4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 08:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe
Size

6.2MB
MD5

9072d9128443a508754f45933141ed39
SHA1

e7c3fe94caa4a0e38ce8d97bf5be60e9868f4cf1
SHA256

4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7
SHA512

05efdb365adc4813088b8bd2e499724e5fbc1b100c385e311cab8b852cbb0f9ea2f173042621f99211cd13a6d6934fbcee91922d064ea51e3e54bdc538605be5
SSDEEP

196608:oMD+cpvJ/4H3nmghWoa/fsysMF4JD85lSiY9pkjiA:oMFgXnU7sElG9pyX

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions	4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3316	4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe
3316	4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3316	4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3316	4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe

C:\Users\Admin\AppData\Local\Temp\4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe
"C:\Users\Admin\AppData\Local\Temp\4240d9fc64c9fa9dd6b52a4230624717a9bfe6028a9a9c7869575d52a48bd6f7.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
652B

MD5
6fbab0033b1d5e5cb9109604b470f6ce

SHA1
5023fa9a5444e2c36fac08d14488d83f2b7bf56e

SHA256
c7d9cc9c1f2047c29464f1af5b784c2ddc79709d73bcad64dad31b356a18041e

SHA512
4121ef204172a2a80aa6ca27519bf174efb16b92ce5e9370e38d1e4d49a2d96c2d6aec58a6ee31880c1f063b27c0d097cd4876ce8e6c79afc8a7695823fa6f6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
9KB

MD5
5d37a74d67fc1f1536e2b73b223d82c3

SHA1
6f3991acb80b3d0649f440bfe8f3b41694d121b5

SHA256
bca299ca767f4dbbf52e5c0620e589f1c0c8db8319f5a62374a76f6c4a82d15c

SHA512
080f1346fb753a436dbbba2a78c3ee1a5cf6dd1ef7b4a4475e1a97a6e5d71c9645a9009ff5868fbdd24a90a8a4e0b6120e484953fdb719485c47c011990396f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
310B

MD5
c7aea13d18e1cba772933cf2da948344

SHA1
73a68fe301f238570d330fbcee98cc3bed9f1a75

SHA256
31980931dd9dd3fd30aa4f4939ae41132c972f8d857037932258f5d65feb67b9

SHA512
180e2f809ee26e01952f09d6cffb18be8057ac3e7a6b19597f0de2334ecdf4f6e6ed36f676ad52c102aece85fb4547bcdc3c6e83dc6afae87b33134c203fb1a7

Download Submit