Overview

overview

9

Static

static

3

b96bbbb673...43.exe

windows7-x64

9

b96bbbb673...43.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    23/05/2024, 04:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b96bbbb673e57413df996e8a7f76575014bf57238d93fa401979af9cda87f943.exe

  • Size

    5.7MB

  • MD5

    0ad67c41fa429add5c4ffd25a55b5673

  • SHA1

    0d20eb34709f292f25088da85c5c3a0fc2100b8f

  • SHA256

    b96bbbb673e57413df996e8a7f76575014bf57238d93fa401979af9cda87f943

  • SHA512

    e3625118e3c0d4881084b70c40ad1b17600f4772a8200081beb5ecba632448e2aecc5f522776644581c868d902e3074d23430e677fab9d3a5e86a2851ab51df5

  • SSDEEP

    98304:b/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmKkVD:uMD+cpvJ/4H3nmghWoa/fsysMF4JD851

Score
9/10
evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b96bbbb673e57413df996e8a7f76575014bf57238d93fa401979af9cda87f943.exe
    "C:\Users\Admin\AppData\Local\Temp\b96bbbb673e57413df996e8a7f76575014bf57238d93fa401979af9cda87f943.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    652B

    MD5

    04aaaca610eee292e1031acddb1bf3b0

    SHA1

    4dfe267489a5525f8f75be52120d0fa6b5d158c2

    SHA256

    416910b7e6dfb1456161ef73b2c75a8ff199477bc66a8dbadd98df178e5c6c09

    SHA512

    603203c99e8cd2617871f9a72fdb6587efa84771e7099a935a346ad58288d65fffc4fb88d81c94a48dfaf43314bdc0fbca2f48dd527734a9e186cc4d7df682cb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    252B

    MD5

    75d6e541fb4fab149c28913524baa365

    SHA1

    53e3f96d0e7fe620b03559fafd71168083f4cb34

    SHA256

    f470d216ea6daaeb653b4879196846e91146a3961656eb32569392db1ff28ee9

    SHA512

    b2ab7b6289764190509177e79eb07cae0b69ff88bf81ed1bc4f7a3606f3db5ed9668e192a59277dac07586b239f9cb1ddfb54b80849b55d7e91c7122a9faaf88

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    4KB

    MD5

    83427dec1c6f089296f76127835bcdb7

    SHA1

    d7d83228170cc160f7eceedb535b3f41fdc83007

    SHA256

    5cd3a045f59978b726a39b196d5cb5e7999538086c0aa2db52dea144f4d5269a

    SHA512

    ab4dc794f0cf8e3f3a11bf7c56383b0b68cf8db716efd0ce46ce83e7d804d19bfda89affbc8508dadbb0998ed3230acefe169c058da017a736a28b88e38cfbd5

    Download Submit