Overview
overview
10Static
static
10VirusSign....9d.exe
windows10-ltsc 2021-x64
10VirusSign....1a.exe
windows10-ltsc 2021-x64
10VirusSign....ee.exe
windows10-ltsc 2021-x64
VirusSign....d1.exe
windows10-ltsc 2021-x64
10VirusSign....a2.exe
windows10-ltsc 2021-x64
10VirusSign....4c.exe
windows10-ltsc 2021-x64
10VirusSign....90.exe
windows10-ltsc 2021-x64
10VirusSign....c7.exe
windows10-ltsc 2021-x64
VirusSign....36.exe
windows10-ltsc 2021-x64
8VirusSign....f8.exe
windows10-ltsc 2021-x64
10VirusSign....33.exe
windows10-ltsc 2021-x64
10VirusSign....f5.exe
windows10-ltsc 2021-x64
10VirusSign....19.exe
windows10-ltsc 2021-x64
8VirusSign....ab.exe
windows10-ltsc 2021-x64
10VirusSign....5f.exe
windows10-ltsc 2021-x64
10VirusSign....11.exe
windows10-ltsc 2021-x64
10VirusSign....5c.exe
windows10-ltsc 2021-x64
VirusSign....a0.exe
windows10-ltsc 2021-x64
8VirusSign....ae.exe
windows10-ltsc 2021-x64
10VirusSign....b2.exe
windows10-ltsc 2021-x64
10VirusSign....7d.exe
windows10-ltsc 2021-x64
10VirusSign....96.exe
windows10-ltsc 2021-x64
7VirusSign....e4.exe
windows10-ltsc 2021-x64
8VirusSign....3a.exe
windows10-ltsc 2021-x64
10VirusSign....47.exe
windows10-ltsc 2021-x64
10VirusSign....19.dll
windows10-ltsc 2021-x64
8VirusSign....50.exe
windows10-ltsc 2021-x64
10VirusSign....e1.exe
windows10-ltsc 2021-x64
8VirusSign....9b.exe
windows10-ltsc 2021-x64
10VirusSign....33.exe
windows10-ltsc 2021-x64
10VirusSign....b9.exe
windows10-ltsc 2021-x64
10VirusSign....08.exe
windows10-ltsc 2021-x64
10Analysis
-
max time kernel
116s -
max time network
173s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250128-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
10/02/2025, 04:34
Static task
static1
Behavioral task
behavioral1
Sample
VirusSign.2023.11.29/03ceea0ec59f89c49ba4357a83738d9d.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral2
Sample
VirusSign.2023.11.29/03d13a90719878d7a335bd8c5a0e4e1a.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral3
Sample
VirusSign.2023.11.29/03d2ad6a5f199b691d36e45d27801cee.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral4
Sample
VirusSign.2023.11.29/03d5f6bace8c6a0a2d14ef775d3c02d1.exe
Resource
win10ltsc2021-20250128-en
Behavioral task
behavioral5
Sample
VirusSign.2023.11.29/03ed3d089e222fe691a1ce1ad04450a2.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral6
Sample
VirusSign.2023.11.29/03f25db066e67c1882cf9aed07a1694c.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral7
Sample
VirusSign.2023.11.29/03f939a6959a4bd81c622c3a2d8b8690.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral8
Sample
VirusSign.2023.11.29/042177a10a1a4cfd26c2caef9272e0c7.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral9
Sample
VirusSign.2023.11.29/042994e2bb89b9bc57e079d144152b36.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral10
Sample
VirusSign.2023.11.29/0445405bb7106522c0b2157809e4d5f8.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral11
Sample
VirusSign.2023.11.29/045d80d0973c5d854927b589b123f733.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral12
Sample
VirusSign.2023.11.29/047c2b7237010e343732b699d4b346f5.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral13
Sample
VirusSign.2023.11.29/047c7fed39ef255fecdd70e9a870ae19.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral14
Sample
VirusSign.2023.11.29/0483b1eb3211b96e7272d3dea3753eab.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral15
Sample
VirusSign.2023.11.29/0483de1a0d30f46fbff309fc8d87275f.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral16
Sample
VirusSign.2023.11.29/0491a5abd0712b38f24778e1346c0811.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral17
Sample
VirusSign.2023.11.29/04a2bc0c567a80f57b48e246b635045c.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral18
Sample
VirusSign.2023.11.29/04b493b52f4b83a142a4979585575ea0.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral19
Sample
VirusSign.2023.11.29/04c187920db980d8db16c5acb58049ae.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral20
Sample
VirusSign.2023.11.29/04cdfdef32e604c59822bff2f7412eb2.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral21
Sample
VirusSign.2023.11.29/04d04a21b82309118775bdaff8a4d67d.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral22
Sample
VirusSign.2023.11.29/04d25950be48329252ec8b3d53535596.exe
Resource
win10ltsc2021-20250128-en
Behavioral task
behavioral23
Sample
VirusSign.2023.11.29/04f06e5d9023ab4d69946c84cdc79ee4.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral24
Sample
VirusSign.2023.11.29/04f43cc6be15c60aeb943bbe5bd3973a.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral25
Sample
VirusSign.2023.11.29/0517d55470df3590c88f39d41a416047.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral26
Sample
VirusSign.2023.11.29/053bfcaa44a2c180bee9c2547b910919.dll
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral27
Sample
VirusSign.2023.11.29/054c96f764aef24cbdccec3be12e2350.exe
Resource
win10ltsc2021-20250128-en
Behavioral task
behavioral28
Sample
VirusSign.2023.11.29/0563721a9ecf7d25f720e2069e24c7e1.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral29
Sample
VirusSign.2023.11.29/05639c84db366253210163a5c6c5f69b.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral30
Sample
VirusSign.2023.11.29/0576f4bbcb57c686dbfc66760a969b33.exe
Resource
win10ltsc2021-20250207-en
Behavioral task
behavioral31
Sample
VirusSign.2023.11.29/05777e787a0105c14320a2426794b5b9.exe
Resource
win10ltsc2021-20250207-en
General
-
Target
VirusSign.2023.11.29/04d25950be48329252ec8b3d53535596.exe
-
Size
123KB
-
MD5
04d25950be48329252ec8b3d53535596
-
SHA1
67a1354b37307912849be0b07a67049cc97a341f
-
SHA256
ad983be72d099c4e0e9c9afad9f84c1d163eb1d2e01c2b0b311335d16a368d38
-
SHA512
02aed4c430b728cad12964e4611d7eea673e2c7eae7ea9a8ea616948b4081459a308070d824ff4b5f7f52ff2669715d074c6071ee57679a3727c5f3ce2d65467
-
SSDEEP
3072:PfU/WF6QMauSuiWNi9CO+WARJrWNZIYvQd2b:AWKauSuiWNiUBRJrW7fb
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2780138426-956448432-1440988935-1000\Control Panel\International\Geo\Nation 04d25950be48329252ec8b3d53535596.exe -
Executes dropped EXE 1 IoCs
pid Process 2784 wuauclt.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Window Update = "\"C:\\ProgramData\\Update\\wuauclt.exe\" /run" 04d25950be48329252ec8b3d53535596.exe -
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 04d25950be48329252ec8b3d53535596.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wuauclt.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 5036 wrote to memory of 2784 5036 04d25950be48329252ec8b3d53535596.exe 82 PID 5036 wrote to memory of 2784 5036 04d25950be48329252ec8b3d53535596.exe 82 PID 5036 wrote to memory of 2784 5036 04d25950be48329252ec8b3d53535596.exe 82 PID 5036 wrote to memory of 1316 5036 04d25950be48329252ec8b3d53535596.exe 91 PID 5036 wrote to memory of 1316 5036 04d25950be48329252ec8b3d53535596.exe 91 PID 5036 wrote to memory of 1316 5036 04d25950be48329252ec8b3d53535596.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\VirusSign.2023.11.29\04d25950be48329252ec8b3d53535596.exe"C:\Users\Admin\AppData\Local\Temp\VirusSign.2023.11.29\04d25950be48329252ec8b3d53535596.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5036 -
C:\ProgramData\Update\wuauclt.exe"C:\ProgramData\Update\wuauclt.exe" /run2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2784
-
-
C:\windows\SysWOW64\cmd.exe"C:\windows\system32\cmd.exe" /c del /q "C:\Users\Admin\AppData\Local\Temp\VirusSign.2023.11.29\04d25950be48329252ec8b3d53535596.exe" >> NUL2⤵
- System Location Discovery: System Language Discovery
PID:1316
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
123KB
MD5fa8d9eea650bf647552557dab28174fc
SHA1e307f50bc6157a5372244325ede645817230667f
SHA256e32313efbb1eef78a70d42c41851173faef4b91442fcda980a6aec3a9cb8b365
SHA512ff6bd0f72ff26871d812416298a0f0c9deaae1b85f4a03039c6de84a2333d6acf2c90987b50c0a1a6aa73169e71c0c04ff28bc4aa396ab5ac38252a2756ea260