2d0164bf039295d40a4de804d169229ece316dec126a9afaac7da5282ce00d33

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/12/2023, 08:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2d0164bf039295d40a4de804d169229ece316dec126a9afaac7da5282ce00d33.exe
Size

5.7MB
MD5

95c2d0e7d9eee8e28454bc642e64d833
SHA1

a931c1ecc27a743fe8dcffdfe34d57f3f40cbd57
SHA256

2d0164bf039295d40a4de804d169229ece316dec126a9afaac7da5282ce00d33
SHA512

6df4c82d8f7da8f36d19ba37cf4091be1980578481bf13886552b131e9beb2c2be28d50328ffb7b7b0f6a5221c6bcf4e04554f570a88619350d744ed0e134582
SSDEEP

98304:+dHMC+By0AOzWeGlPCk2IabgwxXQ6lXtGscl5M1QN7pA2q7NOLAkV5idpF:+/SACkCkyhXQ6ldGsTQN7pDUkjirF

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions	2d0164bf039295d40a4de804d169229ece316dec126a9afaac7da5282ce00d33.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2172	2d0164bf039295d40a4de804d169229ece316dec126a9afaac7da5282ce00d33.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2172	2d0164bf039295d40a4de804d169229ece316dec126a9afaac7da5282ce00d33.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2172	2d0164bf039295d40a4de804d169229ece316dec126a9afaac7da5282ce00d33.exe

C:\Users\Admin\AppData\Local\Temp\2d0164bf039295d40a4de804d169229ece316dec126a9afaac7da5282ce00d33.exe
"C:\Users\Admin\AppData\Local\Temp\2d0164bf039295d40a4de804d169229ece316dec126a9afaac7da5282ce00d33.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
1KB

MD5
f780023e16054e764c1658d831a27f0c

SHA1
692a0ce178e6454b9f5987be70123695805901ad

SHA256
e4ed26f9de293a94ee1fd2d9741863058c0692e16eb391a01feb8b04093f5820

SHA512
fd7e3c1253a84225e35483ce539634e39d47be2f9d3b6af54f5fd1ba6ede6b7cc5cca0aaf902a2e46eddfef780f86786d2170ee100d849b69979d5afc5b7e6d0

Download Submit