Overview

overview

3

Static

static

3

tinytask.exe

windows10-1703-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    143s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25/02/2024, 19:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tinytask.exe

  • Size

    35KB

  • MD5

    8fd3551654f0f5281ddbd7e32cb73054

  • SHA1

    9b1c9722847cd57cd11e4de80cd9e8197c3c34cd

  • SHA256

    75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12

  • SHA512

    a716f535e363fc1225b1665e1c24693e768d13699ea37bdf57effe4fea24b4b30a2181174f66c35e749b9c845b07f82eecbf282ee5972de0426f847293d46b4b

  • SSDEEP

    768:sAzGzd0LnFjuwY6QlVwvHI1pSgNEl/MYoeAW:5zGzd0wXlVwv0SgNQXoeAW

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\tinytask.exe
    "C:\Users\Admin\AppData\Local\Temp\tinytask.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    PID:4100
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5112
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4680
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.0.1124220371\731879272" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1720 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {892da328-5786-447c-b1ba-f2c538230ff2} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 1812 16e910d3758 gpu
        3⤵
          PID:4268
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.1.727900672\118399395" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60f80cb2-f42f-4de3-9730-b7126eca4d71} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 2168 16e90ffc858 socket
          3⤵
            PID:1380
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.2.1410287957\1037333187" -childID 1 -isForBrowser -prefsHandle 2812 -prefMapHandle 2888 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf333ddf-0502-4579-8d3f-24f635d93131} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 3044 16e9105ae58 tab
            3⤵
              PID:1568
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.3.1035888583\1933281056" -childID 2 -isForBrowser -prefsHandle 3436 -prefMapHandle 1260 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5331b3c4-ad20-4509-8acc-05f65521d034} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 3448 16e93ba8b58 tab
              3⤵
                PID:3876
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.4.250430409\585874572" -childID 3 -isForBrowser -prefsHandle 4160 -prefMapHandle 4156 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00a4dd04-d4e3-4856-8d24-d01d12cf0b8a} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 4172 16e96814258 tab
                3⤵
                  PID:2288
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.7.1359365476\106356358" -childID 6 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae0a4c59-c0b3-4c60-8805-9fcd4d8266cb} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5212 16e97587658 tab
                  3⤵
                    PID:1608
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.6.1028725424\1193921889" -childID 5 -isForBrowser -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1eff239-33a9-4520-a978-be21e2ba6a07} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 4784 16e97585e58 tab
                    3⤵
                      PID:1048
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.5.629190611\731497062" -childID 4 -isForBrowser -prefsHandle 4892 -prefMapHandle 4884 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {290d5aa9-f044-4e56-8a1b-8a57bc8fe4c4} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 4900 16e973d2658 tab
                      3⤵
                        PID:3692
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.8.685628815\1308177632" -childID 7 -isForBrowser -prefsHandle 5632 -prefMapHandle 5672 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb767572-f084-4e76-9ac5-417e8a629d21} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5588 16e992ead58 tab
                        3⤵
                          PID:2068
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.9.869435196\1280217037" -childID 8 -isForBrowser -prefsHandle 2704 -prefMapHandle 2712 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65584acb-53dd-4914-a946-7d177c0db78b} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 4948 16e983bde58 tab
                          3⤵
                            PID:796

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\cnkbikd0.default-release\cache2\doomed\1733
                        Filesize

                        9KB

                        MD5

                        2c2c3dd6f2fdce5d5d3282a1c4ce577b

                        SHA1

                        a990dd05e0716e345cfd854b657dd76b62220daf

                        SHA256

                        bf8251b2c44800d362548687cf4d03870352433706d4fe6d6d948c960d031709

                        SHA512

                        b350a187f823e44b1b5544157e6f08050a1a897613b3c9377fe34500aff73e84f49cfd2171bd0baebc19fd6ef2cbbda50a4f8a85fac45854302a1ad3ac41fa5e

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\cnkbikd0.default-release\cache2\entries\4EED77ABF2B13446DC47048EDC01C87DFC8AFFC2
                        Filesize

                        32KB

                        MD5

                        2935dd8761ce493be335b915e70f5ff3

                        SHA1

                        22ac14a3c0bf3eafecfc19976bdda3990f6a548f

                        SHA256

                        4db11a8c7f8201104ec6e52f29310f5ee20520395dcf9398385f0f2298a01cc7

                        SHA512

                        6c9edc51073a4c35486a7d12180953ca64028f017b3b95f1c352bfd8a4042069f21e6e2e708879937825e21f5c80b2966497d72e59ae2e7f0b4037eb12375b48

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        2KB

                        MD5

                        df7280cd3e16ef823ab07019e3e4f2d7

                        SHA1

                        b7d3bcb33bc0b8fada414b55bedc9d74c07ea459

                        SHA256

                        67d611fd7c021ab4229f14751377cd3d8c6b066d36acf0e35c098e8511484646

                        SHA512

                        07eb385099841fe9b8f0215d6ee8a53cb2a2443f629f58c91a7c4a096859b5f3b626fc95fb0c39a46fbc0cf926db284aeffe3eb7c0b2192cd399ec54df061693

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\datareporting\glean\pending_pings\3488e589-2f16-4112-8901-287397696422
                        Filesize

                        10KB

                        MD5

                        071e4e24a5b4e5009a49f905aad96728

                        SHA1

                        cf8b2ef3dd831232077a4dc13eab9a7ae85d59ce

                        SHA256

                        32334f183154caeed26da70eaabaef53b0dbd534847d5073cd83aeffc25a0e5d

                        SHA512

                        e07ecfc6dc419bf51f26be8fec0532f96b3a3751d1d2e59a74ff126a6e64e24565edc9740444edb29c266e40521feb386cf8c5999eaaa9fac5e10eae2b661102

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\datareporting\glean\pending_pings\3ca89b1d-cfbb-4fa5-8452-31c07004a1da
                        Filesize

                        746B

                        MD5

                        fb34222f891a73020170da211ade06c1

                        SHA1

                        bedfd4a306e6e9794d67110dbea98c4efb8f5ba0

                        SHA256

                        f28ec9e653ee65eb2b9111cb840a878d6713d1989740b4759279efe6a391e6e3

                        SHA512

                        dd770707e84ca59a9113b13391a56493a185ab05b78432fd883a7cf17a6aa51cb412cde84660d188c8d4490d5108305b5460495842e89a52955c8705f46c4d09

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        e92797198b7a0bee58cfb5c90a55d1db

                        SHA1

                        c212ddcb60d59da882d9763c3233326f3691d5de

                        SHA256

                        ae1cada325bb9383bdb7badbdb395f0fcf1acd8a0be0cd5eabdd6828f4281dfe

                        SHA512

                        3729d33f8a1e1811c2d011228a82b6eeef4bad449a94d943a736d973f1c3ac22de2e0d0caf9be14c20b0a33d49f6d7543294badfff9f1707c803ed451ab7159d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        fa7d0b8c6933f034d3620814b62966c8

                        SHA1

                        82f9a75e0910d571d53863bc41f8ae760124ae94

                        SHA256

                        65f2c9e782f183aa085c12d423dd64ab5fda853f21abca4a53ae51345255d872

                        SHA512

                        4dde7fa845bfa39b0776b5b5691e511326a415dfd01513d3fbd59b677e46485d2604f2169453e49a7000238bf3662325be1f634c2d934b7f4626f255da27550d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        3KB

                        MD5

                        47a6382f622b144447e224ef40dcaa12

                        SHA1

                        a60bc646387132679cae607edfabdde98b0addbe

                        SHA256

                        7477b3834438855242c49f6e76bc7bdc5c8dd788cc55f925d248d13bf8043aad

                        SHA512

                        54438a4dad539b0cb3ed2b2c56bffd46927f3f28319077e3bb52ff4c0c2e7aff8234bde98cfd0a96572f53c46d014a75dafa13eb8c9fe04bd3254a1863069d13

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        4KB

                        MD5

                        d18ebb42b9b6da556c4fbb5b2ca541a0

                        SHA1

                        cc7aea14c632b70f68c59212015b7e77c7ba6c93

                        SHA256

                        bc00f2dd4093dd29c2b359c5b945ef3da3fc7c2a1a9a6104bbe0cb6d49f03bcb

                        SHA512

                        bda075a54be7fa837012d648e7864bf34c6d0d113d80356ba51713ed79b53d4d4beb59d9d9d9a9984263a87dc6f147e732343349b50031d85066063012478844

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        8KB

                        MD5

                        6ff4d810dd09cdf1685d808f327cbe8d

                        SHA1

                        f4bd7cc3f520a0af3d2a53021c8f26e1c0e150bd

                        SHA256

                        85c76a3ff8c76b41fb3fa098e9df4bae526b1acd41d93278b426bd2fbaafb25a

                        SHA512

                        6a88d3c2f410724e544b9a407b954d0c65a28020a514017a9996b498c2c27dd182671fc6bf1b7a475c686e724b21975095193cd116b8219aa8c69bec66067006

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        8KB

                        MD5

                        94b8e69677786bf617a9856da00a4eb1

                        SHA1

                        586cea79a58924baab105d2ff69f82ae453b912b

                        SHA256

                        2821b8499ef9831400e4bd4951b17e9f257436e96c3b7f2106aa7f3c857f717d

                        SHA512

                        db739c6571d79be725a88d90cfa08026123635f4bab4b2fce7f2f21e7a4d84d395858c45ca4f8a62f96d43168e10503ccfa38f9542268e3ac76dc98a858802a2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        4KB

                        MD5

                        07fae9b2f94cb3642d449c406dac0038

                        SHA1

                        b33656986a0103be0d32551b5bb4cb422c2a7422

                        SHA256

                        1a10ae443443ad6be6829046a4545c43cb63dde2228c02826a18e0fe683de083

                        SHA512

                        6433abd2dd6ff095019db95509f3dd87fb8d162d41406b70901a1a86a29ebe1dd5bacbfb4c3812184a236249821d52c6396ce1bfc85e811912f8a37f74aae2b0

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        8KB

                        MD5

                        c4276e5b9e141222d0267e0ebe774ad5

                        SHA1

                        e148935a5a66766700ce4ea54ce7840599efa74d

                        SHA256

                        7523b4febbdd9858c321e2bec410a7647b7fef0bcee7023bc2d1eead2270ed9e

                        SHA512

                        70a2308a85af4f03266eb9ce5c5cfe2c95bf6863792838d29debea2d68a32b937966375c67d60735e8f238ac20fc15406d04bd517fc43a49742b581348547403

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cnkbikd0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        192KB

                        MD5

                        8229d9830e195e973a60fe9339c55412

                        SHA1

                        f14ba01149e4a63f97bc628bb455446fea2c112e

                        SHA256

                        a42365232414675a4ee8294a87ad7e39b40cbe5a978324f9806e41d0c872895d

                        SHA512

                        963477b5c8a0695733128fd32453c0340378fd754b95daef5dcb97a1124ae52e547554010891a3fcc5d6beeadf713cc400c9f36b7c7dfe87c3d24e65ce676f84

                        Download Submit