Overview

overview

7

Static

static

1

Aristois-Free.jar

windows7-x64

1

Aristois-Free.jar

windows10-1703-x64

7

Aristois-Free.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    1792s
  • max time network
    1765s
  • platform
    windows7_x64
  • resource
    win7-20230220-es
  • resource tags

    arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    12-04-2023 13:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Aristois-Free.jar

  • Size

    6.6MB

  • MD5

    a20386aae57b3314aa608af93d576d0b

  • SHA1

    5685e5fc2e57f8116e3ef9da77110c7f6800a5c1

  • SHA256

    dd126dd177dadab5ee1d6f0697a2b5ffd2b9869ea7bfb4d0c65fa38265664dfa

  • SHA512

    20571bbfe24e15dbc8f51fce92b7847dfcee6d91ac59e9ac7b3f2508c59e6715075179b0c0b46a988c5ee1e9d1aa95a2b5cc9806d1968a85344af6c07130b5ac

  • SSDEEP

    196608:0QcYTnwEffNczykIbzP1XeaNAd+1blTRLkqSCfH:nrzflDkaPAd8dJkqSoH

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\Aristois-Free.jar
    1⤵
      PID:956
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:656
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1564
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.0.1384553324\2102751609" -parentBuildID 20221007134813 -prefsHandle 1176 -prefMapHandle 1156 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d9f28a0-219a-478e-a494-6d2dfab0c322} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 1252 122a8a58 gpu
          3⤵
            PID:1272
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.1.957295179\110510087" -parentBuildID 20221007134813 -prefsHandle 1444 -prefMapHandle 1440 -prefsLen 20971 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77167de0-5798-4189-9df6-67d5c54ab7ef} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 1456 f6f258 socket
            3⤵
              PID:928
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.2.1043458418\738966521" -childID 1 -isForBrowser -prefsHandle 1056 -prefMapHandle 2072 -prefsLen 21054 -prefMapSize 232675 -jsInitHandle 900 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2a855a3-c6d6-49aa-af27-bf7d2610d8c4} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 2068 1a0e1b58 tab
              3⤵
                PID:1980
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.3.682932932\1393664795" -childID 2 -isForBrowser -prefsHandle 560 -prefMapHandle 836 -prefsLen 26564 -prefMapSize 232675 -jsInitHandle 900 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86478196-26a8-4556-894c-f27fc6edfdb1} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 1592 f70a58 tab
                3⤵
                  PID:1016
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.4.468288967\2141766655" -childID 3 -isForBrowser -prefsHandle 2796 -prefMapHandle 2792 -prefsLen 26564 -prefMapSize 232675 -jsInitHandle 900 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b786ebb3-c28f-4660-8f15-c89dbdc7ed99} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 2808 1c083f58 tab
                  3⤵
                    PID:1992
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.5.1622930949\1413591706" -childID 4 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26704 -prefMapSize 232675 -jsInitHandle 900 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcce8603-ae49-4289-a7bd-2acddd42bf17} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 3652 1c082758 tab
                    3⤵
                      PID:2424
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.6.39752044\774501651" -childID 5 -isForBrowser -prefsHandle 3624 -prefMapHandle 2900 -prefsLen 26704 -prefMapSize 232675 -jsInitHandle 900 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac02b1cd-bcdd-451d-b0b0-f7fd2daeb03f} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 3664 1d269558 tab
                      3⤵
                        PID:2432
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.7.1678084571\1573766343" -childID 6 -isForBrowser -prefsHandle 3752 -prefMapHandle 3924 -prefsLen 26704 -prefMapSize 232675 -jsInitHandle 900 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd7ca0d5-8149-4de8-9027-b39c2e48605c} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 3832 1d26a158 tab
                        3⤵
                          PID:2492
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.8.70115337\872304997" -childID 7 -isForBrowser -prefsHandle 3416 -prefMapHandle 3408 -prefsLen 26986 -prefMapSize 232675 -jsInitHandle 900 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64bfe909-f2f0-4eb8-9581-3b3200571994} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 4120 1c91e558 tab
                          3⤵
                            PID:2908
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.9.245348137\1625633424" -childID 8 -isForBrowser -prefsHandle 3672 -prefMapHandle 3704 -prefsLen 27860 -prefMapSize 232675 -jsInitHandle 900 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {681d0477-09b5-41db-aeed-ea19b96d73ca} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 3688 1e74ed58 tab
                            3⤵
                              PID:2116

                        Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9aaxljs.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          143KB

                          MD5

                          09d83964aa71cbccc864554197ec1b6d

                          SHA1

                          327eb266d66a059cd100eac77bfbdba19d1f7000

                          SHA256

                          e0aad0eb79e7a87c84f32a460d6672eabf18480dd299371b84af173f1b8a8a26

                          SHA512

                          3bd3a5d7c29776ef5ced1e381e134c8f238851760c05479010b9ecb163a5288ae54170c675dc7ce72bc6fd22e2893dd1524cd5ac1a1247099191aae3f6fb82e1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                          Filesize

                          7KB

                          MD5

                          e3922e58aa556b73669729b8604c048f

                          SHA1

                          e5605957a7eca325592cddcc25cfa8b485b000a1

                          SHA256

                          4c7d6d5b6db211a7ce45bee2ceba650e1139c57a567ad4e00e6922bbe2cca059

                          SHA512

                          107c79a56db28d126e7b6c6b75f3a50dfeb2b77c7fe4c3b878095758ed882abfe7ec89e1c4fdc9eb42e3599132fb5355f73ea5b68923f5be185f551883c960e8

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\addonStartup.json.lz4
                          Filesize

                          5KB

                          MD5

                          59dcce454c0c0a82b845fef9edd61e5e

                          SHA1

                          847355725e6a4973d5a13891c5a2eb8f2c87c411

                          SHA256

                          78b13cf29159018bce25348928a06f9a11a2974ba00bb920a1759331c82a1c74

                          SHA512

                          b133df155cde99ba5ba45d319e14f37cebf14a82e419883debb6991ea7e2886e05575ad6b5c5bc293dcfee2fb5eb0c00ac8fa3ef090047068a9ac2687e26e36f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\bookmarkbackups\bookmarks-2023-04-12_11_+kzE3OlCk0nm5mWOEXz1Dg==.jsonlz4
                          Filesize

                          945B

                          MD5

                          7e2a2d842d9b9232dd94faa26dcb5617

                          SHA1

                          a040e78a891d89f718d117ed4d780acded608b72

                          SHA256

                          79b310d20f0f23742bcff250d0af9c634c34ae2b263d059183b1e2db82a3e96c

                          SHA512

                          020608566627414189f3d7ac59f02ba928fc9e8c4d42137e9384eb02705188f445e3813aaec1b3d030d13703fa8014cc4e6a4c04d21c34b26ad03a63de7e98fa

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\broadcast-listeners.json
                          Filesize

                          204B

                          MD5

                          72c95709e1a3b27919e13d28bbe8e8a2

                          SHA1

                          00892decbee63d627057730bfc0c6a4f13099ee4

                          SHA256

                          9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

                          SHA512

                          613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\cert9.db
                          Filesize

                          224KB

                          MD5

                          2a9f8849954c837b00152d75d34c82c1

                          SHA1

                          012548addfdfaa4557a3bac7b9034b51c7d67110

                          SHA256

                          f3e483815906757cc8d1d1197eb1044bd000ad7688aec972544fa5709bd9fee4

                          SHA512

                          fb15fdc2b7fdd7612b605b155a76dfa07d73e85958e84b0d9c229b9f1b5860b02ce6825bd6364af3fab3772b40d90c7865cfe40f7c5130ff6871ae887efdc39f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          580aaebcc2926902dc1a82b71a1c70e5

                          SHA1

                          844e9d6832ad15e30e1f1e02b2fc1978c3955cf4

                          SHA256

                          2f8cfc1df1a4d6d9a5a338f79e811bf5e3584e5a62fec47638de62bde69cd5bd

                          SHA512

                          6a3004e1dba88f2d5cf2adda5939379bfdc94fc77557fb28ab116da1056a2982a0d2c3d9f1ad4b9a381917cf801a6edade445f2daa7771945fd30087b90a2086

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          43f4f1eae94fceecac581c9962ff2271

                          SHA1

                          b849461b34bf16b7b734cce1d58e072fac698773

                          SHA256

                          2d94dd821aa0737a5bf4f4322d6a182c03a1dbf38c50f825d0ee52b7d47f2cb8

                          SHA512

                          cb19aa0fbd19201253d5359c937f7d21075b9b11d422252917e566f30ba29739408cc7c33eb5eb02adb9eb4406aa70297f691061e3163f106056965f01494143

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          9e8b698528756f60fadff7061ab53d2b

                          SHA1

                          63414f8317676e1e0ddcc68532f5c9706e774600

                          SHA256

                          a25f4fa63ad04ca340c4f64bd9085fda8730f7579c67c3ab05723c9dbf25d177

                          SHA512

                          9e6fa6d1e8b03cad9fb1e2a56782ffe5214805938a15aad1d132d06dd4dcf41d792b5efca466c8b7268c0a28019242f93514d29c8603884828254aeaccf19a74

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9aaxljs.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                          Filesize

                          184KB

                          MD5

                          debb6052f2f53f5eb4d528d55455dd27

                          SHA1

                          ffd735be2d25c961665e6022bc321da039451818

                          SHA256

                          63e9f05fc7fdb86678e52c2d8a84b00c02441af154e121a82445b35436ed3659

                          SHA512

                          a0de1ac1a845e8832ac34be71c43289294ff09f50e4167207c8aed008d46e74d163743c1dd4e37b0cf747406b6de8e4d05990edf983c5990a88a2e79a1bf2bb3

                          Download Submit

                        • memory/956-64-0x00000000000B0000-0x00000000000B1000-memory.dmp

                          Filesize

                          4KB

                          Download