e82965ddde3f61eb7e32b35d2566f161ab4a1e4c01db834e43795ffb1f7fce82

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 04:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e82965ddde3f61eb7e32b35d2566f161ab4a1e4c01db834e43795ffb1f7fce82.exe
Size

5.7MB
MD5

2e14caefdcd27fe15e5767a44ce59ee8
SHA1

2c9598420393e96c4dff0d4f50347902fcdad0c9
SHA256

e82965ddde3f61eb7e32b35d2566f161ab4a1e4c01db834e43795ffb1f7fce82
SHA512

e1f9570ca8ce7355d5f9b1cc4e8439ddd5571036dad1dad81ac7c488e54b9666c0b07aaaa2e3698606e811acbe69df5108cb51c284ba3092c570cb6bb228b0ec
SSDEEP

98304:2pHLE2ZzvfYXkpj+LGXpZevNpuEOZu3qOFs9f6Mby2a905tq7NJ3MY9zz0:upz+LrvbOZu3pFs1y2a9Ya8Y9zA

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions	e82965ddde3f61eb7e32b35d2566f161ab4a1e4c01db834e43795ffb1f7fce82.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1464	e82965ddde3f61eb7e32b35d2566f161ab4a1e4c01db834e43795ffb1f7fce82.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1464	e82965ddde3f61eb7e32b35d2566f161ab4a1e4c01db834e43795ffb1f7fce82.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1464	e82965ddde3f61eb7e32b35d2566f161ab4a1e4c01db834e43795ffb1f7fce82.exe

C:\Users\Admin\AppData\Local\Temp\e82965ddde3f61eb7e32b35d2566f161ab4a1e4c01db834e43795ffb1f7fce82.exe
"C:\Users\Admin\AppData\Local\Temp\e82965ddde3f61eb7e32b35d2566f161ab4a1e4c01db834e43795ffb1f7fce82.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1464-0-0x0000000000D90000-0x000000000134E000-memory.dmp

Filesize
5.7MB

Download
memory/1464-2-0x0000000000D90000-0x000000000134E000-memory.dmp

Filesize
5.7MB

Download