d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 15:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe
Size

5.7MB
MD5

e6cc570bcb689f428eeeac579842c38e
SHA1

ea011bf36c5796336bf74d596a8dfe564fefbef7
SHA256

d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098
SHA512

31da798a647337da1adeb57ef5829343b7470b0a57ca7913ad522772f21501012a050deca3db29993c8105eadac3f843d1eccf1e012be2ca0bbcbcffe24fdd43
SSDEEP

98304:j/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmBkVK:mMD+cpvJ/4H3nmghWoa/fsysMF4JD85x

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions	d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2252	d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe
2252	d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2252	d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2252	d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe

C:\Users\Admin\AppData\Local\Temp\d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe
"C:\Users\Admin\AppData\Local\Temp\d6de3b0dea66889414f79b11603c39ec1497422f42665168c3d02ff34cf45098.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
652B

MD5
f32420f38a60ca19be939574b46761a9

SHA1
eaba3a77f7e0a030111cbd6d26bb24ff5717bb02

SHA256
46afd54bdbdb0606d8ff5bf5d1c78052517f4b9583e644f396e1fc5c28e08a56

SHA512
cac0509d65a82366cfe4f1d6a6413bb385985911501a620d83adbc4e1b346a9191189b72c3bce18698dec870d1c3a952e4deeb424effa967ea532c4fe00e8ecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
4KB

MD5
4d962c1011eee04b3be30f9093a17c7c

SHA1
a33851fd915d64e1e9657d2d0234cb25f2decbea

SHA256
bf62c99a65520cbc93005e46f0b000a3552796894f24ca826d04fb23d30c1a7f

SHA512
e8ca85dcf8d33e27607ce638556f0cc46bee8497c960101496b3440923f32265349215a451481f5415fb62c08bd70f2b3c97534cf359cf18bd1b5e03493338f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
252B

MD5
1e036558821d9a28b26a42ea21e296a2

SHA1
edc635fdca9f90b25d007d54da495d0a555d1873

SHA256
ca438c61488cbde628079791c32359d483329d4529a0a78d5feb5afc5080680d

SHA512
0c9b7334d209fb633d23c61067797dbba501e5d97708dea93b49d271f90170d4c1d0fed495ae2d67e5c1cb61e6bc030420dd77f7ba2d7c6edaf87e239edc9b25

Download Submit