Analysis
-
max time kernel
136s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 08:22
Static task
static1
Behavioral task
behavioral1
Sample
4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe
Resource
win10v2004-20240508-en
General
-
Target
4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe
-
Size
5.7MB
-
MD5
7724c27125c88723d0d92c8652985a49
-
SHA1
4116f8c1769ef2f9776b0a04462205d0ce1298de
-
SHA256
4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426
-
SHA512
e28adc5105792c5a6b7ff24960886e339671bbb5b0066816f08d94b70b2edac610c2728f7d52ec98033172c7cd658fca777c834ee305b13dcbf9cb9d3c452907
-
SSDEEP
98304:b/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmBkVB:uMD+cpvJ/4H3nmghWoa/fsysMF4JD854
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions 4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 3508 4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe 3508 4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe 3508 4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe 3508 4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3508 4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 3508 4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe"C:\Users\Admin\AppData\Local\Temp\4f9dfd37f96b1e3b32c4be0edd8b9a8bd59fedf529fe93bde5c4494199c7e426.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3508
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
652B
MD58b892144c0d50116e7116c107f959e90
SHA1c20c0da1f8fa4b1cd8124993013557cfe1b842b7
SHA2560cb8e0d0165d9f3da16f2d08411f216a6320eae3ff8639d49ea3476fb252b52f
SHA5122cc9c7f1d9954345880bb0b1eda1941f759170b158bfd88aac4be3f4ec9d4d13b17dab6e3292ff0ce412893b0ae2ba53d57f866cd6efb4f58c873f05761650e8
-
Filesize
3KB
MD59316dd972e66a3bf9731807279429e4c
SHA167cdd63e1d2c54eb2cdca6082d8c97cd9ab287cf
SHA256ff7247d1d7162f3e52a54072a0944b02ce7217a78afa3def722356e305719dd2
SHA512b08a5aa8a5368d131fc153bfebf818422a41428bae160a7626098e978509d2dcf5da64ecdce0e89eaa6ad3e7fada51992eee2c97a325ede163dd4fc3fd041c4a
-
Filesize
7KB
MD587f17922d66b24bff35704556ea4a048
SHA141a02466a4b9ec7c6947c85beb2ccd9b3aaab1f3
SHA25693bca4264692b11e2d72d1f93aada4b524d8dc6ef202f1f9eebee84b1a878422
SHA5126a1c9a0cf021e0d3e6f5e60246c491cac87a2b8d0e215f03a15485502bbe6c6b651521f755edc40030978e38d18c91a6796aeb05ba094fe22e729a6e59461559
-
Filesize
383B
MD568ae9949289b710d20737d1d861813a5
SHA1996a29c0a3cb7d2babdd82547f40fba1517f1493
SHA2561c211dc7e67ccbe2cb097a0fc80d8c6ec9f00ddb072e5bcfd134ed0f4a518af9
SHA51225780b280cbb67d81ce69316090716223bd77f1f1adbb6be1b90c66d23f7bbcf09a07856932b7d454e8194a824205f56ebc7fe942d194c6a35baeac4f105153f