6b8f190984bfa7f8967223dfba76c65542e15b3af578f36ddec52cfd5b93fc79

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 01:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6b8f190984bfa7f8967223dfba76c65542e15b3af578f36ddec52cfd5b93fc79.exe
Size

5.7MB
MD5

9987ad672e790af1c0773b70a2113702
SHA1

fd00ab1cde3f5a120591a3c5225197739db09bb5
SHA256

6b8f190984bfa7f8967223dfba76c65542e15b3af578f36ddec52cfd5b93fc79
SHA512

b62571aef3913a959ce95b22a86b3a0606fffef668a6a46b747ee46fd98b8bede5a3422957c72ae9d5f09187778395c6fd99323973585705f1d19c40e672293b
SSDEEP

98304:+dHMC+By0AOzWeGlPCk2IabgwxXQ6lXtGscl5M1QN7pA2q7NOLhkV5idp1:+/SACkCkyhXQ6ldGsTQN7pDdkjir1

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions	6b8f190984bfa7f8967223dfba76c65542e15b3af578f36ddec52cfd5b93fc79.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2700	6b8f190984bfa7f8967223dfba76c65542e15b3af578f36ddec52cfd5b93fc79.exe
2700	6b8f190984bfa7f8967223dfba76c65542e15b3af578f36ddec52cfd5b93fc79.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2700	6b8f190984bfa7f8967223dfba76c65542e15b3af578f36ddec52cfd5b93fc79.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2700	6b8f190984bfa7f8967223dfba76c65542e15b3af578f36ddec52cfd5b93fc79.exe

C:\Users\Admin\AppData\Local\Temp\6b8f190984bfa7f8967223dfba76c65542e15b3af578f36ddec52cfd5b93fc79.exe
"C:\Users\Admin\AppData\Local\Temp\6b8f190984bfa7f8967223dfba76c65542e15b3af578f36ddec52cfd5b93fc79.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
5KB

MD5
0d62ba3018fe6f0c7ea04391fe09dd74

SHA1
1807a391ed1f8f0630409b88f66f2d43d9a97540

SHA256
de1c54e3de6c7c86a959b7e00858b0ea8da68822d4712b1cb829b30bd7616e14

SHA512
cedb59a04de38cc61a7b8cf5b6d1e57b4d488c03755be7a490c1505e6bbada7271d4ca22f2e4aecb599ccbbe36ed8e5dbf41a4b4ccb17cdd302968725da9e65e

Download Submit