Overview

overview

9

Static

static

3

b4dcc60976...43.exe

windows7-x64

9

b4dcc60976...43.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2024, 05:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b4dcc60976f9846643446140490b972686a5b088bdae8e7e60b135bddf707f43.exe

  • Size

    5.7MB

  • MD5

    79fa72bc6d00884b0904c0ea5673bb54

  • SHA1

    f4f41c87fdb6bc9286da36d281fe1b35d72ec4b8

  • SHA256

    b4dcc60976f9846643446140490b972686a5b088bdae8e7e60b135bddf707f43

  • SHA512

    3e250c8d398182e886589d61881af257a4e997d9c11a18b3e5d5926367bc5f0ac54e941265dc1f4c4a979d5c9f541d5a577b7720e11bc7033f9dea3b65e1b712

  • SSDEEP

    98304:ZOdTlErR7X+9mnGerN3ERUWNtCKfqvqSzsLM6OHsLutaE3R6b4mVZq7NKeCkV5if:OqXhGY3E9Ntjf+zsLMxHsm3R6b4mDPkw

Score
9/10
evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4dcc60976f9846643446140490b972686a5b088bdae8e7e60b135bddf707f43.exe
    "C:\Users\Admin\AppData\Local\Temp\b4dcc60976f9846643446140490b972686a5b088bdae8e7e60b135bddf707f43.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1372

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
          Filesize

          576B

          MD5

          a87d3329700183721768c2b0450e3073

          SHA1

          8644717e675e785e4e1e4510d8912200822c7ad7

          SHA256

          2c1275511ace8b029061904c3d518ccddeae0dd0362b60d8b649a88b5d338450

          SHA512

          e961f431a5ce3e5102c3bf9a37165643447fddb89ea26eed9ea436ed5c754bc01f29a4e942cf1a3ebb434038729c2cb1a98f2ae3d7b9391f248e9c866f1a594b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
          Filesize

          15KB

          MD5

          b5527a4b1fb1c37840ffcdb74ad1501e

          SHA1

          2534af6a17e033b76745873d52d29915c0c03b40

          SHA256

          87ce85ce10dd683540de7ac7a39ee7cd0e38b13f42b65570cf6255017bb47d42

          SHA512

          ba5168d27644b1b274fa9968fcb57ad85232bae29b875097afc77877b3206f7ec7e98e47b9caf3004ea53cde399157d0b7fb9bade4a4ff740555e15cfbbb2be6

          Download Submit