Overview

overview

3

Static

static

1

Galaxy-Swa...in.zip

windows7-x64

1

Galaxy-Swa...in.zip

windows10-2004-x64

1

Galaxy-Swa...ata.cs

windows7-x64

3

Galaxy-Swa...ata.cs

windows10-2004-x64

3

Galaxy-Swa...ata.cs

windows7-x64

3

Galaxy-Swa...ata.cs

windows10-2004-x64

3

Galaxy-Swa...ata.cs

windows7-x64

3

Galaxy-Swa...ata.cs

windows10-2004-x64

3

Galaxy-Swa...ata.cs

windows7-x64

3

Galaxy-Swa...ata.cs

windows10-2004-x64

3

Galaxy-Swa...ial.cs

windows7-x64

3

Galaxy-Swa...ial.cs

windows10-2004-x64

3

Galaxy-Swa...ata.cs

windows7-x64

3

Galaxy-Swa...ata.cs

windows10-2004-x64

3

Galaxy-Swa...ial.cs

windows7-x64

3

Galaxy-Swa...ial.cs

windows10-2004-x64

3

Galaxy-Swa...ata.cs

windows7-x64

3

Galaxy-Swa...ata.cs

windows10-2004-x64

3

Galaxy-Swa...ter.cs

windows7-x64

3

Galaxy-Swa...ter.cs

windows10-2004-x64

3

Galaxy-Swa...w.xaml

windows7-x64

1

Galaxy-Swa...w.xaml

windows10-2004-x64

1

Galaxy-Swa...w.xaml

windows7-x64

1

Galaxy-Swa...w.xaml

windows10-2004-x64

1

Galaxy-Swa...w.xaml

windows7-x64

1

Galaxy-Swa...w.xaml

windows10-2004-x64

1

Galaxy-Swa...aml.cs

windows7-x64

3

Galaxy-Swa...aml.cs

windows10-2004-x64

3

Galaxy-Swa...w.xaml

windows7-x64

1

Galaxy-Swa...w.xaml

windows10-2004-x64

1

Galaxy-Swa...w.xaml

windows7-x64

1

Galaxy-Swa...w.xaml

windows10-2004-x64

1

Resubmissions

20-02-2024 10:01

240220-l2lm6sfc97 3

Analysis

  • max time kernel
    113s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-02-2024 10:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Galaxy-Swapper-v2-main.zip

  • Size

    2.2MB

  • MD5

    2e6edc0dd1d2f0be362e9fd9ee37c2a5

  • SHA1

    bae9a5974e3d8a47bd933c73379a0d8aad733612

  • SHA256

    d14eeeabb9176e326c2b738a5dcf91c88b05e407230a0d4c4f960cd5ecf08c32

  • SHA512

    dcc515ce7da762666b0c8158d3b02cf21ec5a58b62b6f5166e8e01a5f552f6a4d0b304ab5a58c341b4e2a530b06c3a6d33ef7c270546cee98917abd775a1d047

  • SSDEEP

    49152:L4Nd8cP8vBUHi6z7h2IcDA9iUvHD2Vx0MHdiDFRdaXA5Icz2J2vBuQIOR:L4fdkJUHXhfoUOxVHdiDDdaX5cz22/IE

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Galaxy-Swapper-v2-main.zip
    1⤵
      PID:1180
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1220
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4072
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4072.0.1808627069\1603684434" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0507db75-a612-442e-b8d1-595d54e57430} 4072 "\\.\pipe\gecko-crash-server-pipe.4072" 1980 288ba7dd358 gpu
          3⤵
            PID:3304
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4072.1.971391586\1759965945" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcfb217f-55cf-4253-b85b-b99a68ec13c8} 4072 "\\.\pipe\gecko-crash-server-pipe.4072" 2384 288ba2f1b58 socket
            3⤵
            • Checks processor information in registry
            PID:2108
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4072.2.1011002607\1556754128" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 2992 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fa0dcfa-7950-4e4b-9700-03572c691908} 4072 "\\.\pipe\gecko-crash-server-pipe.4072" 3104 288be504858 tab
            3⤵
              PID:2212
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4072.3.1270462192\1189876903" -childID 2 -isForBrowser -prefsHandle 3004 -prefMapHandle 3440 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {383944fc-14fb-4689-9cec-0c846a905f8b} 4072 "\\.\pipe\gecko-crash-server-pipe.4072" 3448 288bccbbb58 tab
              3⤵
                PID:3984
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4072.4.1134556532\340817071" -childID 3 -isForBrowser -prefsHandle 4280 -prefMapHandle 4264 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14e321d6-1f5c-45c2-a902-55c29159ea60} 4072 "\\.\pipe\gecko-crash-server-pipe.4072" 4296 288bf7dfe58 tab
                3⤵
                  PID:3240
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4072.7.657058460\1498317454" -childID 6 -isForBrowser -prefsHandle 5364 -prefMapHandle 5368 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f07aea9d-9630-40e5-82bc-0eb18434d2d8} 4072 "\\.\pipe\gecko-crash-server-pipe.4072" 5356 288c08fde58 tab
                  3⤵
                    PID:2532
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4072.6.92923999\1448175333" -childID 5 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d39a376-a8a8-48de-957f-389517f5fe77} 4072 "\\.\pipe\gecko-crash-server-pipe.4072" 5168 288c056bc58 tab
                    3⤵
                      PID:1804
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4072.5.895102239\1595583157" -childID 4 -isForBrowser -prefsHandle 5088 -prefMapHandle 5060 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {254416c6-3c0c-4446-8e2d-3d3854e47d09} 4072 "\\.\pipe\gecko-crash-server-pipe.4072" 5020 288adb2d258 tab
                      3⤵
                        PID:1180
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4072.8.321180046\2143970802" -childID 7 -isForBrowser -prefsHandle 1640 -prefMapHandle 3780 -prefsLen 26469 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45ffa303-940d-4a44-add8-7ed0c33b6886} 4072 "\\.\pipe\gecko-crash-server-pipe.4072" 4856 288bcd0bb58 tab
                        3⤵
                          PID:4636

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      9KB

                      MD5

                      ac433b581ada61ec683deba4cf76b451

                      SHA1

                      b45bd30529c2f621f8a555abe84bbcf9264d710f

                      SHA256

                      56c3b9d9e0d8a43dbb3fb9b08ffb447829169b64599e322df81bfc18d025dabd

                      SHA512

                      ec6220d1a36e5c7e9f2b3fdd5852f343c77589728242d7b4fb55300aef383cb67d3955f75e8ecf98ab91bffed6c973a95ddbae0506e52317ce43f1caea24f789

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\datareporting\glean\pending_pings\1c060dcf-a9ac-422a-bf16-004a72429c7e
                      Filesize

                      734B

                      MD5

                      169708da0427a571d25a3b218d93de47

                      SHA1

                      1bc75118d58c4e80286dda6c3fc6fab01e5e4a5b

                      SHA256

                      9083d4868e6d30176adcbceb04571df717927c3b2f576b71bb3695d068d414ab

                      SHA512

                      7bad0b51d9b8a81b5d738132f5a02793521d65d45c22392d71caa7b742ddc711966a06be98b44b752693cd7e85d39f50b320c03706e547f4aabe39ed9b8982bb

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      6a69a31169b0376ac7e50bd0a92cf055

                      SHA1

                      b899cd1c4ba19e94bc8db3a499b0ed955a98249b

                      SHA256

                      7fe98dcdab47f83ea45f54fca276cca43672a941e910eacc0864ad3cf3a1b96c

                      SHA512

                      c4a31da7107a119cdfcb90c14f617ad8e1cb7daadb81715b6ec831cd17b5397a407cc95ca6d6263730d58710abc86b21da7bb160ca0d0088e1a40c8a31a5f714

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      02e98f5e2cc51e0d0831ff23ff6a742a

                      SHA1

                      7a3c50c5017c55eacc3ba2274bd10e878f691db9

                      SHA256

                      508aa2c613e1678e2c4e1d5ecfe18b2ee3ee5f9df334eb11802d5125e4221169

                      SHA512

                      a7f368597f6cbda125f32df77198aabb1b8037398ed5daa7557c2b3c48fce581b87b331d251e5e67527844d6f9b39173df1228bf373471a8739139af45f4387a

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      35044f5be9525769b8754aa4ef342e41

                      SHA1

                      664b04d7c732bca90202bdf659597cae033083b6

                      SHA256

                      15ac31b99df32edca3b559a7812c7cfb223f701e7ba5500475e520630caaf7c2

                      SHA512

                      aef724f4ddf85e5714ac985c1d0e7cda6394775dadea1e4b9332d90f73ce530f680162953af7b426f086060d0be893ac59d502254743ea63c379525d9d7d9606

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      42b02842936908b0915703e67a4099af

                      SHA1

                      d27a24013ef7c4073d5fc9d54500c5b16bf71c84

                      SHA256

                      0ddbb141bf0b02cc1e452a507a596e3aaff5049335b46be7e0cb942885093259

                      SHA512

                      755479e869dd1c4706dcc08f18cca67edf7131c71477b1b4e59962156f2085677c815aa9bb53cb2a9709d64bf84d6501318f4076e867855da48cd244e35af197

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      4KB

                      MD5

                      8fe59e605b37fbf8c6612af621f1ce61

                      SHA1

                      03f8b507758111c6efb9f196f685bbe3a30719de

                      SHA256

                      0eb8a845450feb97af81b2f31054fff7314d67a93dbddffcc7041144e6aabe55

                      SHA512

                      27dea39ff1f4e399ee0f462b9cc17db3e7070dcfd4e075f6957d674a48e4a0b7c32e034530019f8a0c4613b3bb742c2255940d05cd57fee7b3d9447bc4adb5f9

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      3KB

                      MD5

                      65e5affebe2e982e50a6b99619345990

                      SHA1

                      952f7e544be16f3ecffba886f4e405aa8e8342c4

                      SHA256

                      e0dca8288fa82dcd8c3638c6d2af3d151c6cbc054b332cb5ea057e789f8e0ba8

                      SHA512

                      a73578346e307cc9e3e2c0a728cb11e0fb24656ed8f3e00b6ea8b6347ab4e6d8178ba33353cc2bd2d63ec2a07b80eeac9194b22a4e81fd9993240e5c1877639a

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      4KB

                      MD5

                      9a548d38391265ef0ce1f01db730b678

                      SHA1

                      b5b6414c8e2a2448f00fcc3211185b0923ba9bcd

                      SHA256

                      b4e83b8fcb39318bde311f215d47f6b355ba13a85bc934da37e5c5d611738386

                      SHA512

                      fdb04ddeca03bec10e93b0ccb41c00e85d30bfe6dd742dfef5105959d190d346586391fc0e69f4c73ca4774f42c39253563f504c63f2a6cf26a96b7164398632

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6ki9g2jr.default-release\sessionstore.jsonlz4
                      Filesize

                      4KB

                      MD5

                      01a8cc253c0bfea69073cc21a29e8595

                      SHA1

                      2d40fe5ec2c2f4c5f533c542f8a4c41da4b09641

                      SHA256

                      f71f7754983866fc6c2a98b42c734b86dcd40a04fd837c9ccbf3f99f37bc8a7e

                      SHA512

                      9c253ede9a62dbbc61f64962943842a3fa1152dd3174aea7ac7c0c310682fdeca7d8e820be57e9ef725fa0f3884ca3c1ea75cf543890dd282d65ca257414e0ac

                      Download Submit