a70e42a46051c19986339a6b0fd70cb1814a0980c4df1cae752f325ca06810b1

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 14:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a70e42a46051c19986339a6b0fd70cb1814a0980c4df1cae752f325ca06810b1.exe
Size

5.7MB
MD5

dcea650804c5d1d4b96de2d8bb6ba066
SHA1

8dd2d7cf628d30a609a2cf3b3598d22263259b31
SHA256

a70e42a46051c19986339a6b0fd70cb1814a0980c4df1cae752f325ca06810b1
SHA512

dd6df92ad9121ec8b5ae05b65a1665a385272c0eee37fe9fa0bcfe07cb032eae003b665f4d7e3d44db6b1df5375976a430d80ca13eb2987d0367d60b0bb81516
SSDEEP

98304:edHMC+By0AOzWeGlPCk2IabgwxXQ6lXtGscl5M1QN7pA2q7NOLKkV5ixpP:e/SACkCkyhXQ6ldGsTQN7pD+kjinP

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions	a70e42a46051c19986339a6b0fd70cb1814a0980c4df1cae752f325ca06810b1.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1212	a70e42a46051c19986339a6b0fd70cb1814a0980c4df1cae752f325ca06810b1.exe
1212	a70e42a46051c19986339a6b0fd70cb1814a0980c4df1cae752f325ca06810b1.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1212	a70e42a46051c19986339a6b0fd70cb1814a0980c4df1cae752f325ca06810b1.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1212	a70e42a46051c19986339a6b0fd70cb1814a0980c4df1cae752f325ca06810b1.exe

C:\Users\Admin\AppData\Local\Temp\a70e42a46051c19986339a6b0fd70cb1814a0980c4df1cae752f325ca06810b1.exe
"C:\Users\Admin\AppData\Local\Temp\a70e42a46051c19986339a6b0fd70cb1814a0980c4df1cae752f325ca06810b1.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
5KB

MD5
488ce536db22d9b5349d05691bb79ba7

SHA1
89e5de95900ebac849778701bd560ee2dd1c37da

SHA256
74d12865da519bffa7c9121fc666e1d67d91d7751db713da6d0c9322de4e5d5a

SHA512
a6b584bf63465bd84d8d3784fd5e983aa249e9d2d8eaf5315b90a97dfb692b33d9978f35f5f2ae36cae3591865adbf3ce3683468c6f0008a5e3b6da776d82a09

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
5KB

MD5
488ce536db22d9b5349d05691bb79ba7

SHA1
89e5de95900ebac849778701bd560ee2dd1c37da

SHA256
74d12865da519bffa7c9121fc666e1d67d91d7751db713da6d0c9322de4e5d5a

SHA512
a6b584bf63465bd84d8d3784fd5e983aa249e9d2d8eaf5315b90a97dfb692b33d9978f35f5f2ae36cae3591865adbf3ce3683468c6f0008a5e3b6da776d82a09

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
310B

MD5
7cd2d3bbba6a14d6075c67f802d855db

SHA1
feb5c901641cba9eedb8d88ec8ca36f0bf204769

SHA256
b7b70e163c73412156dfd51293dcb67b8943986b9879f474f1fc32f904f68d84

SHA512
751184d2552744048c1663cde6578896ae3a05c1a838edd43f32a099792fad68f802d7851efc9c93863600b11a6ade2d3ba8067efccc6fb4dd0a4fb29f6ea26e

Download Submit