609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe
Size

5.2MB
MD5

32b35da4617fab5bd68b5277f13df4e6
SHA1

6217ba2e31ffc7b069a67e197a698bd886e049e3
SHA256

609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4
SHA512

e9220a771456c90b38d53ff962c46f93ec4548dfea76f85ce050120a10bf82a628df6af024ee094e03bd46e30d5adf215043c107164d47049ab26b20fbe9be5b
SSDEEP

98304:5Z97tvKCQjMxht7WjhlNNkJk9We2WGOoiImVXwOIape2uByT5Y9zejo:5Z9N36jhnaJhjOoiIULcIY9z/

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions	609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe

pid	process
3520	609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe
3520	609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe
3520	609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe
3520	609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe
3520	609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe
3520	609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe

C:\Users\Admin\AppData\Local\Temp\609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe
"C:\Users\Admin\AppData\Local\Temp\609898a2b146993c3d27abdd9e02758e40144a9519a8b8cdbc27c4acac4f22b4.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
PID:3520

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
Filesize
457B

MD5
c03c75fdbd82b91cef6e0a08031b5881

SHA1
c28bb1ba2cc9ecd8d637582ced31fd9ab6fe7f9c

SHA256
3e3b18db7d56e61735448c911e43493814c904d221944273dbb87bd0f294d668

SHA512
4fbd26ca84a1f38a2346f49daa064df55bd8ab0f9cd107615b2a8c201fdfb902f4a88352ce437bb2a1feab2b22e7adb5669c11fec40885f748722a1b89c44a37

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
Filesize
4KB

MD5
8e61741a0d6e28909692ce05dc145244

SHA1
64af386546f26a5858cdb10333578998d707b9f6

SHA256
d987265161b73fc067e391047ae83f0e79dde98eb4d4801375af4bd904eee340

SHA512
255060a21a9825a5862dfb5635c2fd98bed550399353769ee619c26ed176dbd9e38d60d3adef4021a789686bcccd44352cd9754363924f17b669928eaa5f5aa9

Download Submit