Overview

overview

9

Static

static

3

6cd49a50f7...47.exe

windows7-x64

9

6cd49a50f7...47.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 05:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6cd49a50f765d9bf4c0ed9b3577c9715d583d47399f830bee5bb97d7ec14df47.exe

  • Size

    5.7MB

  • MD5

    06e39a7ec57c77acbc82f57e10dc274e

  • SHA1

    24fa6de43c634c9a9c7fd1ee5462ceab47fd23cd

  • SHA256

    6cd49a50f765d9bf4c0ed9b3577c9715d583d47399f830bee5bb97d7ec14df47

  • SHA512

    44cdaf3fd7fe8e886473fa431218891822cb918d13d9bdd279657a86db38a6de7501bf80ed5021a1ee833aecd114af3e47ce1d653caff10ecf99af503b11d709

  • SSDEEP

    98304:b/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmKkVW:uMD+cpvJ/4H3nmghWoa/fsysMF4JD858

Score
9/10
evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6cd49a50f765d9bf4c0ed9b3577c9715d583d47399f830bee5bb97d7ec14df47.exe
    "C:\Users\Admin\AppData\Local\Temp\6cd49a50f765d9bf4c0ed9b3577c9715d583d47399f830bee5bb97d7ec14df47.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    3KB

    MD5

    3256dbe8b4cc02fd9780adbb85a86213

    SHA1

    48f0bf2ee6684727981362f79167eb2d66bda1f5

    SHA256

    52430614716a4333da94463e0e6791629a85c06c7d434fe48198ae6f9133eae9

    SHA512

    d551e6bd6818bce1a33e734d0607ab113a0ffa021a0732ac482b96129ac8bba054df52f7615dd8012fef9857ca6951e820315f9483b2b2ed8a1fadbca83e303e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    4KB

    MD5

    094ccd66bb52c9ce0b001b6296febaf1

    SHA1

    bc467230c4addd7c9cd1fd203fdbee704ab3fc08

    SHA256

    397ec82bfef76915f14e3edab37f936bc7d49921ba0798383c63acd27eb6c56d

    SHA512

    49b079d05ed45ff67591435529e53b1b5420bc88f343446433aaa0c39d385b78c659d5584b4c510d18fdfacc0f74b2b3a021e85320868227017e2ac46f56f170

    Download Submit