Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 18:21
Static task
static1
Behavioral task
behavioral1
Sample
609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe
Resource
win10v2004-20240426-en
General
-
Target
609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe
-
Size
5.2MB
-
MD5
32b35da4617fab5bd68b5277f13df4e6
-
SHA1
6217ba2e31ffc7b069a67e197a698bd886e049e3
-
SHA256
609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4
-
SHA512
e9220a771456c90b38d53ff962c46f93ec4548dfea76f85ce050120a10bf82a628df6af024ee094e03bd46e30d5adf215043c107164d47049ab26b20fbe9be5b
-
SSDEEP
98304:5Z97tvKCQjMxht7WjhlNNkJk9We2WGOoiImVXwOIape2uByT5Y9zejo:5Z9N36jhnaJhjOoiIULcIY9z/
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
Processes:
609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exedescription ioc process Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exepid process 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exedescription pid process Token: SeShutdownPrivilege 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe Token: SeShutdownPrivilege 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe Token: SeShutdownPrivilege 1612 609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe"C:\Users\Admin\AppData\Local\Temp\609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.logFilesize
457B
MD538114c3138a6077cdeb40127b9379646
SHA18f660973e4e34d37f3a3cd63366186b96d3b90e3
SHA2569e87771757573187751fed27f03acef5884a2efde08a52c5d25879164bbcbfd2
SHA5125f540c726ccda6c045b5add6102c1ff41e128256680321c5bb8c6fa218d4a4be441ec21d80364ec4bee3ecf03b065d624e1eaba285d2b3352a4356698c922ea7
-
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.logFilesize
4KB
MD543b813b79c3ab1e068edfc5b83195692
SHA1ef8e70b93731ce1aa00183299bf33dffaaf6444b
SHA2567e24945d8c23d18f265b92ae0f0a07aee190026626e1e777403cd39b6b243800
SHA5128c0075844b57ae477ea0b582f7dd133847876cc4352b2da7d0dd3cfb944de9a6740fe9456f29703fed87d311db401e31de859c8b9f5437363e3716fa8bf46e94