Analysis Overview
SHA256
a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac
Threat Level: Likely malicious
The file a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac was found to be: Likely malicious.
Malicious Activity Summary
Looks for VirtualBox Guest Additions in registry
Unsigned PE
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 04:56
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 04:56
Reported
2024-06-13 04:59
Platform
win7-20240611-en
Max time kernel
150s
Max time network
126s
Command Line
Signatures
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe
"C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | config.yunjiasu.kkidc.com | udp |
| US | 8.8.8.8:53 | config.yunjiasu.kkidc.com | udp |
| US | 8.8.8.8:53 | config.yunjiasu.kkidc.com | udp |
| CN | 45.117.11.105:9501 | config.yunjiasu.kkidc.com | tcp |
| CN | 45.117.11.105:9501 | config.yunjiasu.kkidc.com | tcp |
| CN | 45.117.11.105:9501 | config.yunjiasu.kkidc.com | tcp |
| CN | 110.80.137.104:9501 | tcp | |
| CN | 110.80.137.104:9501 | tcp | |
| US | 8.8.8.8:53 | httpbin.org | udp |
| US | 3.213.1.197:80 | httpbin.org | tcp |
| CN | 27.159.66.207:34001 | tcp | |
| CN | 110.80.134.106:39070 | tcp | |
| CN | 110.42.5.82:33603 | tcp | |
| CN | 110.80.134.123:37610 | tcp | |
| US | 8.8.8.8:53 | config.yunjiasu.kkidc.com | udp |
| CN | 45.117.11.105:9501 | config.yunjiasu.kkidc.com | tcp |
| CN | 110.80.134.146:36820 | tcp | |
| CN | 125.77.158.194:11400 | tcp | |
| CN | 125.77.166.105:55091 | tcp | |
| CN | 45.248.10.79:50878 | tcp | |
| CN | 103.88.32.21:35656 | tcp | |
| CN | 103.88.32.177:55146 | tcp | |
| CN | 45.248.8.194:27223 | tcp | |
| CN | 125.77.158.194:11400 | tcp | |
| US | 8.8.8.8:53 | config.yunjiasu.kkidc.com | udp |
| CN | 45.117.11.105:9501 | config.yunjiasu.kkidc.com | tcp |
| CN | 45.117.11.205:16966 | tcp | |
| CN | 103.88.32.69:23447 | tcp | |
| CN | 103.88.32.177:55146 | tcp | |
| CN | 45.117.11.54:52730 | tcp | |
| CN | 110.80.137.104:9501 | tcp | |
| CN | 103.219.177.29:47194 | tcp | |
| CN | 110.80.134.106:39070 | tcp | |
| CN | 103.88.32.21:35656 | tcp | |
| CN | 27.159.66.207:34001 | tcp | |
| CN | 110.80.137.104:9501 | tcp | |
| CN | 125.77.166.105:55091 | tcp | |
| CN | 103.88.32.69:23447 | tcp | |
| CN | 117.24.12.219:34650 | tcp | |
| CN | 103.88.32.130:31606 | tcp | |
| CN | 110.80.134.146:36820 | tcp | |
| CN | 110.80.134.123:37610 | tcp | |
| CN | 45.117.11.205:16966 | tcp | |
| CN | 103.219.177.29:47194 | tcp | |
| CN | 45.248.10.143:14111 | tcp | |
| CN | 45.117.11.211:31710 | tcp | |
| CN | 45.117.11.54:52730 | tcp | |
| CN | 117.24.12.219:34650 | tcp | |
| CN | 110.80.137.104:9501 | tcp | |
| CN | 45.251.9.148:54274 | tcp | |
| CN | 45.248.8.194:27223 | tcp | |
| CN | 45.248.10.79:50878 | tcp | |
| CN | 45.251.9.148:54274 | tcp | |
| CN | 103.88.32.130:31606 | tcp | |
| CN | 45.117.11.211:31710 | tcp | |
| CN | 110.42.5.82:33603 | tcp | |
| CN | 45.248.10.143:14111 | tcp | |
| US | 8.8.8.8:53 | config.yunjiasu.kkidc.com | udp |
| CN | 45.117.11.105:9501 | config.yunjiasu.kkidc.com | tcp |
| CN | 27.159.66.207:34001 | tcp | |
| CN | 110.42.5.82:33603 | tcp | |
| CN | 110.80.134.106:39070 | tcp | |
| CN | 110.80.134.123:37610 | tcp | |
| CN | 110.80.137.104:9501 | tcp | |
| CN | 125.77.158.194:11400 | tcp | |
| CN | 45.248.10.79:50878 | tcp | |
| CN | 125.77.166.105:55091 | tcp | |
| CN | 110.80.134.146:36820 | tcp | |
| CN | 103.88.32.177:55146 | tcp | |
| CN | 125.77.158.194:11400 | tcp | |
| CN | 45.248.8.194:27223 | tcp | |
| CN | 103.88.32.21:35656 | tcp | |
| CN | 103.88.32.69:23447 | tcp | |
| CN | 45.117.11.54:52730 | tcp | |
| CN | 103.88.32.177:55146 | tcp | |
| CN | 45.117.11.205:16966 | tcp | |
| CN | 110.80.134.106:39070 | tcp | |
| CN | 27.159.66.207:34001 | tcp | |
| CN | 103.88.32.21:35656 | tcp | |
| CN | 103.219.177.29:47194 | tcp | |
| CN | 103.88.32.69:23447 | tcp | |
| CN | 103.88.32.130:31606 | tcp | |
| CN | 117.24.12.219:34650 | tcp | |
| CN | 125.77.166.105:55091 | tcp | |
| CN | 110.80.134.123:37610 | tcp | |
| CN | 103.219.177.29:47194 | tcp | |
| CN | 45.117.11.205:16966 | tcp | |
| CN | 110.80.134.146:36820 | tcp | |
| CN | 45.117.11.211:31710 | tcp | |
| CN | 117.24.12.219:34650 | tcp | |
| CN | 45.117.11.54:52730 | tcp | |
| CN | 45.248.10.143:14111 | tcp | |
| CN | 45.248.8.194:27223 | tcp | |
| CN | 45.251.9.148:54274 | tcp | |
| CN | 45.248.10.79:50878 | tcp | |
| CN | 45.251.9.148:54274 | tcp | |
| CN | 45.117.11.211:31710 | tcp | |
| CN | 45.248.10.143:14111 | tcp | |
| CN | 110.42.5.82:33603 | tcp | |
| CN | 103.88.32.130:31606 | tcp | |
| US | 8.8.8.8:53 | config.yunjiasu.kkidc.com | udp |
| CN | 45.117.11.105:9501 | config.yunjiasu.kkidc.com | tcp |
| CN | 110.80.137.104:9501 | tcp | |
| US | 8.8.8.8:53 | config.yunjiasu.kkidc.com | udp |
| CN | 45.117.11.105:9501 | config.yunjiasu.kkidc.com | tcp |
| CN | 110.80.137.104:9501 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
| MD5 | f073f1ad3d655236cd73d36bfde9a724 |
| SHA1 | d405284c9cfbf0fa5e3380aec977c394668cea10 |
| SHA256 | 36b5a1045294942cb619635415172a68f8a32fa560b4dc406f2d1e0e29704a97 |
| SHA512 | a1bdb927d4fb8d0ab3c4a7775dc31d7a3f0111dab2171adbac0d505954670e705f8e99e48a9cd8931ea1f67bd3f88fb16932d1dabdccad95c6175b92ce4dc795 |
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
| MD5 | 5d3d904bf4f1106ceea7390f2c34df8e |
| SHA1 | 0a04d5f98fed003ee306f4445d74ed397c68d58e |
| SHA256 | 4157cbd9fa03b0e3423492ae993a31dbb567f426d4177709055a0773840ce612 |
| SHA512 | 38bf6ef992768c6ecf2e21be6e0b485ee020314ccf7dd733d4efe69862274d809bc2f51c7d8eddf994c3121c578f43d2d783b7ada0ce830f529b3649ff248b88 |
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
| MD5 | 550837d813ba97aa9648e79edc7d1ec2 |
| SHA1 | fef039319f1a0ab29f2eb0a4db6b276fd024dc8c |
| SHA256 | 6ab51ba14e9e7ccb1c1ae35b80bf044796b46ebb5f8475d1d35f2ad0a526fa8f |
| SHA512 | 6297169fd372c5385b87f92e51b5e5d55690ff1eb29063413afaddf8af23b7c5d4916802cd8542aff2b5b90bbd0ef2577b9c60f9409cfc0c7345bd3af81bbd8b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 04:56
Reported
2024-06-13 04:58
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
148s
Command Line
Signatures
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions | C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe
"C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | config.yunjiasu.kkidc.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| CN | 110.80.137.104:9501 | tcp | |
| CN | 110.80.137.104:9501 | tcp | |
| CN | 110.80.137.104:9501 | tcp | |
| US | 8.8.8.8:53 | httpbin.org | udp |
| CN | 27.159.66.207:34001 | tcp | |
| CN | 110.80.134.106:39070 | tcp | |
| CN | 110.42.5.82:33603 | tcp | |
| CN | 110.80.134.123:37610 | tcp | |
| CN | 110.80.137.104:9501 | tcp | |
| US | 8.8.8.8:53 | config.yunjiasu.kkidc.com | udp |
| CN | 110.80.134.146:36820 | tcp | |
| CN | 125.77.158.194:11400 | tcp | |
| CN | 125.77.166.105:55091 | tcp | |
| CN | 45.248.10.79:50878 | tcp | |
| CN | 103.88.32.21:35656 | tcp | |
| CN | 103.88.32.177:55146 | tcp | |
| CN | 45.248.8.194:27223 | tcp | |
| CN | 125.77.158.194:11400 | tcp | |
| CN | 45.117.11.205:16966 | tcp | |
| CN | 103.88.32.69:23447 | tcp | |
| CN | 103.88.32.177:55146 | tcp | |
| CN | 45.117.11.54:52730 | tcp | |
| CN | 103.219.177.29:47194 | tcp | |
| CN | 110.80.134.106:39070 | tcp | |
| CN | 103.88.32.21:35656 | tcp | |
| CN | 27.159.66.207:34001 | tcp | |
| CN | 110.80.137.104:9501 | tcp | |
| CN | 125.77.166.105:55091 | tcp | |
| CN | 103.88.32.69:23447 | tcp | |
| CN | 117.24.12.219:34650 | tcp | |
| CN | 103.88.32.130:31606 | tcp | |
| CN | 110.80.134.146:36820 | tcp | |
| CN | 110.80.134.123:37610 | tcp | |
| CN | 45.117.11.205:16966 | tcp | |
| CN | 103.219.177.29:47194 | tcp | |
| CN | 45.248.10.143:14111 | tcp | |
| CN | 45.117.11.211:31710 | tcp | |
| CN | 45.117.11.54:52730 | tcp | |
| CN | 117.24.12.219:34650 | tcp | |
| CN | 110.80.137.104:9501 | tcp | |
| CN | 45.251.9.148:54274 | tcp | |
| CN | 45.248.8.194:27223 | tcp | |
| CN | 45.248.10.79:50878 | tcp | |
| CN | 45.251.9.148:54274 | tcp | |
| CN | 103.88.32.130:31606 | tcp | |
| CN | 45.117.11.211:31710 | tcp | |
| CN | 110.42.5.82:33603 | tcp | |
| CN | 45.248.10.143:14111 | tcp | |
| CN | 27.159.66.207:34001 | tcp | |
| CN | 110.42.5.82:33603 | tcp | |
| CN | 110.80.134.106:39070 | tcp | |
| CN | 110.80.134.123:37610 | tcp | |
| US | 8.8.8.8:53 | config.yunjiasu.kkidc.com | udp |
| CN | 110.80.137.104:9501 | tcp | |
| CN | 125.77.158.194:11400 | tcp | |
| CN | 45.248.10.79:50878 | tcp | |
| CN | 125.77.166.105:55091 | tcp | |
| CN | 110.80.134.146:36820 | tcp | |
| CN | 103.88.32.177:55146 | tcp | |
| CN | 125.77.158.194:11400 | tcp | |
| CN | 45.248.8.194:27223 | tcp | |
| CN | 103.88.32.21:35656 | tcp | |
| CN | 103.88.32.69:23447 | tcp | |
| CN | 45.117.11.54:52730 | tcp | |
| CN | 103.88.32.177:55146 | tcp | |
| CN | 45.117.11.205:16966 | tcp | |
| CN | 110.80.134.106:39070 | tcp | |
| CN | 27.159.66.207:34001 | tcp | |
| CN | 103.88.32.21:35656 | tcp | |
| CN | 103.219.177.29:47194 | tcp | |
| CN | 103.88.32.69:23447 | tcp | |
| CN | 103.88.32.130:31606 | tcp | |
| CN | 117.24.12.219:34650 | tcp | |
| CN | 125.77.166.105:55091 | tcp | |
| CN | 110.80.134.123:37610 | tcp | |
| CN | 103.219.177.29:47194 | tcp | |
| CN | 45.117.11.205:16966 | tcp | |
| CN | 110.80.134.146:36820 | tcp | |
| CN | 45.117.11.211:31710 | tcp | |
| CN | 117.24.12.219:34650 | tcp | |
| CN | 45.117.11.54:52730 | tcp | |
| CN | 45.248.10.143:14111 | tcp | |
| CN | 45.248.8.194:27223 | tcp | |
| CN | 45.251.9.148:54274 | tcp | |
| CN | 45.248.10.79:50878 | tcp | |
| CN | 45.251.9.148:54274 | tcp | |
| CN | 45.117.11.211:31710 | tcp | |
| CN | 45.248.10.143:14111 | tcp | |
| CN | 110.42.5.82:33603 | tcp | |
| CN | 103.88.32.130:31606 | tcp | |
| US | 8.8.8.8:53 | config.yunjiasu.kkidc.com | udp |
| CN | 110.80.137.104:9501 | tcp | |
| US | 8.8.8.8:53 | config.yunjiasu.kkidc.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
| MD5 | 9052e0012e33868e461d5e884e7018ac |
| SHA1 | 95399aa002b0fc94612cb47cba24f911cc4e2f82 |
| SHA256 | fec95d383fac6243f4a6b90cb91d4ca201f0001c0eec477762aec4befa4273b8 |
| SHA512 | 6d85af4c9eed5ef6ef02bb56677c28e0cbe5c65e12f0f9fc20358c4450fe6a4d465b5f1187dca5dc6996fd382adcef5a2321d75cab0491975c96669b6eae4f57 |
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
| MD5 | 8e148273ca357b29499e4347d41fc1a9 |
| SHA1 | 301883e0b47da99184839f4c10a768cbafe3d363 |
| SHA256 | 5d2d1f912f296e0ede6d25d7d3dbac125697cc4a2e583c1d96b405d26ee30433 |
| SHA512 | 15d06baa3e6fa0e6f7873a137dde45a3514ab51864d9641caed891f6234e91c05d43ee70df956354315766178cae5e89e67d5dc11af10840302ec2ce7e1cd4d1 |
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
| MD5 | afad4a02f52b4dafd1595d5cf91ad0ca |
| SHA1 | 51bbfee7649f6a2709d6e00665c4a596e76e58ec |
| SHA256 | b22ad423a0bdbb174d793e7358fc9eeb54f4e5914f87c5869f5f40ac048db420 |
| SHA512 | 7af4700cbf6bc4e6ad0182e0eaee20cf542c0bc8385e88b9cab705767f7e80683df86d9dd1920bcfc71e3e2fdc31b7ae172f049525b846a58f39753dc836fc9c |