Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://dl.emulator-...

windows10-2004-x64

1

Analysis

  • max time kernel
    92s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-10-2023 19:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://dl.emulator-zone.com/download.php/emulators/computer/cpce/cpce190.zip

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://dl.emulator-zone.com/download.php/emulators/computer/cpce/cpce190.zip"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5112
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://dl.emulator-zone.com/download.php/emulators/computer/cpce/cpce190.zip
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4904
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.0.1793102570\1854604173" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba7e3423-a1e9-42a3-bf08-f42203420549} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 1960 1e5749ec758 gpu
        3⤵
          PID:4224
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.1.968795103\198819858" -parentBuildID 20221007134813 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {908ddd9c-1fd8-4830-9b4e-2ccff5cc4f25} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 2384 1e5748fa558 socket
          3⤵
            PID:4708
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.2.1260067204\128236802" -childID 1 -isForBrowser -prefsHandle 3264 -prefMapHandle 3260 -prefsLen 21792 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abc9196f-9847-461a-ab10-dd62a59b24f6} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 3276 1e57495cd58 tab
            3⤵
              PID:4232
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.3.1905959618\662223921" -childID 2 -isForBrowser -prefsHandle 3508 -prefMapHandle 2868 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5149913e-3d29-4106-bca4-c88f9505938d} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 3668 1e579cd2b58 tab
              3⤵
                PID:1804
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.4.40097212\800164551" -childID 3 -isForBrowser -prefsHandle 5272 -prefMapHandle 4644 -prefsLen 26792 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47bfa175-04b5-40b0-8bc0-5d2f6f656a76} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 5268 1e57c243e58 tab
                3⤵
                  PID:1444
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.5.954473092\2066330047" -childID 4 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 26792 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c20d73cc-ebd2-402f-ba76-0425e8175dd5} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 5404 1e57c246b58 tab
                  3⤵
                    PID:3280
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.6.794845613\1785276258" -childID 5 -isForBrowser -prefsHandle 5636 -prefMapHandle 5404 -prefsLen 26792 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e78d7576-51c7-43bd-80c3-e7b8d0916f1d} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 5508 1e57c246e58 tab
                    3⤵
                      PID:4876
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.7.641794447\487407508" -childID 6 -isForBrowser -prefsHandle 4468 -prefMapHandle 4464 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6f865ac-aa48-4786-a3c9-2c0a7f3ebb49} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 3800 1e57645ed58 tab
                      3⤵
                        PID:1316
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.8.944641802\1890312205" -childID 7 -isForBrowser -prefsHandle 6184 -prefMapHandle 6176 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8746b2fe-5a3a-4b8d-8b15-c2b46408168e} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 6192 1e579a3ee58 tab
                        3⤵
                          PID:1800
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.10.487444050\783950250" -childID 9 -isForBrowser -prefsHandle 6580 -prefMapHandle 6584 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec4b7028-4e91-4bb7-b71b-55911b76d602} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 6572 1e57c770f58 tab
                          3⤵
                            PID:5484
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.9.1925380166\1935515221" -childID 8 -isForBrowser -prefsHandle 6436 -prefMapHandle 6464 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1204 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbc1332a-3337-4974-b2ed-adb821831706} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 6456 1e57c76fd58 tab
                            3⤵
                              PID:5476
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.11.337995823\1482088259" -parentBuildID 20221007134813 -prefsHandle 6688 -prefMapHandle 6580 -prefsLen 27136 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebd4f3ad-8723-4eff-8f74-ec4607778393} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 6584 1e57d2b5058 rdd
                              3⤵
                                PID:5988
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4904.12.1675708816\2050428382" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6764 -prefMapHandle 6776 -prefsLen 27136 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf0bc697-3968-4367-8c29-a24a85c7d946} 4904 "\\.\pipe\gecko-crash-server-pipe.4904" 6868 1e57d2b4d58 utility
                                3⤵
                                  PID:6036
                            • C:\Windows\System32\rundll32.exe
                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                              1⤵
                                PID:392
                              • C:\Windows\system32\OpenWith.exe
                                C:\Windows\system32\OpenWith.exe -Embedding
                                1⤵
                                • Modifies registry class
                                • Suspicious use of SetWindowsHookEx
                                PID:4956

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\activity-stream.discovery_stream.json.tmp
                                Filesize

                                21KB

                                MD5

                                93344cba1e05b6498e81aeb62bbb8c9b

                                SHA1

                                65c6391172bd886e37cf17b57fb524744b6b46fb

                                SHA256

                                df7c3b9e239841f058984646f4bebe32a62ed94fee2695c762168690c22faae3

                                SHA512

                                9fe3ee0d67d86aa4365a0410a84a6a55185303b3c5004e0f7984b3bf6e9acd1b6c285950f63bff9827ea2a4f2f3e96a7c28ee96e9f1f128b66eb551f1a9976af

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\prefs-1.js
                                Filesize

                                7KB

                                MD5

                                e550402e902523aaf75ab2e0a0f124cd

                                SHA1

                                19f0ad6af8b9ee4399659149b09dfc331be65159

                                SHA256

                                b3d98955449a3469e20f049f8e0d7e98e8d7c030b5b856296a036aa09f8edc4b

                                SHA512

                                92ab44faea611fb1e722784a59d41d7eec4b16bf544c2774fb5f8d5f3fadb35a2d0d3b4454d92662dadcda185183d022ddded44cd2e189dbee55d992c25536d1

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\prefs-1.js
                                Filesize

                                6KB

                                MD5

                                57380051a20195dacfb230b4e84bb132

                                SHA1

                                c3fc2b68c0b38f0ad6a0120e44b649f9bf2fc886

                                SHA256

                                0eac55ccb50d5c628429bbb1a24207a641af7eb34fb33aac26ba16b59c62c285

                                SHA512

                                3c459ea4fd843b233c04927718d8a33609a247c3d977a8b4ed1b8e1046714ff497cdc1b345e67aa8adc714f537aa06200e864284613a17cbffc77b69d49ca237

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\sessionstore-backups\recovery.jsonlz4
                                Filesize

                                4KB

                                MD5

                                e768da13b7f87cf5a88090f104203af2

                                SHA1

                                0ce0441a04bad7f85af6c00d2b80d80a911737db

                                SHA256

                                9c033126b868453c8c42ff6d0702282f9c9784c272e2aeb1935bc5ca46dc30d7

                                SHA512

                                4bbcec0fbcc71a640383ec13ec4b635f177af1b70e6d0c3ed733da338d855e8ff2ba99491e499877e9c560f6aa23b1fb2438331da44b95c533178a03565e1ccb

                                Download Submit

                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\sessionstore-backups\recovery.jsonlz4
                                Filesize

                                988B

                                MD5

                                f693f907a93793a1f896f5bfa2855df0

                                SHA1

                                948f88aa8c6d09ee07fb8de84928d49557aeb984

                                SHA256

                                23d37c1e03f3c4a332b93ea4dce852827e11a8d69b310897386412b0c009354e

                                SHA512

                                66d8e9a819440b0e5156bd7cdf758b8d424f45ce60da2c6b9a81f7990f2dc7876ee6b4845125b041787eca3f13a02c0c8871bfc879b9965b68b14a4babd685a2

                                Download Submit

                              • C:\Users\Admin\Downloads\cpce190.3g-5x5Yd.zip.part
                                Filesize

                                275KB

                                MD5

                                0b9892ba99c924dd70304a8d0cee6dba

                                SHA1

                                abe2ae0b2c303f87d4f2161f778be8348b47640f

                                SHA256

                                90b21400dca9257974f74fc7dbd1ddbb0e3810753371e5de8924f91d7c51912c

                                SHA512

                                257922889d9b909c1eb9f166235499cb0c710c0927d3c3de82097a5fb35369870a660a226a5df62106c9810cf07c01481e391773a5a6fd162b845ed5065a08ad

                                Download Submit