f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe
Size

5.7MB
MD5

228573a3e36673d8c4784415659a425f
SHA1

77afd534cab9422a251f66c3399f2ca3ed68476f
SHA256

f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60
SHA512

ef1e4f5b17bf8733bcdda5a7741c46769a63c1160f655fa0de6f10353fbf94acf4ff2d5bef5cd769b7e73b0de187ad010f40d8f5a4d5bc110f6e46e459f666df
SSDEEP

98304:j/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmnkV6:mMD+cpvJ/4H3nmghWoa/fsysMF4JD85X

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Oracle\VirtualBox Guest Additions	f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2524	f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe
2524	f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2524	f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2524	f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe

C:\Users\Admin\AppData\Local\Temp\f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe
"C:\Users\Admin\AppData\Local\Temp\f7cb049fb273a5dd970ff15d424fe7a8b93ffcc95a59800163f8143059d89f60.exe"
1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
652B

MD5
cb9febc99dcd0a035c9ade3ff35473d8

SHA1
dbb341c5d413cf753279c0c9934988efe65f4886

SHA256
b7ea6e2d3ee802c8e3969979b945980af4d1c2f0a2326091924d9ead6000543c

SHA512
d700ef5073a219c31e46a4b126d623ba39a60b46e616ae0c2d0a34f6b7f0cd049c397bd18afa382507ce499bad042a9e6173c98848e955648367de74a1d56821

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
3KB

MD5
57e9b21b2920c356b1ee59b7824d7cb3

SHA1
d79b1bc65dc6e8aeb75d600aee44e7a9752af273

SHA256
43ca5822a098c3db50682ad3ea55e74e358418f4f5dcc93d070fea082c2d71d0

SHA512
87159c6d878a6291562749111e9e0b46360bdb3e6d8d6be9826ec299bd53941587c1bb1e2686add342a66c65fde3424fe750a25f5928030fe043486a17805652

Download Submit
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log

Filesize
4KB

MD5
4b5b2b74006a26dd4f70388409bdee21

SHA1
ff961cc0d3957b593a064f03990678e6c8cd428b

SHA256
bf157e0b7b0dcb214b83fa54fd9d41ef375e17c09481c568451e5ed67e5e60a3

SHA512
e04d955adb0e898cc52c80b1ad45540dd9176c81008a91866a2bb910edf3fe797f57e4810c75e0c68390b361149926089a83c0612cb329d0b9cfd3476d35efbe

Download Submit