Overview

overview

9

Static

static

3

41828e1d26...75.exe

windows7-x64

9

41828e1d26...75.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2024, 02:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41828e1d26d4ff372ae7fc545c9ad3a3cb7e80c9bed419cca88900beba4f4075.exe

  • Size

    9.4MB

  • MD5

    0034f3cffa012d7c0628afa72f20e4c3

  • SHA1

    d7ca08cdb7e04953a6e591946837cd6e5d30a9be

  • SHA256

    41828e1d26d4ff372ae7fc545c9ad3a3cb7e80c9bed419cca88900beba4f4075

  • SHA512

    c868969481c23daa2bfc1a62c8679dd8cce7e2fd829b7a1cc6bb9abd9d612346ceeb3585b28ca03bd08107736411893b144ef9988d089b616b7fff21f759028a

  • SSDEEP

    196608:8MD+cpvJ/4H3nmghWoa/fsysMF4JD85lckjiZhywel+3IRDE2IDAlnBc:8MFgXnU7sElcy6BeE2DwAlBc

Score
9/10
evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41828e1d26d4ff372ae7fc545c9ad3a3cb7e80c9bed419cca88900beba4f4075.exe
    "C:\Users\Admin\AppData\Local\Temp\41828e1d26d4ff372ae7fc545c9ad3a3cb7e80c9bed419cca88900beba4f4075.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    652B

    MD5

    218ab8e706a279a857b41ee3860eff90

    SHA1

    a19c0acc12d6e4aba95043aa372b9df0c6e2b1cd

    SHA256

    d67e8d1488bbb3b0cad2a17e6e5c26ca3ea555db18dc123b116e407acbcb177e

    SHA512

    a4d653ca811295d417a27830b2bb5306d45de468c32b017ac6a88d8f0c4f79b4cd650c6f51354e158de2fd31d2230b1321f5da57c3bc83cc9f30fee9b31d7963

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    8KB

    MD5

    397756b186405de0ffc1283d3b0d94aa

    SHA1

    665759329ad40a940d84689816409c485cb402da

    SHA256

    fa4dc13344cec894a0c9955a57932a9adaefc132d56ad0e13a1913c616731562

    SHA512

    a368b15e5f4ef26a1e92db730cb3286aed97ef8ab7ad23ba3332df33634ebeba38d69468e59bce9789d72900b4ce5511ec7da40062d039b6f5c3d61cb7821b64

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    252B

    MD5

    fd88a57878b8210012a7f984d9905abf

    SHA1

    cd59c5f7d4d41c047a0a5dee2112aee521b42948

    SHA256

    5c5919d23fe9b42f15a84aa3bf654d4bb31a804c9021e7b0d47c37b97575b9dc

    SHA512

    1c041af8e11a2a131d3d407a68695cd689218e5458bbb2a8ec28201f718d4499c21b6a3324166643fad4eba5feae1d76aba2e06d669a17016d2d1d7137b49fe7

    Download Submit