9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2

Analysis

max time kernel
149s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/06/2024, 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe
Size

6.2MB
MD5

25f757637d76f71010ed8b6c50c37bf8
SHA1

a56b9b107c09b04f8ed48743cc83b99de28ded5c
SHA256

9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2
SHA512

eca82616c675dbd438dceed01c2dfa6d84994a73d0f7f685381fb4f9114240445b4f067592efa8c1771f4f58b537e016a0a1718d4c101bd054f883e9a81fc635
SSDEEP

196608:oMD+cpvJ/4H3nmghWoa/fsysMF4JD85l9iY9pkjin:oMFgXnU7sElf9pyI

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions	9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2028	9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2028	9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2028	9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe

C:\Users\Admin\AppData\Local\Temp\9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe
"C:\Users\Admin\AppData\Local\Temp\9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
10KB

MD5
ff0b6bb902e4992b0923293731841254

SHA1
b1458004089dd430232aa4cf01682267ab2472b1

SHA256
dea134d93ed3b06a8e6117ba5c4c1638cbfe7f394db1b26ea6586846b5d6c797

SHA512
54fb42c924ece18b4ca306c9c1b9bde7de56bec12fb9e1db36bd0b774ab44b10e76bdf133689a201a70e0289b0c424b8c8a2e3d5a9c33aaf6d95f0c1168ee668

Download Submit