4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7

Analysis

max time kernel
150s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 08:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe
Size

6.2MB
MD5

9072d9128443a508754f45933141ed39
SHA1

e7c3fe94caa4a0e38ce8d97bf5be60e9868f4cf1
SHA256

4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7
SHA512

05efdb365adc4813088b8bd2e499724e5fbc1b100c385e311cab8b852cbb0f9ea2f173042621f99211cd13a6d6934fbcee91922d064ea51e3e54bdc538605be5
SSDEEP

196608:oMD+cpvJ/4H3nmghWoa/fsysMF4JD85lSiY9pkjiA:oMFgXnU7sElG9pyX

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions	4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2164	4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2164	4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2164	4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe

C:\Users\Admin\AppData\Local\Temp\4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe
"C:\Users\Admin\AppData\Local\Temp\4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
652B

MD5
c0c857f0154bcf2e4fffcec337fae713

SHA1
7d795023ad43f83a77e508ed0e75e6c4ab6c6cbd

SHA256
804427aea91477c42f240b5fd23ce40c0b308a620eb5d68db16dac7276eaeebd

SHA512
5fef3d90162b823f3a5186ed3fb2ea5bd500cc27f6c36e6fe55dfbee94d0742edce087fb278ca3a6608308eb7df15b2065edaa6f58d64db59a0880581092432a

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
9KB

MD5
e03121050a4512cf06abc24876b4e72a

SHA1
b59dbfdc39541b49bb20e49bad13f23b6b6b5e44

SHA256
b98fd25af5e74a60c707ac6ffc4b9a412f4d5a50ad98f0539cae782596ea7497

SHA512
13f5a17f7ac9ac1b7c4a8311656586fdb57df4471cc7e86442f7dde604600c489d3edbcbd0c2f6915e0dab17ba15253a4e60cf99a1646cab79666e3fdb9296f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
252B

MD5
b0fcfc20920cdb6d5e1611daad6c9a1e

SHA1
fb09c59c2ca810f4f91a38992d6c19d7521bb95d

SHA256
86ae0ee60e30982a54b0759f9ced1a10a970dc5f65a1dd49faa42740b8c50c0f

SHA512
318446783f9bf01d6bf6efd09d6de0c34acbc4f62c7a8631f45140131ad4a6f12874146cb15570a0fa643b85122dd894b0b4d56656e993a0b8f10af8f95281bf

Download Submit