5d5a6ce5d5cf16a2f0229661c498d77aaa5894c4cd0ae7689251f7f8f7dfa259

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 12:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d5a6ce5d5cf16a2f0229661c498d77aaa5894c4cd0ae7689251f7f8f7dfa259.exe
Size

5.7MB
MD5

afe8253f6429d633bfa47d2f6ae08a48
SHA1

e885c7af46ea763289b2bb689a5fc6b43bf7655e
SHA256

5d5a6ce5d5cf16a2f0229661c498d77aaa5894c4cd0ae7689251f7f8f7dfa259
SHA512

f325bb1611d70c5a7e4ac32e8a2930884706b18d3cdfbdda77b521756a71d663413e944f0a40120bea4e9ee131f73d83c2737e78e4ae66b82efc8b2c19536e09
SSDEEP

98304:b/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmqkV5:uMD+cpvJ/4H3nmghWoa/fsysMF4JD85/

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions	5d5a6ce5d5cf16a2f0229661c498d77aaa5894c4cd0ae7689251f7f8f7dfa259.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2368	5d5a6ce5d5cf16a2f0229661c498d77aaa5894c4cd0ae7689251f7f8f7dfa259.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2368	5d5a6ce5d5cf16a2f0229661c498d77aaa5894c4cd0ae7689251f7f8f7dfa259.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2368	5d5a6ce5d5cf16a2f0229661c498d77aaa5894c4cd0ae7689251f7f8f7dfa259.exe

C:\Users\Admin\AppData\Local\Temp\5d5a6ce5d5cf16a2f0229661c498d77aaa5894c4cd0ae7689251f7f8f7dfa259.exe
"C:\Users\Admin\AppData\Local\Temp\5d5a6ce5d5cf16a2f0229661c498d77aaa5894c4cd0ae7689251f7f8f7dfa259.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
652B

MD5
3822a70159be300b8c6a4197fc209765

SHA1
5fe38971f588b2e88efdc2d3bfde66b3b82d9783

SHA256
379dce11d07cc27a07ae8b19803f11ed023f4ca620af09e4b6110f10f5bcce5a

SHA512
3e8542fb81f1b0dcdc1f6c6c22c8aa0e559300aef8c62651f661bb50d9b5c6b19f3a4a331f601f753795b744a28b98e0bfcfe52dd9e7bb22a19cddf24b3d88a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
252B

MD5
f0e4c16f735c2867faa6b7467a87dfb4

SHA1
f05e87ea669462b9cf03631a5e2b12c1584e7cc1

SHA256
067d75e2f8a883b79ae1724c4f17954c646adf773c9c68c10b867ab823eae5a1

SHA512
00c35be0d0a19216aae0d7ac35263eef37192a78631603bc505f9ce18286339777aaf4ae9539547bc6c9a4824353b6ab07a7ee7848b9394080996e662f9c3b24

Download Submit