Analysis
-
max time kernel
149s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 04:39
Static task
static1
Behavioral task
behavioral1
Sample
5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exe
Resource
win10v2004-20240226-en
General
-
Target
5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exe
-
Size
5.7MB
-
MD5
3d323d1ed35e5637d412a2bacff5918a
-
SHA1
429fa83cde3f306db9b10c1dfbb6f3bca6795d9d
-
SHA256
5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc
-
SHA512
7218f3b3a9456bef0ad66d315afa47241b67fd9bd77daada629dbc78879172e7d2904406cc6ba7b8493eebe5af1045ddafc019962a5b830a1723bf9c711d3774
-
SSDEEP
98304:b/6n94bDY2EBcBuq62V///4nAWakrn7S/IhWoaVVfs/VIsMF4JD8iulhq7NmYkVI:uMD+cpvJ/4H3nmghWoa/fsysMF4JD85I
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
Processes:
5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exedescription ioc process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions 5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exepid process 4076 5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exe 4076 5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exepid process 4076 5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exe -
Suspicious use of SendNotifyMessage 1 IoCs
Processes:
5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exepid process 4076 5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exe"C:\Users\Admin\AppData\Local\Temp\5fa6593b9ce38a6e8f6ece7badd4ff0e7e1ecc77a03a8f645a7fb7ef4902b1bc.exe"1⤵
- Looks for VirtualBox Guest Additions in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3860 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.logFilesize
10KB
MD57c8da1e26150e3cfdb73df52c9f1860c
SHA1786376a3780d7d99d5c0b0afaa117e9ea056af96
SHA256898bea5a44aeef69fab1416bcad9010edf7d5537ba1af8fb63fe9299962a4ca0
SHA512ffee16a3fcae4ac437314609c3df2647ceda40ca13f5e0e08258c73f98da1ff575961555e60e860d42a83b5d2ba2330633da00dae1baa20b4f88eea495878062
-
C:\Users\Admin\AppData\Local\Temp\yjs_log\log.logFilesize
310B
MD5890a6da7b7e7eaf52bd68f62e8e4c6f1
SHA17042f08e75e58c23919e2b3ac0aa894defc13a7b
SHA256fb77859c60b3ed98772ab0fe779e541ff16595a22785fff20c34ea681f240a6f
SHA5127e6d74bf2d2309cb3592909a292c45146c38ab5b834f09b62b6647cefb65830f27fb784971bf28bdad24f3d6c2f75e4b3b7d12acee16ca7158741e441436787c