Overview

overview

9

Static

static

3

609898a2b1...b4.exe

windows7-x64

9

609898a2b1...b4.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 18:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe

  • Size

    5.2MB

  • MD5

    32b35da4617fab5bd68b5277f13df4e6

  • SHA1

    6217ba2e31ffc7b069a67e197a698bd886e049e3

  • SHA256

    609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4

  • SHA512

    e9220a771456c90b38d53ff962c46f93ec4548dfea76f85ce050120a10bf82a628df6af024ee094e03bd46e30d5adf215043c107164d47049ab26b20fbe9be5b

  • SSDEEP

    98304:5Z97tvKCQjMxht7WjhlNNkJk9We2WGOoiImVXwOIape2uByT5Y9zejo:5Z9N36jhnaJhjOoiIULcIY9z/

Score
9/10
evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe
    "C:\Users\Admin\AppData\Local\Temp\609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1612

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    457B

    MD5

    38114c3138a6077cdeb40127b9379646

    SHA1

    8f660973e4e34d37f3a3cd63366186b96d3b90e3

    SHA256

    9e87771757573187751fed27f03acef5884a2efde08a52c5d25879164bbcbfd2

    SHA512

    5f540c726ccda6c045b5add6102c1ff41e128256680321c5bb8c6fa218d4a4be441ec21d80364ec4bee3ecf03b065d624e1eaba285d2b3352a4356698c922ea7

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    4KB

    MD5

    43b813b79c3ab1e068edfc5b83195692

    SHA1

    ef8e70b93731ce1aa00183299bf33dffaaf6444b

    SHA256

    7e24945d8c23d18f265b92ae0f0a07aee190026626e1e777403cd39b6b243800

    SHA512

    8c0075844b57ae477ea0b582f7dd133847876cc4352b2da7d0dd3cfb944de9a6740fe9456f29703fed87d311db401e31de859c8b9f5437363e3716fa8bf46e94

    Download Submit