Overview

overview

3

Static

static

3

cmd.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    941s
  • max time network
    943s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-02-2024 20:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cmd.exe

  • Size

    283KB

  • MD5

    8a2122e8162dbef04694b9c3e0b6cdee

  • SHA1

    f1efb0fddc156e4c61c5f78a54700e4e7984d55d

  • SHA256

    b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450

  • SHA512

    99e784141193275d4364ba1b8762b07cc150ca3cb7e9aa1d4386ba1fa87e073d0500e61572f8d1b071f2faa2a51bb123e12d9d07054b59a1a2fd768ad9f24397

  • SSDEEP

    6144:k4WA1B9BxDfQWKORSqY4zOcmpdlc3gJdmtolSm:H1BhkWvSqY4zvmjOwJIT

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\cmd.exe
    "C:\Users\Admin\AppData\Local\Temp\cmd.exe"
    1⤵
      PID:3728
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4904
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4204
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.0.1524391654\1228066064" -parentBuildID 20221007134813 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11a212e2-6709-4cd1-bd6e-d0ae7063b4ad} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 1996 1a6237cc058 gpu
          3⤵
            PID:1680
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.1.1876789274\1094459497" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4edab71e-e712-4b3c-93b5-a03d4271732e} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 2396 1a6234fae58 socket
            3⤵
            • Checks processor information in registry
            PID:1220
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.2.292278278\416379682" -childID 1 -isForBrowser -prefsHandle 3172 -prefMapHandle 2980 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e60f2883-fe32-48d4-8e4e-c281828c112b} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 3016 1a6276a0f58 tab
            3⤵
              PID:4896
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.3.192621541\433496026" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3384 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02b8f75c-62b9-4ee5-904d-238115f3e412} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 3604 1a625fa5e58 tab
              3⤵
                PID:4432
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.4.583454207\1909647603" -childID 3 -isForBrowser -prefsHandle 2788 -prefMapHandle 2784 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a3b209-953d-4da7-bd70-5550df7b93bb} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 4556 1a629575758 tab
                3⤵
                  PID:4416
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.5.1105222648\379588641" -childID 4 -isForBrowser -prefsHandle 5040 -prefMapHandle 4976 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc26f148-3f8b-4739-aac5-c6d7d675d4cb} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 5016 1a60fa60a58 tab
                  3⤵
                    PID:1700
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.6.520524584\25562987" -childID 5 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0426d3db-ecb2-438c-afbf-49fda86d9a07} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 5172 1a629a90458 tab
                    3⤵
                      PID:3420
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.7.431850666\2065976153" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5387a838-06d7-4e08-b224-da32b15cfd5d} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 5360 1a629a92b58 tab
                      3⤵
                        PID:4260
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.8.679021127\937261975" -childID 7 -isForBrowser -prefsHandle 5436 -prefMapHandle 6016 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc8eb9c5-f961-492d-a825-618e235b8186} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 5428 1a62b963858 tab
                        3⤵
                          PID:4280

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      9KB

                      MD5

                      b091c3e1ea0e266abc1b52be33dbe618

                      SHA1

                      736bd35f8821abc11f7c40fb04b728cec3e4bd81

                      SHA256

                      ec35f5b0b89d36e1a7526446ee691443602f9351545cb4ca25c3b3d3ab9eb9e2

                      SHA512

                      602fcc62932f8c48e3e9fe891f9f2ec12d32e732564f33ffc3945fd9f025111f8b6d46dde193506a1f22790c494d6d82c22c884ad11f247a608ff6c010ad6cd6

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\datareporting\glean\pending_pings\81fdf185-daba-423b-8d45-7a4473035ea7
                      Filesize

                      734B

                      MD5

                      7bca08c4c53794f8f2b42c77ec7c0555

                      SHA1

                      d841dffa045ae0b2ce7eee7fb2384385d3fe8ac4

                      SHA256

                      a4b95e7c08987d20d960cb816019638fef7a0262bea6a694a7385bdfb23627bb

                      SHA512

                      152f59a7268d67a82f1a660d34541e92a326fbc7599d0dc7df7cb55381f73ee89fad8f1c5d229ba85eda37529d357376f259762df42dd1a194390a0f81382591

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      46fc254336b74e7020a150b118cbeeb2

                      SHA1

                      0040e05f02698dcd2047fab0ab0772fa2cd07cbf

                      SHA256

                      2c48f812dfb3cf2d7f9adbfb344a970232adaf285c5a54106ac8cdd8d7fd9a04

                      SHA512

                      06127252315420c75e0921ac1b6140086f5cfcd2aead89c0a1c538be2da16831e6d182e62599c4c3d24286330d63bcca14ad5612f8363b3226f8eca301f997a3

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      dc7a6f4282ea4aafc74d4f8e1161d2e2

                      SHA1

                      807ffc34d330c008391a5dc0567807927a6a8636

                      SHA256

                      5beec6e1777474849be2ff5c26a260742b66f0ef68674f75e64759db1fae2c31

                      SHA512

                      1da4a0243aad7c5af3a5bf2b2f2e7070588e4248ee667197741b1f85e3e2a22c980f627cae990aa6985a9b4f696df0cd9d52e778987c70e6ed35a337c48edca4

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      834efc3abf5a70312e8773b6d538cc23

                      SHA1

                      1fe8d983c9c7b0ce1802eacf6c3be0cd0f3b2210

                      SHA256

                      13505a8ef87efc3fbe8aefcc6ea4cf9c0c2beb4e34e57f19e7bf4ed1bac5fb43

                      SHA512

                      d440853a81b1c4f6e83495411a41f6e26129f28686016a1237a7b3511658b49bad19b747ae228cecd7875435cec36fcbfdd264f09f0345f4549c765783b02324

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      3KB

                      MD5

                      602bdd8f2ad235e964ab5dd7e88c81f8

                      SHA1

                      e1efe8abdd09fe1c9f0c426a52030e73f5eabe3d

                      SHA256

                      988581e1aee44f4bcff83692fc5b00cd4d9ae128c3305057a14ba71766416176

                      SHA512

                      138040162aeaa3e0aa357ab71876e4f118a8f7384d258527dff12e8d3881280664d789e0c71d9584972deca19cf06c8ba734d78d494ed7c2a612b0f7b4d62919

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      3KB

                      MD5

                      3f8c34b3608ec581ac64f8f3163ed0a3

                      SHA1

                      de557139674b9f511ab3955ce7e90d261f2162c9

                      SHA256

                      b9b185df93a9f71e121820c46e13239cef86c389afd3719345884c35f80e91d1

                      SHA512

                      2c4dde12e5f32826a900ef607de2e8c3b605d2d58873ed3fe1d3133c0b71ab713a14c30b662c0b2e370ca6a886ad5a4dcbe2031a2786e315db36b1d79a996268

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      3KB

                      MD5

                      9aaa4f6928e63da8eebb1f718664850d

                      SHA1

                      de247db4824338bffd04246c3434dbf3dd2041ee

                      SHA256

                      6ba196ce3ba8efbc6ea6a8f0d4669e8f60e716c50c2e21b725dcef19e7a795b3

                      SHA512

                      3b80a675fe7c3c4a7d76f8d448639ddf185eb737f67491415bddcebf971973da7dbf56b288067b37401d272dab500278665edefa48966f36c5d0a9e9ba8b0ca4

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qapp529h.default-release\sessionstore.jsonlz4
                      Filesize

                      3KB

                      MD5

                      8033e9b6fbe81c384c2891c82db05d83

                      SHA1

                      d99c3fcc6606f6891d0b7b7fae706ab66ebca278

                      SHA256

                      fe82a13206567686a9526b9bb917ca45fe16ff6f35634e9dcfc838f4de91cc02

                      SHA512

                      38237cf52eb6664a5519a2fe528ae03a91725e4bd2dfdb3113498f548390d3707f381218da38ae8ea47eeb6798515833ba64b65dd96175e71f3dd71c03093938

                      Download Submit