Overview

overview

10

Static

static

10

2e50eb85f6...b2.zip

windows10_x64

4

Analysis

  • max time kernel
    170s
  • max time network
    175s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    04-12-2021 06:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.zip

  • Size

    41KB

  • MD5

    f57a2e95937e7727c82b0782e1cdd0d0

  • SHA1

    570ac30c3c40c62d67ac39e857e840b69908ed16

  • SHA256

    e038bb439a412f1c98d22a9a4726fbe0747a8bbbb48a8d26ac4dcb039f29e53e

  • SHA512

    be171554a26d962445b8a9238abc6faecd2398dc04305730ef44f03418f20971657254f04887c4dbbca87d0a360077cb9e4666747882ba4bdc82e8d567858647

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 61 IoCs
  • Suspicious use of SendNotifyMessage 60 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\2e50eb85f6e271001e69c5733af95c34728893145766066c5ff8708dcc0e43b2.zip
    1⤵
      PID:3960
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3900
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3016
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4452
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4452.0.1676546841\269552143" -parentBuildID 20200403170909 -prefsHandle 1544 -prefMapHandle 1536 -prefsLen 1 -prefMapSize 219680 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4452 "\\.\pipe\gecko-crash-server-pipe.4452" 1624 gpu
          3⤵
            PID:4736
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4452.3.246471484\928510059" -childID 1 -isForBrowser -prefsHandle 2148 -prefMapHandle 2144 -prefsLen 122 -prefMapSize 219680 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4452 "\\.\pipe\gecko-crash-server-pipe.4452" 2252 tab
            3⤵
              PID:4620
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4452.13.1159972896\935656819" -childID 2 -isForBrowser -prefsHandle 3396 -prefMapHandle 3392 -prefsLen 6979 -prefMapSize 219680 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4452 "\\.\pipe\gecko-crash-server-pipe.4452" 3408 tab
              3⤵
                PID:408
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4452.20.1203835195\166738357" -childID 3 -isForBrowser -prefsHandle 3896 -prefMapHandle 4008 -prefsLen 7684 -prefMapSize 219680 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4452 "\\.\pipe\gecko-crash-server-pipe.4452" 3992 tab
                3⤵
                  PID:1780
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4452.27.150912374\536215907" -childID 4 -isForBrowser -prefsHandle 2168 -prefMapHandle 4460 -prefsLen 8545 -prefMapSize 219680 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4452 "\\.\pipe\gecko-crash-server-pipe.4452" 2828 tab
                  3⤵
                    PID:3532

              Network

              MITRE ATT&CK Matrix ATT&CK v6

              Initial Access

              Execution

              Persistence

              Privilege Escalation

              Defense Evasion

              Credential Access

              Discovery

              Query Registry

              2
              T1012

              Peripheral Device Discovery

              1
              T1120

              System Information Discovery

              2
              T1082

              Lateral Movement

              Collection

              Exfiltration

              Command and Control

              Impact

              Replay Monitor

              Loading Replay Monitor...

              Downloads