4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426

Analysis

max time kernel
136s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe
Size

5.7MB
MD5

7724c27125c88723d0d92c8652985a49
SHA1

4116f8c1769ef2f9776b0a04462205d0ce1298de
SHA256

4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426
SHA512

e28adc5105792c5a6b7ff24960886e339671bbb5b0066816f08d94b70b2edac610c2728f7d52ec98033172c7cd658fca777c834ee305b13dcbf9cb9d3c452907
SSDEEP

98304:b/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmBkVB:uMD+cpvJ/4H3nmghWoa/fsysMF4JD854

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions	4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3508	4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe
3508	4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe
3508	4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe
3508	4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3508	4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3508	4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe

C:\Users\Admin\AppData\Local\Temp\4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe
"C:\Users\Admin\AppData\Local\Temp\4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
652B

MD5
8b892144c0d50116e7116c107f959e90

SHA1
c20c0da1f8fa4b1cd8124993013557cfe1b842b7

SHA256
0cb8e0d0165d9f3da16f2d08411f216a6320eae3ff8639d49ea3476fb252b52f

SHA512
2cc9c7f1d9954345880bb0b1eda1941f759170b158bfd88aac4be3f4ec9d4d13b17dab6e3292ff0ce412893b0ae2ba53d57f866cd6efb4f58c873f05761650e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
3KB

MD5
9316dd972e66a3bf9731807279429e4c

SHA1
67cdd63e1d2c54eb2cdca6082d8c97cd9ab287cf

SHA256
ff7247d1d7162f3e52a54072a0944b02ce7217a78afa3def722356e305719dd2

SHA512
b08a5aa8a5368d131fc153bfebf818422a41428bae160a7626098e978509d2dcf5da64ecdce0e89eaa6ad3e7fada51992eee2c97a325ede163dd4fc3fd041c4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
7KB

MD5
87f17922d66b24bff35704556ea4a048

SHA1
41a02466a4b9ec7c6947c85beb2ccd9b3aaab1f3

SHA256
93bca4264692b11e2d72d1f93aada4b524d8dc6ef202f1f9eebee84b1a878422

SHA512
6a1c9a0cf021e0d3e6f5e60246c491cac87a2b8d0e215f03a15485502bbe6c6b651521f755edc40030978e38d18c91a6796aeb05ba094fe22e729a6e59461559

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
383B

MD5
68ae9949289b710d20737d1d861813a5

SHA1
996a29c0a3cb7d2babdd82547f40fba1517f1493

SHA256
1c211dc7e67ccbe2cb097a0fc80d8c6ec9f00ddb072e5bcfd134ed0f4a518af9

SHA512
25780b280cbb67d81ce69316090716223bd77f1f1adbb6be1b90c66d23f7bbcf09a07856932b7d454e8194a824205f56ebc7fe942d194c6a35baeac4f105153f

Download Submit