Overview

overview

3

Static

static

1

fivem-spoo...veM.py

windows7-x64

3

fivem-spoo...veM.py

windows10-2004-x64

3

fivem-spoo...up.bat

windows7-x64

1

fivem-spoo...up.bat

windows10-2004-x64

1

Resubmissions

17/08/2023, 18:57

230817-xl721sea8v 8

17/08/2023, 18:54

230817-xkfw5sea6s 3

Analysis

  • max time kernel
    138s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2023, 18:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fivem-spoofer-main/setup.bat

  • Size

    388B

  • MD5

    c2a5bbc58f0d6a4eecea88d71c12cc18

  • SHA1

    16bd908186e2669974c677b4bc9c32828c88b356

  • SHA256

    cc17d232f1dcf30187418380f026398f160caf54b5684c53f94b5674b4cbd32d

  • SHA512

    0203c6aed8cdd45b134de2768e7f4e1b1b9550cda41d20130584157e210ae5d4be43886629f88f93b782f5b5098e8b9c2c3d574e7c7da2922a5f8572baa2eda4

Score
1/10

Malware Config

Signatures

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\fivem-spoofer-main\setup.bat"
    1⤵
      PID:636
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4816
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1452
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1452.0.789369651\1034781033" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1860 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24fa7700-d480-46b2-acbd-30e507b00876} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" 1964 1e7ff180458 gpu
          3⤵
            PID:3468
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1452.1.817973272\884333088" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a339f37-7145-46dc-9083-3ed2f8a78595} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" 2368 1e7f1772558 socket
            3⤵
              PID:3768
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1452.2.1856361192\1603397030" -childID 1 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18f92a86-3485-4c38-b8d9-5f570b1205e8} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" 3200 1e78232e258 tab
              3⤵
                PID:632
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1452.4.119389179\1904552669" -childID 3 -isForBrowser -prefsHandle 3744 -prefMapHandle 3740 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3c473b7-dd17-46c8-a262-c15ff934f828} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" 3752 1e780af4e58 tab
                3⤵
                  PID:1044
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1452.3.1415646818\1700485995" -childID 2 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce1323d9-f0c5-475f-8636-29eb5cfd1bb4} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" 2500 1e7807ef758 tab
                  3⤵
                    PID:668
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1452.5.394346654\1455761967" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5112 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f0ba7c6-9bb0-4de7-b32d-fdd4553848f6} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" 5068 1e78310f658 tab
                    3⤵
                      PID:3020
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1452.7.1618340659\1986427873" -childID 6 -isForBrowser -prefsHandle 5424 -prefMapHandle 5428 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91c15377-200c-41bc-a2ab-271530e88a44} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" 5508 1e7f172db58 tab
                      3⤵
                        PID:3444
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1452.6.1225541321\1060324325" -childID 5 -isForBrowser -prefsHandle 5312 -prefMapHandle 5240 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {044b4d4e-fbcb-404a-ae9d-340d32123b06} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" 5348 1e7840cdd58 tab
                        3⤵
                          PID:3152
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1452.8.748445921\1234981727" -childID 7 -isForBrowser -prefsHandle 5512 -prefMapHandle 5748 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfabe2c8-3f61-44ec-b855-db7d2bb53851} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" 5948 1e7807f1e58 tab
                          3⤵
                            PID:4680
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1452.9.1764410464\1839416386" -childID 8 -isForBrowser -prefsHandle 3336 -prefMapHandle 2916 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c08efd8-4cf9-4d96-be36-bc96e12a741e} 1452 "\\.\pipe\gecko-crash-server-pipe.1452" 3584 1e7854ab558 tab
                            3⤵
                              PID:4660

                        Network

                        MITRE ATT&CK Matrix

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          22KB

                          MD5

                          c3027f44dde792d1528ae6ea00c1cf6d

                          SHA1

                          a8a743e10497bc9cbe7b58c729c0188a0de60807

                          SHA256

                          349c367daeaea6194a09cf3a1b31160fac540bb4fdeadf00362e7e3cdf0f9dae

                          SHA512

                          e154d569f830e451764e6252f93296b0dce4d2303d415383dd85380237ea96d9332f51d66aa98619975098af3997cd41511db810702849c45b200b2bb41cd442

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          640e4906245bf7402f884eba17428dbf

                          SHA1

                          f86930f4e8ce10a6c28c98b1f6fdf3beca67faa7

                          SHA256

                          b6100fee822947f70ebd36045fe194047331a396b5cb7a2e9254355e6e85c023

                          SHA512

                          02cfac7b7b5cbb6af0b5465effdc5cb67888d2c66be311544d69c652832ce77e138f3cad87ec0f4ea25b08cc610e2a25b4f3776eb92247ad7de55a21bd27e83a

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          da3b8a58912bcdb7c6729607ed3caf7f

                          SHA1

                          88beeb13de642aa8b27cf865f25d1c7277498bc6

                          SHA256

                          11f89686c43efcd9378fa483bfbbea9fdce98ce56d50e834d6a4a3b042a83970

                          SHA512

                          dbcb6b197e0e06e015d0a076b366deb6eb804196c4dc90dbd50c543131384515dc00aaf974a6bd24a031cc216a9800f6acc41bd0efe564f7d50453f618176acf

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          be68c1cca6b1c32c72e75fe0a3c35044

                          SHA1

                          ea8fa6f102ac093b5ea3dd72cfed90b2a5113af8

                          SHA256

                          7c4b3f7fe315e91aa730d58be2020d83c44fa7ee009bd8e3ad76e4abd4fc529f

                          SHA512

                          bcd0957a607928f51bbc9ccfc212a2b64bce334479ad7fdf5b501a4f7b5e4d3fc9b8d71f70148d15edd850e8ef7bf5b25358970c7657e60145c75b20088bee60

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          3KB

                          MD5

                          630bed2dd1b48a80f4e39eccc9633a7f

                          SHA1

                          ab441661b4649ff20a979c807180d0937020483b

                          SHA256

                          9036ab275e70c14790bac1b130402b69e130d92cb80ca515c4d357d85bc68008

                          SHA512

                          8afa9fb4c1ff674e2d3aed04c43b7fd18016092789bd2fe6ab8ae0de2fca7dad0cf3d23c75b7c6dceeca59ff89038be9f20826c75cef83fd3dca25028bd4f637

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                          Filesize

                          192KB

                          MD5

                          a1debf7a163544ffeb7e538314399bfa

                          SHA1

                          1769cc05df51f06eef70f0d13c8bde0f062e3b73

                          SHA256

                          e3e9817d8630a3e71dfdf0be864de3024eece42e04dfadc532a6583371d7cf62

                          SHA512

                          522cf16bbe5ac44b54752382d89d68f69f0813709db00e4e72839ca7ac00a7d0b1f7272dcebdbebc9c638f06645a1647e6c33c6bc2d2110f6c7ca129cf272415

                          Download Submit