Analysis
-
max time kernel
1795s -
max time network
1804s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
27/02/2024, 16:36
General
-
Target
VineMEMZ
-
Size
166KB
-
MD5
9a4a5ae9a38b79b9efebb1ca1ce2731d
-
SHA1
e4c576d1834d78911b91851662a24e990d3d0132
-
SHA256
9ef0aea5ee3a93f458010a4f6909426ff25006c714d5ec86d136842971957e9f
-
SHA512
00564f85a8410fc33aebef587343aa5bdee672d4ed6fc511097a81b59263aeb27a59bd73a57dc511275d536dfcfbcbcb10def16bf2ffbc00a632bfb7fb83a45f
-
SSDEEP
3072:sifpYYmMByrcY5mHZBOjS+rkaSfgIsq1nZEjc0Xz9TDuqJ3+fH2RVSgE29xxspmZ:ADuqJOfWRVSgE29xxspm0n1vuz3b9XvX
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\VineMEMZ1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3908 --field-trial-handle=3084,i,11997299123381683778,5904351605020331957,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4476.0.282634446\951432012" -parentBuildID 20221007134813 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1d8f503-afd3-4150-b0a5-adb238106199} 4476 "\\.\pipe\gecko-crash-server-pipe.4476" 2012 23b18cdcc58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4476.1.1512380933\447701088" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2388 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7020721b-624c-4c82-b560-9b26359ee35e} 4476 "\\.\pipe\gecko-crash-server-pipe.4476" 2412 23b18bfa558 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4476.2.474526147\1090758436" -childID 1 -isForBrowser -prefsHandle 3048 -prefMapHandle 2940 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fa62656-79c8-4c7d-bd74-0a05e1d964ae} 4476 "\\.\pipe\gecko-crash-server-pipe.4476" 1672 23b1cea4c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4476.3.679162741\1688468382" -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 3596 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cd9a0d4-196c-4415-a88e-a350c1cb081a} 4476 "\\.\pipe\gecko-crash-server-pipe.4476" 3612 23b1c21b358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4476.4.1766894256\1748239170" -childID 3 -isForBrowser -prefsHandle 3760 -prefMapHandle 3748 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce19725d-ba66-425d-b9e9-4d030590b997} 4476 "\\.\pipe\gecko-crash-server-pipe.4476" 3772 23b18bfcf58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4476.6.1964751573\87215213" -childID 5 -isForBrowser -prefsHandle 5296 -prefMapHandle 5292 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56cdae40-bfc8-41c5-bb00-fe7cf9dd3fb4} 4476 "\\.\pipe\gecko-crash-server-pipe.4476" 5216 23b1f01e058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4476.7.1956474354\1092930242" -childID 6 -isForBrowser -prefsHandle 5404 -prefMapHandle 5408 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d21caca-ab07-4cef-8644-0ad4cb9521de} 4476 "\\.\pipe\gecko-crash-server-pipe.4476" 5480 23b1f01e358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4476.5.1295503545\329106912" -childID 4 -isForBrowser -prefsHandle 5052 -prefMapHandle 5004 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a91c6b6-bb17-4366-9382-202d6cc49e9d} 4476 "\\.\pipe\gecko-crash-server-pipe.4476" 5064 23b18cdd258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4476.8.2089037770\1642522359" -childID 7 -isForBrowser -prefsHandle 3876 -prefMapHandle 3812 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3c0ac15-76e9-4a5b-8b6b-642d166a58c8} 4476 "\\.\pipe\gecko-crash-server-pipe.4476" 3864 23b1ce09558 tab3⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3856 --field-trial-handle=3084,i,11997299123381683778,5904351605020331957,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5ce68050102f59cde05a6b5e096f118e9
SHA18a105d4ade73505b84a52594541dc6ec2a7d29a2
SHA25632c217f1f5194a36b794f0997f224603ab06b2074a60d4154c756c481379fbcc
SHA512fca0d0431593c145b2b33be0ebbe2e70ff00eb18e96c42a989ecea3aefd21b50906687300102a5a3bcebe39e0adf6cefc3c4a00bfaf1fb5fc30e9b86a18fd71a
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
4.3MB
MD5563c687dd134b55071bd40c0c6730b48
SHA1657fd31ab07515f678b1463674778b6bd9d61445
SHA2568d519320e5d4032b54defcc653f8ce893b53177d1b946d42711b38e86df99ef1
SHA5120980ecee351059febf6603af7bea40a80e8dd1151d76930d27fff9efafd6da9dae5ad3eb4899de7728ee5a1c859fe4f7683c1e3335a81b89de4339297b91edff
-
Filesize
7KB
MD554ff6f91049cd4260fa6c447335952df
SHA18532758313d1b70812f39bca10bc6f025e3d91f5
SHA256684ce36837a8e8730ac47481b6b3843f8d5036252e858f42511884457a73b0b9
SHA512489f150dd1f3f6aff9fa0de36bf51c1f713fcb75e575d2e674b3a31bc6dcd959319b3c28ce17270c8d5f7871eb00d181d78028daa559a8e5c76e203d5c96ff29
-
Filesize
5KB
MD527ed9ab541aa4921660060b5e5384faa
SHA1ff03f21f45175320f19b6e215488f73e5d607516
SHA256776da41c3e4eacb4164dc7373ef05c0b83cf51b163cdb41cca353b1eeb592be2
SHA5125e45b7fa3903198df2516885a4910d1c5af42c3fcd1c678f1ee87dbf036b3d6b4abab570b6ee5c4fed37d797088345acc25c93bfa0d7b5cc2ab46827d42e1713
-
Filesize
952B
MD53fd2bbed04cf90d7d9119ee273e2f9f8
SHA108e8a10ab1ca13e0cffaeed7e20dd5ed8d9ec915
SHA2560436d371f2a5372585dfe705739ca5e27c1b71505c97156927c516729102b972
SHA5124b394a66dcfa18e65241a2b075b1f26cad902c30d23f4f289be68876ff113a3b77045e0488703ea5be8e2c2bcdd2a7f5cddb145c9b028edc0e9e84a8534489bc
-
Filesize
204B
MD572c95709e1a3b27919e13d28bbe8e8a2
SHA100892decbee63d627057730bfc0c6a4f13099ee4
SHA2569cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182
-
Filesize
2KB
MD52b42ceddecce0bc1f8e9fa1dc8a3d2ca
SHA10b16e28ed9290e0a583fc4986c9905c3e5702a27
SHA25653b574bd91114e8a94e03e44691b3c3cd9443f2b7422e83364475864feb39443
SHA51210becf38feac6ba13676d23cea86962c83c80ffbdf38d0a980a3ebcb5262848f4564c6a13357afb5af3812154a0d44d16f130a62109bdf3c338742ad503ab3b1
-
Filesize
11KB
MD54fe2700d1df2f9a7b33301b5bedf173b
SHA16ff124805ccccb64001093b38a239c85476a4e94
SHA2561d809056b2af27dcdb5f05c8c2cbd4b0ef948b69550fa1c7424b50a9d3586596
SHA512ce5a685b7d01a5efc69fc54560b1ea52bbecb220d1b45d1eb0b8786e7b2590849c103e009f09edcc88dd58e2c36f7cc66322cafa4129b42cd27e133dd087492e
-
Filesize
746B
MD558143d5d8554d55ef6abe3437b218a08
SHA1e9f91e9df1431ddf79ed6e23ed0d727228f3ef9e
SHA256c5c9ce1db64c00915b7f319d36b804d363d95527ea2578c0b31a1eac3926e570
SHA5122fbb5775fbe2a00c61ac245e4b83c979db53eef81ec7f0bf4fd509456d73ca3e9b7cb46d9e70574ed859a6989ed2ef8ea7de123ed7f99db63321024b89a0296e
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
2.4MB
MD508453fdd850f1061d5a034baf5635a9e
SHA16d282659865236baad7df331554702fbcc3f0696
SHA256eed9a1cbf4689d7849f2e0a410036e16ff7d3b7d9abc5a3733d7246218db6513
SHA512cdaa0598a919b3d3dcb911abbade988affd46d575d0db7ba93b213ae78d097bfcfa7640bea7c2a9721de2ff2f56a52b294fb16decc81f7b25c55fbe8b2a9704d
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD5ca68409e038a8329277bf0a85caa2f83
SHA1799063186211277bd685814b767797d51b04a183
SHA256ea59373de50f8dc4d4997969abe2e4ac337002e1cd8861c14b43a656d18e1106
SHA5124f6783a26e57ec7b336a20327ed9f52468313d7e01648f91d77206c81a454d1ab2139e03f11d4c6dac2ff152659b597f45201a46595d0f9a99d60847d51ac1ea
-
Filesize
6KB
MD535b21666f86683f4998a93f60ca387c0
SHA126cf41ce6817573098f49b0354905d01184d5b71
SHA256a0c1f9d6052c4dcaec9dd7727fd690d958c76085bd18f804b42393a2eb185927
SHA51298c91735b3f7b3404a0b846ca71d5de6185805ff5f4b7ae5eb7cedd91bf12217a2d3e8174fa1a7a3bba8704250f695059eb0f5a2917a03693127365b1fc63c8a
-
Filesize
6KB
MD524a31dcefce51fc5e68ae8182a4a8fcc
SHA15010687ba310eb8ce43ef81d3df7fe567c8fd501
SHA2561549b5e285d96e6f52b95a1d234cd946c44ea2891a00237396a198c043e692ae
SHA51283f6563052a275cd71170daf37159feeb1e55b5c5a89fc30335be9144246a378fc44d2604a479a8927c460f2f37f379b377222555ced25589713b32bd8e2f64e
-
Filesize
7KB
MD5b633ba35e24b682f0afdfa9cf7489b60
SHA173407d4f2b6fa2b5ecc1fa37ce2f12b31ca6892d
SHA256abfb0d5cbd039bfe2e3416e2c8cd30d6ce5ff38168184371efffc9ab1e58d401
SHA512cfecfb95a458a1fe2680671964c504c273e65106a988964050c63d014d9c65e0af73a637c2135b257e0be6dbefa0be5d641d1decc36c15d5b79263eb915f30c2
-
Filesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
Filesize
3KB
MD53d0b0c6672c56113d759b4b01d611aaa
SHA1aa419c00149ab4fa66b643258d1092084bc66169
SHA2561fa76f1afb0f947a866bd5b3176911aa3dc1de5365d5ad79a0e8a0c29af40ded
SHA512bcc0e3e45449ce630df0ca759f6ea2dd3a52633f43ba3e3ee9170fd663372ade362a6b9180404c8056cb31f419649e932ed362ed2400f5e703c1852b9f42a811
-
Filesize
4KB
MD58c360ef0a49eb457d527ea4cb204b117
SHA1d46a00d1dd6b611f0c6032e39973ec9693c6ed98
SHA256bf1759d59507415ccc09a3cbe71dc34135aff27c43402cbf51e18d188bd0941e
SHA51205a417b6000f813b88718516852127d477b304c8bf20ce0696afcf0d5b8546a58962d3a3a626661e9717e9cf007a685e5fa4b27a9dc07223457ec501210ffb1e
-
Filesize
4KB
MD54afe2a58edfd038e03d6c3258dc3b38a
SHA13267542326cf69a0457ecec4b099856193b282e2
SHA25664b5161706794caeeabfc773d37e2f0a71b52c6f3898caee816b924dbd789fac
SHA512fb7e40ca7045c093b906fc3a953ed6e9369f362173c9b5006554f18d1b9db57f5fd5eb6b80c7a4ea08f5742d01ba91427451e6863dbfcf19b42a31f6950b134d
-
Filesize
4KB
MD580e21d56bc6ce530f63a3c333d84b840
SHA1b4a43303ea1b5f2092883cbc7669cac52421fab8
SHA25605622ca1069c753f409c54bee26c1ffa4e595281d6e5da83a8548138d4b7a5eb
SHA512f5de8bf3974bb773feae392ff8a47423b90a22b4a05adad010b705f5cb0d41e7c5fce2b5afc568f44d6594b348cbd5fe08a23f04e8cbb07bddb56be0dfa637f8
-
Filesize
4KB
MD502c801ecc0c29c79bf733364a7770b87
SHA142d209d4e7450160d8d3c19c2d25fe950300a9b5
SHA256b7481dddf6aec3ed8578bb71d51c4cc2685507b126833a73a6302f55314f0915
SHA51235c4e33d5271263da0b313c48d0474613bb83836686b8cdda012236ab2386b5321c67813af07555b31448b21bfa4960846163b91dff1840580db2f175c1c25fb
-
Filesize
3KB
MD5d75f8cf55e931a3500e89f61fdb0c7e5
SHA11f463894c99bd59691da91bd1a239e778af3a01e
SHA256b89d565d51a30ccaeca3bc55c5f1a677a5e4cd025dd4e17faa7d8af74ca7d6cd
SHA512e4bc7a50ac7aefe97ed22e65b933d9e42677cfd12aca71b508a0901e55ccbab2b40299d6c182e0d67bc5099cc33cfc2d547d87f526bb18a480a81b2d13fed423