Overview
overview
10Static
static
3028d53f522...fa.exe
windows7-x64
10028d53f522...fa.exe
windows10-2004-x64
10Bot_Checker.exe
windows7-x64
3Bot_Checker.exe
windows10-2004-x64
7Uninstall.exe
windows7-x64
3Uninstall.exe
windows10-2004-x64
7Versium.exe
windows7-x64
7Versium.exe
windows10-2004-x64
7VersiumRes...it.exe
windows7-x64
10VersiumRes...it.exe
windows10-2004-x64
10VersiumRes...it.exe
windows7-x64
1VersiumRes...it.exe
windows10-2004-x64
1Versiumresearch.exe
windows7-x64
6Versiumresearch.exe
windows10-2004-x64
6Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
11-11-2024 11:14
Static task
static1
Behavioral task
behavioral1
Sample
028d53f5224f9cc8c60bd953504f1efa.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
028d53f5224f9cc8c60bd953504f1efa.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Bot_Checker.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Bot_Checker.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Uninstall.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
Uninstall.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Versium.exe
Resource
win7-20241023-en
Behavioral task
behavioral8
Sample
Versium.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
VersiumResearch32bit.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
VersiumResearch32bit.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
VersiumResearch64bit.exe
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
VersiumResearch64bit.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Versiumresearch.exe
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Versiumresearch.exe
Resource
win10v2004-20241007-en
General
-
Target
Versium.exe
-
Size
746KB
-
MD5
393d6260e39b68b2d60300e4f62ebc83
-
SHA1
16c58c5b7dee3ce4c3a40925ba4eed3c188faf46
-
SHA256
e7431a806b1b1928256376ec29207a342f4b860f4332bb523a53ac2d9d3d35d3
-
SHA512
d1916b2f2f8deddf331735b4b6f4b329d65696481c6971694c3bf64fa38feda8472c700d15311aad3ec3eeae5a6f9e6c85f204f955555a57eeea131ec4e8a198
-
SSDEEP
6144:d/QiQXCz5m+ksmpk3U9j0IMsoxvjFEOTb9WmZX/8shzdsY4CpHPhnBvudg:VQi3zc6m6UR0IMp1hf39Wkv8xwJB2i
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2820 Versium.tmp -
Loads dropped DLL 4 IoCs
pid Process 1420 Versium.exe 2820 Versium.tmp 2820 Versium.tmp 2820 Versium.tmp -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Versium.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Versium.tmp -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1420 wrote to memory of 2820 1420 Versium.exe 30 PID 1420 wrote to memory of 2820 1420 Versium.exe 30 PID 1420 wrote to memory of 2820 1420 Versium.exe 30 PID 1420 wrote to memory of 2820 1420 Versium.exe 30 PID 1420 wrote to memory of 2820 1420 Versium.exe 30 PID 1420 wrote to memory of 2820 1420 Versium.exe 30 PID 1420 wrote to memory of 2820 1420 Versium.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\Versium.exe"C:\Users\Admin\AppData\Local\Temp\Versium.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1420 -
C:\Users\Admin\AppData\Local\Temp\is-V72GQ.tmp\Versium.tmp"C:\Users\Admin\AppData\Local\Temp\is-V72GQ.tmp\Versium.tmp" /SL5="$40126,506127,422400,C:\Users\Admin\AppData\Local\Temp\Versium.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2820
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.0MB
MD5baec3f13d8997ecbe4460979102ed0b5
SHA1438d163c5629b89cad5ba953a881afdb9624a998
SHA256b41f017498a1d43c409cc2c5840e31972858c59e83abf26ff9528c9908c7abbe
SHA512b4e14a3bc115ae816e3117d15b9a19f29d00322bd32112745d241f3452ffa52ef3db710397ce80972a443dc066fadbc161d1617b728430bf542edfef16a32125
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
216KB
MD58f995688085bced38ba7795f60a5e1d3
SHA15b1ad67a149c05c50d6e388527af5c8a0af4343a
SHA256203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006
SHA512043d41947ab69fc9297dcb5ad238acc2c35250d1172869945ed1a56894c10f93855f0210cbca41ceee9efb55fd56a35a4ec03c77e252409edc64bfb5fb821c35