4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe
Size

5.7MB
MD5

7724c27125c88723d0d92c8652985a49
SHA1

4116f8c1769ef2f9776b0a04462205d0ce1298de
SHA256

4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426
SHA512

e28adc5105792c5a6b7ff24960886e339671bbb5b0066816f08d94b70b2edac610c2728f7d52ec98033172c7cd658fca777c834ee305b13dcbf9cb9d3c452907
SSDEEP

98304:b/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmBkVB:uMD+cpvJ/4H3nmghWoa/fsysMF4JD854

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions	4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1720	4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe
1720	4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1720	4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1720	4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe

C:\Users\Admin\AppData\Local\Temp\4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe
"C:\Users\Admin\AppData\Local\Temp\4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
652B

MD5
b8231d07e65d3613b9b796e6fcc485dd

SHA1
02c12ddc8efc4867e03b248f305760b6b5f68ff7

SHA256
5f63b20fbbbf83f2c8ca6f8583af9a5312b8c4a3fc814350ad007c47a2bc7532

SHA512
e2ebdb81214e8477c810011bf848eb819d4bb4dd6090a7e9a3ca2d975b40dde9199825c6447b89db935c0924695d17057c32f6971256936a372b3b3d771032df

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
7KB

MD5
32d1e295e5ec8c6f9f59254aa3d6f198

SHA1
36d1f653bdbd90308c39ac3d2db0c30544e3b38c

SHA256
49b261f08958df8f15d084a54a8bc2b533e60d27b1b7a61805e7d3dc1669c70c

SHA512
8d4c74d9f4429a54fb13b1e37c64660fb87d9ebe8cf78e16bb101a4a516b8714466b931f71166838d78b68954a151a013f74a24e7a5bb2cf80869fad32527c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
252B

MD5
874fed2aec46a0002fd0c8afb3f1592b

SHA1
47a0d86c8c8e4bba771238e06d8c2205343117d9

SHA256
72a03e48e5fd4c34fc427e2b9ae4aac5f309c7c487e863fe7479dfe47e725dd2

SHA512
69f07ead5f8e973d673d4bc312920442c245123d4e1e349718f3046804bcf10edcada0ae8b3b93bd8525c130b319c1a0d5069f54566c042d425cac59a2818fb7

Download Submit