35c42c98b784974a965c358a9bda63b6cb4edde80db83f87daa2fee83e6cfad6 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

VirtualBox...in.exe

windows7-x64

8

VirtualBox...in.exe

windows10-2004-x64

8

Resubmissions

05-02-2025 14:45

250205-r4w5kssngm 8

28-01-2025 13:04

250128-qa9cdayrhw 8

Sharing

General

Target

VirtualBox-7.1.6-167084-Win.exe
Size

117.3MB
Sample

250128-qa9cdayrhw
MD5

8addd310d09249bc176c9c891aae41cb
SHA1

81212ad29642b2b261df42d25ccd23fe715914d1
SHA256

35c42c98b784974a965c358a9bda63b6cb4edde80db83f87daa2fee83e6cfad6
SHA512

b6126211ade8b38215ea70692af8cff5e47cb922484a3f08e377edf01a4a1d9b865772f4703d6914d779faba95eb46f16266e6f05411efba4691bc6f411d1d77
SSDEEP

3145728:Zqar23mGGWtNN/fdSqyI/LUs5DuFsdOKtVeBi4g:82GGOFfAqyI/7FdUAT

Score

8^/10

discovery persistence privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

VirtualBox-7.1.6-167084-Win.exe

Resource

win7-20241010-en

discovery persistence privilege_escalation

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

VirtualBox-7.1.6-167084-Win.exe

Resource

win10v2004-20241007-en

discovery persistence privilege_escalation

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  VirtualBox-7.1.6-167084-Win.exe
- Size
  
  117.3MB
- MD5
  
  8addd310d09249bc176c9c891aae41cb
- SHA1
  
  81212ad29642b2b261df42d25ccd23fe715914d1
- SHA256
  
  35c42c98b784974a965c358a9bda63b6cb4edde80db83f87daa2fee83e6cfad6
- SHA512
  
  b6126211ade8b38215ea70692af8cff5e47cb922484a3f08e377edf01a4a1d9b865772f4703d6914d779faba95eb46f16266e6f05411efba4691bc6f411d1d77
- SSDEEP
  
  3145728:Zqar23mGGWtNN/fdSqyI/LUs5DuFsdOKtVeBi4g:82GGOFfAqyI/7FdUAT
Score

8^/10

discovery persistence privilege_escalation
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy