Overview

overview

3

Static

static

3

Ayakashi-Cracked.zip

windows7-x64

1

Ayakashi-Cracked.zip

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-01-2024 18:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ayakashi-Cracked.zip

  • Size

    146.9MB

  • MD5

    e7b37fdd45470e7afa7ae1a2ee678671

  • SHA1

    6681a30a2fe27773cd16600668f0511cf58abbb2

  • SHA256

    e586431f548ee2395fbaaa3f35564b3b7fb8395a62daad7c8478639ba7129539

  • SHA512

    8ae89cabaaceeb20965e75d0d6a40f1cd55ec60cf58dced0f4bd43a5e3cfa106972324551c90813b1d9f3b624853b830126802995dff7427a559988db549e2e9

  • SSDEEP

    3145728:j+BSrv5mbTFsPvlCpso/gB79uI0XX8zTLR/9HHzeQMeoLea57Xe9j:qUYy9YjgB79fR/V0Pbk

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Ayakashi-Cracked.zip
    1⤵
      PID:532
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3676
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:4868
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3948
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.0.601833561\1714949568" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da8c7de0-13fa-4c9d-9b96-4ee26e838ab8} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 1968 211700d3e58 gpu
            3⤵
              PID:2900
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.1.865494167\371344690" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc1f24d0-67e0-4062-88cb-a3e121f73129} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 2360 2116fdec858 socket
              3⤵
                PID:4720
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.2.1703130599\57147514" -childID 1 -isForBrowser -prefsHandle 3388 -prefMapHandle 3020 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1224 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ea85bc2-336e-4bd0-8820-3650b1ef4c1e} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 2804 21173d9cc58 tab
                3⤵
                  PID:1992
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.3.1467541993\1266750494" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1224 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91b6802b-5a1b-462b-87fd-21c775ac8788} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 3552 211736ce558 tab
                  3⤵
                    PID:1676
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.4.1397434387\1591037950" -childID 3 -isForBrowser -prefsHandle 3788 -prefMapHandle 3784 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1224 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e4c1997-82b5-4a56-9cf6-562b6b9297ee} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 3792 21174fd0158 tab
                    3⤵
                      PID:1260
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.5.1669434473\568976376" -childID 4 -isForBrowser -prefsHandle 5124 -prefMapHandle 5040 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1224 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {293dad24-7929-47e4-825a-a817108cef69} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 5168 2116336ae58 tab
                      3⤵
                        PID:1952
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.6.1746102370\1523183480" -childID 5 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1224 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76f217df-0545-417c-bae3-34d0b6d6f265} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 5312 2117522cc58 tab
                        3⤵
                          PID:4820
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.7.30021024\1765612269" -childID 6 -isForBrowser -prefsHandle 5524 -prefMapHandle 5528 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1224 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19c5914a-0e47-447b-af29-5e61b3b0ce38} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 5512 21176074158 tab
                          3⤵
                            PID:4264
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.8.1423015899\372212038" -childID 7 -isForBrowser -prefsHandle 3476 -prefMapHandle 3480 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1224 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a0ee654-5622-439a-8379-fdb5ff7ce5a5} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 2880 2117330d958 tab
                            3⤵
                              PID:5428
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3948.9.1524496283\1724801987" -childID 8 -isForBrowser -prefsHandle 5280 -prefMapHandle 5296 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1224 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01b0c1e2-4fb8-428e-9432-51396fe89258} 3948 "\\.\pipe\gecko-crash-server-pipe.3948" 5268 2117608ae58 tab
                              3⤵
                                PID:400

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\cache2\doomed\4105
                            Filesize

                            10KB

                            MD5

                            110d178b961dc964cec4c98f6dd846fd

                            SHA1

                            d7cf482ddb046f5044766c1089d9477dfea85fbd

                            SHA256

                            06b26e2a13957219871e4f2adb431cec5db0d6233276e92cb0aff39cbb192753

                            SHA512

                            0ec74020f14dac790817751e1ada4e314945ed8ece16aad2bb3d3e44671153423c75f3c24d55562ff8d6f042d538b35bd80e7dc14a5844daa6ffffee6c00de24

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\db\data.safe.bin
                            Filesize

                            2KB

                            MD5

                            2731438ad3346601b7522972c7235767

                            SHA1

                            601ed03a913d99cf126ffb6b2fed1b8ddc546f23

                            SHA256

                            3813fdf4286a4f8fc66b92821995bf9fd1e273ddd1dd322e92980b63f264c7f3

                            SHA512

                            4e31fe97cb232d6f28566e3aae1d43eb5f781f5a02b5f03b45253ce6f868b02a055b4dbde9126c2c0a1ac29665744b13d266d5d40e49c0f1dbef12a07c310fd5

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\pending_pings\30d8b1d3-095d-4366-913b-3eb25158017d
                            Filesize

                            746B

                            MD5

                            0919e7d6f9373a3544cb4edbc008a8b1

                            SHA1

                            81e2dd5a83c72d983c39933d085807a4b411e74b

                            SHA256

                            0ec86dea93bcd1745f27e342635e094d85acb4a7f91531ce78be9f1411a8a864

                            SHA512

                            c97cd716ad014ba4963a98e36760b58854a412d234efa98cd46dbdfa143853539a99b163590c32c57a9d6591a80a95a0da46ca0c96bcf526a44d54c3abd87d7f

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\pending_pings\c4260d9a-c82a-44f2-9bdc-f05d5cec8a89
                            Filesize

                            12KB

                            MD5

                            3a4473a27a7bd7d0129924f93eb50432

                            SHA1

                            4f6c10580dc899fd3a708b9d83560d091294e6bc

                            SHA256

                            77117d6e2e7b1c1f79edfa2d0875d4b78082a746a8dcec3b387f853c2566b329

                            SHA512

                            fd8a25875d64b79a0d14f0903d91baee71e58dac63633c75dff415d912c064f216ed6c2e57f232da423c0c6a57b83618563de78177797b2b205ab87c46657923

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            f7ec3bc49a35519e9ed5fb93e67b4f83

                            SHA1

                            1d3824449857966455c3229a3b1e78c52eb50eb1

                            SHA256

                            05f6751f5e9b7c1f1cfe66cc8a49ffff3bcf5219c09473188ff76112ea022a5f

                            SHA512

                            1a48afebc40906ce967f838f33cae94e37d9f18dc0e105c8e5649e28d670d9ff7dfa0c06c3bef6e37e638afbef89b6bdb4753a86746dd37931b56bced2ceb4c0

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            0941ca3b5242df8236eb7e6f3e2a2cef

                            SHA1

                            69dc95ec5da1599ac110242ae3e1cf4ba62d8e0a

                            SHA256

                            3c5184e105699fd99dc184632ca812047e211195feb4213e1f4f6eb5d8d7ec07

                            SHA512

                            ec3e967a99082c9bbba1c776239015c18060e9db75ee3695017282342a2d6a8025c6c1b233510904aebb1ca70b0823e081351e258bbb126a832f6f6c6b5591a9

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            8d6f26200b51052bef110474a2ae3466

                            SHA1

                            aec5c305ccbf7571301bda1a9c687b74644b7784

                            SHA256

                            49873ce92695f783f29bac1842566058b805505fa8823d972dead464cd0f3b53

                            SHA512

                            02aa8a6a4ae2ab4daebd6e70e54115ad33d2469a77b10c98d076705eaf890259aba0c3b12bac8273789ec1d6f1066ddc5b039037a342e2dbeb40dd6ea0c56700

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            45d48160481217be869325a3ad424d28

                            SHA1

                            fd2382a1b7856c4c77290508a58043b64cf92067

                            SHA256

                            c332048764b36636185e65ca134869e5da926a123c1e9734e5b335dee700ca43

                            SHA512

                            e369e6c8aa9b92c894e7d99965993c9abef585df68aba55976d996841d49b50e824c2ff5cb55d2149ddc0336af67ca62741c2f6868be2f9e3cb8bb2a0316c9a5

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            2ecc1d73b5e74d05adf684c522298ade

                            SHA1

                            535b013de2cdd0d29c17c8a66aa9589fe9e7a162

                            SHA256

                            591f70eef3aad7b31af84c2a4f3c64d4b565d34d82e780c8162e0f5d37c93ed1

                            SHA512

                            8dca409bdd57ed134d859dff852f08f559965a7bff99129c314fd7e49f0684ff048c19f166a28e36f31f19e1512e440fb9dd7140c85ad7df8e3d102c5039fdbd

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            473ff5cc4a55ebd8f7f538d0f26288d2

                            SHA1

                            9bac993d1ed1cb464bcf52252e601aaec8fce2aa

                            SHA256

                            55e854e9a6373497ee66032fd70902f41f83d2f463e43ac37ddaf56ea9644e65

                            SHA512

                            ecae24c6afadb01863a41a1aca1c9c5a1c5c151ebfed0ba11b3d71be816cdc4720f49e665709977196fd850474869c11e2834be52ce637c1b0e44b180bc1f2a3

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            3KB

                            MD5

                            52a0d949477f21f9e59e4c6f7800a059

                            SHA1

                            7c5c887a46431673cc38b1a39de55d5340bc8919

                            SHA256

                            70ad45814f51ee90514a1e6ba2bd84cb9ef975f2a05b04a33cec4bb4c67eb31f

                            SHA512

                            80e650d2e01e78e402fa65b228dbe1625fb068bcaecb893d137ac6edcdcb35aa9a66c2e8116165f63f6ec93296cd3210e4c92fabf3f44b228cf0c4dae5809385

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            3KB

                            MD5

                            3d464dd1678f6ac76ef3dd0e64890e49

                            SHA1

                            9a5c647b5826f6d743a597aff7646a7a0aab427a

                            SHA256

                            bd99987fead1677be27132fb1095ba003e6836ab9f2b51016a3d5d18dbd06065

                            SHA512

                            7c2785e59fa71ecbb863169373eb75d226d8930a5ce2c4f1afe180878693b6751a9b4170dbd98bbe789647cd942102e6e0e57df80dd384a69295529ba770c4b7

                            Download Submit