9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2024 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe
Size

6.2MB
MD5

25f757637d76f71010ed8b6c50c37bf8
SHA1

a56b9b107c09b04f8ed48743cc83b99de28ded5c
SHA256

9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2
SHA512

eca82616c675dbd438dceed01c2dfa6d84994a73d0f7f685381fb4f9114240445b4f067592efa8c1771f4f58b537e016a0a1718d4c101bd054f883e9a81fc635
SSDEEP

196608:oMD+cpvJ/4H3nmghWoa/fsysMF4JD85l9iY9pkjin:oMFgXnU7sElf9pyI

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions	9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4732	9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe
4732	9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4732	9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4732	9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe

C:\Users\Admin\AppData\Local\Temp\9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe
"C:\Users\Admin\AppData\Local\Temp\9036c196f68fb4aca1eeeac165329c23265ef38ab02d3d453ce60d9fff2cf8a2.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4084,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=3444 /prefetch:8
1⤵
PID:4400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
652B

MD5
a7e9c07f458f213798f587ce7062edc5

SHA1
5e58bf03bd82638fd3332e98339d493244b69ef4

SHA256
50d942c8ff5b06d6455151f136142d5f99e3a0f25f757dc76e9e2ca309ca84ed

SHA512
3159f120164f2829a4cd05b6b0e449c2f56cdb44aa06a03d8087e1edd24ae343955c4258b63cd5292f31916c96ae8d9a3a8246d0d5934b5036ed8bc1fbbee135

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
9KB

MD5
52c6a17df6f6deeace99bf94322308dd

SHA1
bb01e5c6fb52f2849145bbb3cd0d1f340be2b866

SHA256
3f5c9395c588e2578dccce2c540c615b448c5a94b491dfbcfd3d26d66e877e73

SHA512
4adfca917766ad918b7da1ed8648fd4e34b6a3cf3bc388dc8d65468608f38123aae2c920607b3aa87138d6fce74f46bfc83db6f1bb417b4392fb43e6031f077d

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
310B

MD5
5be78e220dac78b014cafdbf139cd02a

SHA1
34be7fec241f2ff45e09406c836670dc16d59fd3

SHA256
44b14df662f6bb9466ca9f89e946da797d51495b72e962336ef91f5a896d38d2

SHA512
e7de32db973e9530b5187288655f62edfcf5f2a1826c7ba18799111b4028c0114af4d5aa2c7928f9d99ea361412ce45e28796c3f520a23698ae12c1785e65577

Download Submit