Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/11/2024, 19:03

General

  • Target

    ViperX.exe

  • Size

    2.4MB

  • MD5

    192911b0fb520129c8cdf0eed111fb72

  • SHA1

    4cd807c8e0cd0e196958dd0c9c7b374e5220b859

  • SHA256

    3c223398b417e25d9299367ef9204894794a5600e6bb6ad6a52837ce9c27c2c8

  • SHA512

    008fb625896319cf48651e82ae96d01df9aaad09a63b08245e6631c4a4a6c67d5a1f949ec141ccf9f6546358ca91dfab698df8c32063e3df3f1c1d2021c6e935

  • SSDEEP

    49152:YXcgX/D+npvQOZITYbNbNWo4kSH3OqtwIjkqXfd+/9A3NHR+tkAaJC/:YXcYCJQOZIT4bNJFY3OqtXkqXf0FSJuC

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Delays execution with timeout.exe 1 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ViperX.exe
    "C:\Users\Admin\AppData\Local\Temp\ViperX.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c start cmd /C "color b && title Error && echo Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Response: {"success":true,"code":68,"message":"Initialized","sessionid":"bffbba5d","appinfo":{"numUsers":"N/A - Use fetchStats() function in latest example","numOnlineUsers":"N/A - Use fetchStats() function in latest example","numKeys":"N/A - Use fetchStats() function in latest example","version":"1.0","customerPanelLink":"https://keyauth.cc/panel/Rayen22/ViperX Project/"},"newSession":true,"nonce":"8fb390e1-95c2-4568-9d6a-43a2683a82de","ownerid":"1UYjXQHjss"} && timeout /t 5"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Windows\SysWOW64\cmd.exe
        cmd /C "color b && title Error && echo Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Response: {"success":true,"code":68,"message":"Initialized","sessionid":"bffbba5d","appinfo":{"numUsers":"N/A - Use fetchStats() function in latest example","numOnlineUsers":"N/A - Use fetchStats() function in latest example","numKeys":"N/A - Use fetchStats() function in latest example","version":"1.0","customerPanelLink":"https://keyauth.cc/panel/Rayen22/ViperX Project/"},"newSession":true,"nonce":"8fb390e1-95c2-4568-9d6a-43a2683a82de","ownerid":"1UYjXQHjss"} && timeout /t 5"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2276
        • C:\Windows\SysWOW64\timeout.exe
          timeout /t 5
          4⤵
          • System Location Discovery: System Language Discovery
          • Delays execution with timeout.exe
          PID:2752

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1696-0-0x0000000074BDE000-0x0000000074BDF000-memory.dmp

          Filesize

          4KB

        • memory/1696-1-0x00000000012A0000-0x0000000001512000-memory.dmp

          Filesize

          2.4MB

        • memory/1696-2-0x0000000004FE0000-0x00000000051F4000-memory.dmp

          Filesize

          2.1MB

        • memory/1696-3-0x0000000074BD0000-0x00000000752BE000-memory.dmp

          Filesize

          6.9MB

        • memory/1696-4-0x0000000074BD0000-0x00000000752BE000-memory.dmp

          Filesize

          6.9MB

        • memory/1696-6-0x0000000074BD0000-0x00000000752BE000-memory.dmp

          Filesize

          6.9MB