Malware Analysis Report

2025-01-06 07:35

Sample ID 240613-fkvlvsydnm
Target a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac
SHA256 a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac
Tags
evasion
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac

Threat Level: Likely malicious

The file a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac was found to be: Likely malicious.

Malicious Activity Summary

evasion

Looks for VirtualBox Guest Additions in registry

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:56

Reported

2024-06-13 04:59

Platform

win7-20240611-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe"

Signatures

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe

"C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 45.117.11.105:9501 config.yunjiasu.kkidc.com tcp
CN 45.117.11.105:9501 config.yunjiasu.kkidc.com tcp
CN 45.117.11.105:9501 config.yunjiasu.kkidc.com tcp
CN 110.80.137.104:9501 tcp
CN 110.80.137.104:9501 tcp
US 8.8.8.8:53 httpbin.org udp
US 3.213.1.197:80 httpbin.org tcp
CN 27.159.66.207:34001 tcp
CN 110.80.134.106:39070 tcp
CN 110.42.5.82:33603 tcp
CN 110.80.134.123:37610 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 45.117.11.105:9501 config.yunjiasu.kkidc.com tcp
CN 110.80.134.146:36820 tcp
CN 125.77.158.194:11400 tcp
CN 125.77.166.105:55091 tcp
CN 45.248.10.79:50878 tcp
CN 103.88.32.21:35656 tcp
CN 103.88.32.177:55146 tcp
CN 45.248.8.194:27223 tcp
CN 125.77.158.194:11400 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 45.117.11.105:9501 config.yunjiasu.kkidc.com tcp
CN 45.117.11.205:16966 tcp
CN 103.88.32.69:23447 tcp
CN 103.88.32.177:55146 tcp
CN 45.117.11.54:52730 tcp
CN 110.80.137.104:9501 tcp
CN 103.219.177.29:47194 tcp
CN 110.80.134.106:39070 tcp
CN 103.88.32.21:35656 tcp
CN 27.159.66.207:34001 tcp
CN 110.80.137.104:9501 tcp
CN 125.77.166.105:55091 tcp
CN 103.88.32.69:23447 tcp
CN 117.24.12.219:34650 tcp
CN 103.88.32.130:31606 tcp
CN 110.80.134.146:36820 tcp
CN 110.80.134.123:37610 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.29:47194 tcp
CN 45.248.10.143:14111 tcp
CN 45.117.11.211:31710 tcp
CN 45.117.11.54:52730 tcp
CN 117.24.12.219:34650 tcp
CN 110.80.137.104:9501 tcp
CN 45.251.9.148:54274 tcp
CN 45.248.8.194:27223 tcp
CN 45.248.10.79:50878 tcp
CN 45.251.9.148:54274 tcp
CN 103.88.32.130:31606 tcp
CN 45.117.11.211:31710 tcp
CN 110.42.5.82:33603 tcp
CN 45.248.10.143:14111 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 45.117.11.105:9501 config.yunjiasu.kkidc.com tcp
CN 27.159.66.207:34001 tcp
CN 110.42.5.82:33603 tcp
CN 110.80.134.106:39070 tcp
CN 110.80.134.123:37610 tcp
CN 110.80.137.104:9501 tcp
CN 125.77.158.194:11400 tcp
CN 45.248.10.79:50878 tcp
CN 125.77.166.105:55091 tcp
CN 110.80.134.146:36820 tcp
CN 103.88.32.177:55146 tcp
CN 125.77.158.194:11400 tcp
CN 45.248.8.194:27223 tcp
CN 103.88.32.21:35656 tcp
CN 103.88.32.69:23447 tcp
CN 45.117.11.54:52730 tcp
CN 103.88.32.177:55146 tcp
CN 45.117.11.205:16966 tcp
CN 110.80.134.106:39070 tcp
CN 27.159.66.207:34001 tcp
CN 103.88.32.21:35656 tcp
CN 103.219.177.29:47194 tcp
CN 103.88.32.69:23447 tcp
CN 103.88.32.130:31606 tcp
CN 117.24.12.219:34650 tcp
CN 125.77.166.105:55091 tcp
CN 110.80.134.123:37610 tcp
CN 103.219.177.29:47194 tcp
CN 45.117.11.205:16966 tcp
CN 110.80.134.146:36820 tcp
CN 45.117.11.211:31710 tcp
CN 117.24.12.219:34650 tcp
CN 45.117.11.54:52730 tcp
CN 45.248.10.143:14111 tcp
CN 45.248.8.194:27223 tcp
CN 45.251.9.148:54274 tcp
CN 45.248.10.79:50878 tcp
CN 45.251.9.148:54274 tcp
CN 45.117.11.211:31710 tcp
CN 45.248.10.143:14111 tcp
CN 110.42.5.82:33603 tcp
CN 103.88.32.130:31606 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 45.117.11.105:9501 config.yunjiasu.kkidc.com tcp
CN 110.80.137.104:9501 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 45.117.11.105:9501 config.yunjiasu.kkidc.com tcp
CN 110.80.137.104:9501 tcp

Files

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

MD5 f073f1ad3d655236cd73d36bfde9a724
SHA1 d405284c9cfbf0fa5e3380aec977c394668cea10
SHA256 36b5a1045294942cb619635415172a68f8a32fa560b4dc406f2d1e0e29704a97
SHA512 a1bdb927d4fb8d0ab3c4a7775dc31d7a3f0111dab2171adbac0d505954670e705f8e99e48a9cd8931ea1f67bd3f88fb16932d1dabdccad95c6175b92ce4dc795

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

MD5 5d3d904bf4f1106ceea7390f2c34df8e
SHA1 0a04d5f98fed003ee306f4445d74ed397c68d58e
SHA256 4157cbd9fa03b0e3423492ae993a31dbb567f426d4177709055a0773840ce612
SHA512 38bf6ef992768c6ecf2e21be6e0b485ee020314ccf7dd733d4efe69862274d809bc2f51c7d8eddf994c3121c578f43d2d783b7ada0ce830f529b3649ff248b88

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

MD5 550837d813ba97aa9648e79edc7d1ec2
SHA1 fef039319f1a0ab29f2eb0a4db6b276fd024dc8c
SHA256 6ab51ba14e9e7ccb1c1ae35b80bf044796b46ebb5f8475d1d35f2ad0a526fa8f
SHA512 6297169fd372c5385b87f92e51b5e5d55690ff1eb29063413afaddf8af23b7c5d4916802cd8542aff2b5b90bbd0ef2577b9c60f9409cfc0c7345bd3af81bbd8b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:56

Reported

2024-06-13 04:58

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe"

Signatures

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe

"C:\Users\Admin\AppData\Local\Temp\a65954dcfa451b8cbdcb9a7bda29822b4f100a7de7af078f68fb1caa1376b7ac.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
CN 110.80.137.104:9501 tcp
CN 110.80.137.104:9501 tcp
CN 110.80.137.104:9501 tcp
US 8.8.8.8:53 httpbin.org udp
CN 27.159.66.207:34001 tcp
CN 110.80.134.106:39070 tcp
CN 110.42.5.82:33603 tcp
CN 110.80.134.123:37610 tcp
CN 110.80.137.104:9501 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 110.80.134.146:36820 tcp
CN 125.77.158.194:11400 tcp
CN 125.77.166.105:55091 tcp
CN 45.248.10.79:50878 tcp
CN 103.88.32.21:35656 tcp
CN 103.88.32.177:55146 tcp
CN 45.248.8.194:27223 tcp
CN 125.77.158.194:11400 tcp
CN 45.117.11.205:16966 tcp
CN 103.88.32.69:23447 tcp
CN 103.88.32.177:55146 tcp
CN 45.117.11.54:52730 tcp
CN 103.219.177.29:47194 tcp
CN 110.80.134.106:39070 tcp
CN 103.88.32.21:35656 tcp
CN 27.159.66.207:34001 tcp
CN 110.80.137.104:9501 tcp
CN 125.77.166.105:55091 tcp
CN 103.88.32.69:23447 tcp
CN 117.24.12.219:34650 tcp
CN 103.88.32.130:31606 tcp
CN 110.80.134.146:36820 tcp
CN 110.80.134.123:37610 tcp
CN 45.117.11.205:16966 tcp
CN 103.219.177.29:47194 tcp
CN 45.248.10.143:14111 tcp
CN 45.117.11.211:31710 tcp
CN 45.117.11.54:52730 tcp
CN 117.24.12.219:34650 tcp
CN 110.80.137.104:9501 tcp
CN 45.251.9.148:54274 tcp
CN 45.248.8.194:27223 tcp
CN 45.248.10.79:50878 tcp
CN 45.251.9.148:54274 tcp
CN 103.88.32.130:31606 tcp
CN 45.117.11.211:31710 tcp
CN 110.42.5.82:33603 tcp
CN 45.248.10.143:14111 tcp
CN 27.159.66.207:34001 tcp
CN 110.42.5.82:33603 tcp
CN 110.80.134.106:39070 tcp
CN 110.80.134.123:37610 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 110.80.137.104:9501 tcp
CN 125.77.158.194:11400 tcp
CN 45.248.10.79:50878 tcp
CN 125.77.166.105:55091 tcp
CN 110.80.134.146:36820 tcp
CN 103.88.32.177:55146 tcp
CN 125.77.158.194:11400 tcp
CN 45.248.8.194:27223 tcp
CN 103.88.32.21:35656 tcp
CN 103.88.32.69:23447 tcp
CN 45.117.11.54:52730 tcp
CN 103.88.32.177:55146 tcp
CN 45.117.11.205:16966 tcp
CN 110.80.134.106:39070 tcp
CN 27.159.66.207:34001 tcp
CN 103.88.32.21:35656 tcp
CN 103.219.177.29:47194 tcp
CN 103.88.32.69:23447 tcp
CN 103.88.32.130:31606 tcp
CN 117.24.12.219:34650 tcp
CN 125.77.166.105:55091 tcp
CN 110.80.134.123:37610 tcp
CN 103.219.177.29:47194 tcp
CN 45.117.11.205:16966 tcp
CN 110.80.134.146:36820 tcp
CN 45.117.11.211:31710 tcp
CN 117.24.12.219:34650 tcp
CN 45.117.11.54:52730 tcp
CN 45.248.10.143:14111 tcp
CN 45.248.8.194:27223 tcp
CN 45.251.9.148:54274 tcp
CN 45.248.10.79:50878 tcp
CN 45.251.9.148:54274 tcp
CN 45.117.11.211:31710 tcp
CN 45.248.10.143:14111 tcp
CN 110.42.5.82:33603 tcp
CN 103.88.32.130:31606 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp
CN 110.80.137.104:9501 tcp
US 8.8.8.8:53 config.yunjiasu.kkidc.com udp

Files

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

MD5 9052e0012e33868e461d5e884e7018ac
SHA1 95399aa002b0fc94612cb47cba24f911cc4e2f82
SHA256 fec95d383fac6243f4a6b90cb91d4ca201f0001c0eec477762aec4befa4273b8
SHA512 6d85af4c9eed5ef6ef02bb56677c28e0cbe5c65e12f0f9fc20358c4450fe6a4d465b5f1187dca5dc6996fd382adcef5a2321d75cab0491975c96669b6eae4f57

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

MD5 8e148273ca357b29499e4347d41fc1a9
SHA1 301883e0b47da99184839f4c10a768cbafe3d363
SHA256 5d2d1f912f296e0ede6d25d7d3dbac125697cc4a2e583c1d96b405d26ee30433
SHA512 15d06baa3e6fa0e6f7873a137dde45a3514ab51864d9641caed891f6234e91c05d43ee70df956354315766178cae5e89e67d5dc11af10840302ec2ce7e1cd4d1

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

MD5 afad4a02f52b4dafd1595d5cf91ad0ca
SHA1 51bbfee7649f6a2709d6e00665c4a596e76e58ec
SHA256 b22ad423a0bdbb174d793e7358fc9eeb54f4e5914f87c5869f5f40ac048db420
SHA512 7af4700cbf6bc4e6ad0182e0eaee20cf542c0bc8385e88b9cab705767f7e80683df86d9dd1920bcfc71e3e2fdc31b7ae172f049525b846a58f39753dc836fc9c