA512
ed1f005cf44aec6ff3ce280924fe30e288377e6c619971ed50ce46a6c6935b9c6617e7ba88710be18637fbc02e89567f743af169ff8506a188cc114bb8b494b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsqD39E.tmp\ioC.ini

Filesize
460B

MD5
fc23695ff8d71cad90489e3974078fc6

SHA1
4289d3ed8ab07fcbd22aa75d1b19670c8397480a

SHA256
7576a5f31d1905e23f60399cf252b877810eb0346f1f855e56e01f213ed8ce09

SHA512
5c8c5ca38c9f4432a15e8d49f03fe087d83450e934ac4bc8d0abc48ad00aea0c16ca9907ee6f97191d2c4a1b50e2fd8fa42aaf76a03f2000766d102ce537c9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

Filesize
214KB

MD5
035092f5c7d84ba03cf9d35d853c130f

SHA1
a3aace7fb445223bc5ea83cc5a2dee4852c109f8

SHA256
6e5f2dd63e046d77e2404ef8caf3863ee9d2d49dbb1d9a3db9d61f190b10c232

SHA512
779bcc5df993f0f2ab3fba4e7e146fc3be31aaf9dd79e9745ad7ef1181d82dfb255a04e177ab9528346d236a019d330cbb49505ce7cde2361fdf3aedc6d33be4

Download Submit