Overview

overview

9

Static

static

3

7076ad7021...0f.exe

windows7-x64

9

7076ad7021...0f.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2024 04:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7076ad70211d1ef3b2d2043d6a7091afec4e57f6d9cb32e4a006786b72c1010f.exe

  • Size

    5.7MB

  • MD5

    278fdb7269bcaeb148f6707c7ce3d869

  • SHA1

    b7028031b8e1fb8aa194c515b314c4d9e05718e5

  • SHA256

    7076ad70211d1ef3b2d2043d6a7091afec4e57f6d9cb32e4a006786b72c1010f

  • SHA512

    92e69cd2b36995f00475e44c6fad92ca2ffe75c74fd2734a766a97325fc80f57094fb9190d6f98cc0ba845d145177717cce2bf1c58c81d808a0fa3bb053470ec

  • SSDEEP

    98304:b/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmGkVu:uMD+cpvJ/4H3nmghWoa/fsysMF4JD85Q

Score
9/10
evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7076ad70211d1ef3b2d2043d6a7091afec4e57f6d9cb32e4a006786b72c1010f.exe
    "C:\Users\Admin\AppData\Local\Temp\7076ad70211d1ef3b2d2043d6a7091afec4e57f6d9cb32e4a006786b72c1010f.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    652B

    MD5

    2c4d948fcd580b6c0a2f12e396cb77ed

    SHA1

    d0232019dc78ad446422a95495772a46a1f9a8a6

    SHA256

    8d774452ece69d737c58c394e53ec732d7ea1f4c3000c871d5bfb09a53164724

    SHA512

    3bef79da9baefd56d8a74fcfabd449fc03e895dbac581d293eca4fa55833c2d5022897f1032a447cbc1c3d02b4fad3a772a2fb01b32ea4da62a750dee6979742

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    3KB

    MD5

    f458d0c2a0e0999eaf66801624273a9f

    SHA1

    d3a2f6e1203099995be1491e23c79e264d3d71e4

    SHA256

    ecff928cd5b267697a354e7f2fc8d84be449671141de799082f65a64da7f347c

    SHA512

    e3b9ff9a6fdb44f0b3785455f5815af7c88bd9d1ce9433c1acbf41464d88b4368bc1b6fe9ea374c4481c6011434261098ecb9f242d3a1f9159958ca12af1fd7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    12KB

    MD5

    519514f4e70c24e0826cdbfbe89c2540

    SHA1

    c711b5606e841d3989cd26296e6bee2896a743a3

    SHA256

    5e9b88ac5a5209a55a9887cc3f746476b1717d093fe2d9c0c8abb6d9e300ac93

    SHA512

    c4f8de69047e52f5345d82b3e4be485cc3d1bb8b3b692160494c4bf3de1a277e55b9d0ca0717849b878d3e73e01066a3c2be1255dc07b357cf3b152674c5fb3d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
    Filesize

    206B

    MD5

    b4bb6d8d0e0d8143fa188bf4ee956ec8

    SHA1

    045d956d20d34b16e157591ee2121a9a854fb506

    SHA256

    aef6e55cac1f0e2181b525ae29500e2df5c40bed4f792b8f0136320ebe85b17a

    SHA512

    2f10fe8cede3b5556f624a4a8d88bf408d0ef03a4f0789b597ebafd39f220840d39baa16259f351f5d0ec7484325e62b43546de5ca12c5f36b0f98a33136c16a

    Download Submit