92935ccc83d3e77934fc897a3f9b332d2382241b28a8b494e85c5759e79ba7c6

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2023, 03:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

92935ccc83d3e77934fc897a3f9b332d2382241b28a8b494e85c5759e79ba7c6.exe
Size

5.7MB
MD5

4255db7f0d37ad647730c8b5f9e13405
SHA1

0055125ccacb8cd40c2559ecdc56d774da53755c
SHA256

92935ccc83d3e77934fc897a3f9b332d2382241b28a8b494e85c5759e79ba7c6
SHA512

6a02c07fbb06886000c48b43d85921822dd87f65bb9b5255e582b9c8cd5d303e79c85d0d21cac1acc1599c9bd8f014f1de76f011562a415142774216c9e1634a
SSDEEP

98304:+dHMC+By0AOzWeGlPCk2IabgwxXQ6lXtGscl5M1QN7pA2q7NOL6kV5idpv:+/SACkCkyhXQ6ldGsTQN7pDWkjirv

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions	92935ccc83d3e77934fc897a3f9b332d2382241b28a8b494e85c5759e79ba7c6.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4012	92935ccc83d3e77934fc897a3f9b332d2382241b28a8b494e85c5759e79ba7c6.exe
4012	92935ccc83d3e77934fc897a3f9b332d2382241b28a8b494e85c5759e79ba7c6.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4012	92935ccc83d3e77934fc897a3f9b332d2382241b28a8b494e85c5759e79ba7c6.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4012	92935ccc83d3e77934fc897a3f9b332d2382241b28a8b494e85c5759e79ba7c6.exe

C:\Users\Admin\AppData\Local\Temp\92935ccc83d3e77934fc897a3f9b332d2382241b28a8b494e85c5759e79ba7c6.exe
"C:\Users\Admin\AppData\Local\Temp\92935ccc83d3e77934fc897a3f9b332d2382241b28a8b494e85c5759e79ba7c6.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
1KB

MD5
b9c5651138a98f935678f9d54c36abab

SHA1
47b4861f60adaca2047aabb749352f7614b28528

SHA256
6d84c53701c7f5b2b95d017124821c589fe7cc702f2ae35e69202b17a1d48ebe

SHA512
d4d14200f2cccd101d030efa073244d73a3043a858ba20ae22a332f9b5477cc3db699930ace5c96e8dc25a65fe2e1469b2be2f3e104e8ff139343accef3ffa0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
310B

MD5
1510c4ba1f7f877d5b68ca12fe4ab958

SHA1
4ceb66934130030d0691c497acbb6c1097eb0b76

SHA256
cb6b62b5ebb68323a90f11689483f85f028cc7de6203012f46f65b2cf759ed2b

SHA512
7d2b643eb22b6b8be09eca5d6bb1f70657d8c66fec55d6a1578d6812821551eed4c00454f92e7bbbc17bad91b706aac0cdc9391375e346e87529b3ae907f0572

Download Submit