Overview

overview

9

Static

static

3

5fa6593b9c...bc.exe

windows7-x64

9

5fa6593b9c...bc.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2024 04:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exe

  • Size

    5.7MB

  • MD5

    3d323d1ed35e5637d412a2bacff5918a

  • SHA1

    429fa83cde3f306db9b10c1dfbb6f3bca6795d9d

  • SHA256

    5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc

  • SHA512

    7218f3b3a9456bef0ad66d315afa47241b67fd9bd77daada629dbc78879172e7d2904406cc6ba7b8493eebe5af1045ddafc019962a5b830a1723bf9c711d3774

  • SSDEEP

    98304:b/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmYkVI:uMD+cpvJ/4H3nmghWoa/fsysMF4JD85I

Score
9/10
evasion

Malware Config

Signatures

  • Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exe
    "C:\Users\Admin\AppData\Local\Temp\5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exe"
    1⤵
    • Looks for VirtualBox Guest Additions in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4076
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3860 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2400

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Virtualization/Sandbox Evasion

    1
    T1497

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    Virtualization/Sandbox Evasion

    1
    T1497

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
      Filesize

      10KB

      MD5

      7c8da1e26150e3cfdb73df52c9f1860c

      SHA1

      786376a3780d7d99d5c0b0afaa117e9ea056af96

      SHA256

      898bea5a44aeef69fab1416bcad9010edf7d5537ba1af8fb63fe9299962a4ca0

      SHA512

      ffee16a3fcae4ac437314609c3df2647ceda40ca13f5e0e08258c73f98da1ff575961555e60e860d42a83b5d2ba2330633da00dae1baa20b4f88eea495878062

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\yjs_log\log.log
      Filesize

      310B

      MD5

      890a6da7b7e7eaf52bd68f62e8e4c6f1

      SHA1

      7042f08e75e58c23919e2b3ac0aa894defc13a7b

      SHA256

      fb77859c60b3ed98772ab0fe779e541ff16595a22785fff20c34ea681f240a6f

      SHA512

      7e6d74bf2d2309cb3592909a292c45146c38ab5b834f09b62b6647cefb65830f27fb784971bf28bdad24f3d6c2f75e4b3b7d12acee16ca7158741e441436787c

      Download Submit