Overview

overview

1

Static

static

1

VN_1min47secs.pm3.htm

windows10-1703-x64

1

Resubmissions

03/05/2023, 15:29

230503-sw4p5aha61 1

03/05/2023, 14:52

230503-r8tv1sfa73 1

Analysis

  • max time kernel
    60s
  • max time network
    55s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/05/2023, 15:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    VN_1min47secs.pm3.htm

  • Size

    1KB

  • MD5

    469d35825e72dbd618598ed426fa9103

  • SHA1

    e022e1a70484176adbb4d7a3a8138dc9dac31dd0

  • SHA256

    fbcdb3fbd4bc4e7a2c0f94d55e8de76cdca1d9b55efa812daf6c00e44f23f909

  • SHA512

    2fe0e1b4c7cc25c1937a6ff9e7776fd212f45f19db7061273c623c401d31fa75873d3125ca0e374be015577d94cf2e56d51a722986025687542056310580ebb1

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\VN_1min47secs.pm3.htm
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4300
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\VN_1min47secs.pm3.htm
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1852
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.0.1736862958\1550361184" -parentBuildID 20221007134813 -prefsHandle 1660 -prefMapHandle 1652 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b0ae00c-63c7-4197-a47c-7a54282ad986} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 1732 2c273e16e58 gpu
        3⤵
          PID:2112
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.1.1204653491\293339501" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 21749 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81496be7-338d-4600-a6af-8312fb2142f1} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 2184 2c272140158 socket
          3⤵
            PID:1712
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.2.521391333\2024238900" -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 2620 -prefsLen 21832 -prefMapSize 232675 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1985972f-2af2-4473-ae67-69d07bdddce6} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 3000 2c276c41c58 tab
            3⤵
              PID:1620
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.3.37511504\114196563" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3480 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c77c440-0c52-4dfa-97a8-e910ce74d261} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 3496 2c260262558 tab
              3⤵
                PID:3264
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.4.2128483956\1175164944" -childID 3 -isForBrowser -prefsHandle 4568 -prefMapHandle 2888 -prefsLen 26877 -prefMapSize 232675 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77437fcd-a244-45ce-92a8-7d5a51c793fc} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 4560 2c279b37658 tab
                3⤵
                  PID:4692
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.6.2123191132\804877351" -childID 5 -isForBrowser -prefsHandle 4704 -prefMapHandle 4708 -prefsLen 26877 -prefMapSize 232675 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d856626-477f-4696-a315-b5fbe2cacd2e} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 4696 2c279b38e58 tab
                  3⤵
                    PID:2700
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.5.1707347945\1682731237" -childID 4 -isForBrowser -prefsHandle 4792 -prefMapHandle 4788 -prefsLen 26877 -prefMapSize 232675 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9aa420a9-84b3-4e7a-a509-5af9343f70c5} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 4800 2c279b38b58 tab
                    3⤵
                      PID:4952
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1852.7.1307258345\1017185462" -childID 6 -isForBrowser -prefsHandle 4704 -prefMapHandle 5132 -prefsLen 26877 -prefMapSize 232675 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c472057-4760-4aac-a57a-eed643b68209} 1852 "\\.\pipe\gecko-crash-server-pipe.1852" 4988 2c276a31258 tab
                      3⤵
                        PID:2088

                  Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\evlzgz75.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          153KB

                          MD5

                          86c20b7be5483579a4e8170a57deb42f

                          SHA1

                          5e94de98f19390178fa772ea77d401194c56151d

                          SHA256

                          7d25ea864933e94b24278c60a2bd7a7719194ea9266657fca983c8e92360895b

                          SHA512

                          3e48adc60ab0e2784c37f2618cbf4d41629a32afaca326454e48b952ee584112b030329cbb6a3d71e8b0d8b8ec788f1516fa0f8cdf5b01ddf0c90b4694596f00

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          f843fc3b858888d342076c7199266348

                          SHA1

                          97dea7b7d8486f03cc085ef488fda80fe53515a0

                          SHA256

                          19b6e95d7e0e109333b648d994d42f1f8552467f8f43a4570f84dc5c5e2189a4

                          SHA512

                          9b25cfb2a279bda5827e7d4c3446c75cb5057e7a886e23b7f3eb44d3a2fbb04d19249ff423c821cc41ea7a6d8585fafb0b4f9ae8d54274883250c4a4a1c7c1f7

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          487f51773bff92e9b4bba641a7a03206

                          SHA1

                          d0e04bbacc6e930d285fa953f40bd49445bcb30e

                          SHA256

                          4add9b5056b033b06dd9fc1d8405c92c7cf9c824c2e793f47cdf2364d3d89795

                          SHA512

                          2315e548097544196fe404241e04103d9d4dae175ee50703cae9ce00aa17ac73e552fc2b26241e2c440053f3c5df55788778e3453f32a160021f990169fc6d07

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          1KB

                          MD5

                          1a93eea03b66c6e72b16a74821346256

                          SHA1

                          10f93ce4f5894bf6c211620a2f9231df417ebf39

                          SHA256

                          e36f03edd5edfd735bd852c4da283cee8b455a4e33c7bddd096b955912ce4636

                          SHA512

                          05e051dae18e34b2bef71a0b8c148c357d9c376fca8f6ca7b4d6bf105831fcf46539569635e5e4d4f256fbdf6275740f57a53a334cbbb79410831b2da95ec364

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\evlzgz75.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                          Filesize

                          184KB

                          MD5

                          8f66ad451d02f4619dec36a3cc7741c7

                          SHA1

                          f1ec4906230312289927d00032a6ea138ab6e544

                          SHA256

                          09aefcea0e8fba6935eb2e114778b218858c0eb459c462c8eea0fd6513ec989d

                          SHA512

                          8e7f9ccac1b77f9dfe8a44d6ef5156750f79f133cfa5fe88f17f39539887ea1670710b41b0350e12908c1c9d405680c6b8f106985eff46e3e06d7e51668de903

                          Download Submit