Analysis
-
max time kernel
1794s -
max time network
1802s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28/02/2024, 04:28
General
-
Target
2022-01-12 (1).png
-
Size
433KB
-
MD5
a8c9898d5299f3eb850985a4db30bb43
-
SHA1
07c200719ea6f456cc1b6dd28f4bcb6c777fbd3f
-
SHA256
d777fce5d435d028ce27688c29471c914a6299963a6e37bc236d9a0cc337e831
-
SHA512
9419a0f3f249ccd6f1c955cfe885b1bd48839a2a418148eaf710cbe08254e0219b8db3a32614c5fd098fc6d34544d20994c967b12620bcff6c87318ee0f50e6b
-
SSDEEP
12288:GjZ1fVK1RUoWQsRmNeCLHSqbePdTRBa07D4cHKL:gZ1fVCUoWrkfLNePdTRBa07D4qS
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\2022-01-12 (1).png"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3744 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5092 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3356.0.735523289\1723158301" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7792f7ef-9f0d-49c9-b730-d1efcb13f508} 3356 "\\.\pipe\gecko-crash-server-pipe.3356" 1960 18337bf8158 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3356.1.895191643\1108247629" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2017ea0-613e-4622-b398-403fcc6e6c33} 3356 "\\.\pipe\gecko-crash-server-pipe.3356" 2360 183376e6b58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3356.2.2023208624\1900667938" -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 3144 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad8015fb-ed4d-46c1-899a-117e0415ac3c} 3356 "\\.\pipe\gecko-crash-server-pipe.3356" 3160 1833b9b9558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3356.3.1552386348\1628188216" -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 3596 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1dfa820-f2ae-4f3e-927e-6c4082dc3913} 3356 "\\.\pipe\gecko-crash-server-pipe.3356" 3640 1833a0da358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3356.4.1721917538\1802460514" -childID 3 -isForBrowser -prefsHandle 3980 -prefMapHandle 3976 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f416c274-b8d1-46cc-b173-ba89fea6b421} 3356 "\\.\pipe\gecko-crash-server-pipe.3356" 3988 1833badb358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3356.7.366439725\1689630974" -childID 6 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74eb1d14-f07b-46f6-827c-da973d7bc59e} 3356 "\\.\pipe\gecko-crash-server-pipe.3356" 5440 1833d8b9558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3356.6.410539246\1308870671" -childID 5 -isForBrowser -prefsHandle 5272 -prefMapHandle 5276 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd8868ce-c811-4940-9597-3242411e7f08} 3356 "\\.\pipe\gecko-crash-server-pipe.3356" 5264 1833d8b6e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3356.5.339313810\1197434195" -childID 4 -isForBrowser -prefsHandle 5084 -prefMapHandle 5112 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcb7805f-c394-4f8a-91ba-9188ba9de9d4} 3356 "\\.\pipe\gecko-crash-server-pipe.3356" 2832 1833cc05358 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD518d2cb513503da2777c33c0698106e42
SHA141f661a047ec0a9fd9790ccc89174dca46b2ff7f
SHA2569d4b8cd38bbe167d4b5e6e2e6887f7365ab3b3855f9879301053e22d9f44b38e
SHA512cfd499a67c6e7e57bd46b37b959ee94ca71c2bb0f6d71a6807bad47ab73f56ae375d08718de9ad4460a3e3a88b79db1f5bd67068b7f443c2e9ccb1b88b0cf63f
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
6.2MB
MD58cfa287e42cdd9109def70b8da8e10a3
SHA1cfd1ff6436091fdb0903f9e27d67f61020a04441
SHA256b678c615eaa6708917f96dd68ab06c759fbaf53f531dbc65e808958bb4d94d60
SHA5120fd92eff11100df73e6b7ec310a997642b6c1d4f5f4f38549267230026316cfaae14d3297eca429c16f0c32fb8c38f070d6479b2b369d201ff4cd79eeef5d6cd
-
Filesize
5KB
MD54656518501bc49bee8a86d81b718489a
SHA13d7ceb1de504f5d68d766ea975854299d7295350
SHA256b8268090b17ae952d42e8cd180c146560dcb7ca649e0e9387d31907479c14bf4
SHA512b15e064ec57438546c682e6e087975819eb81c65d05273720c0f86d18c8172fe612f47fad21ff89b627af571ec181d9db55ded848f45eb41ed059b2f1b13e6e3
-
Filesize
950B
MD54f250385aeaa84a357a344af5ad6354a
SHA14f1ca11ca083ed02b315c489223a20017a6ecbc4
SHA2561496d4f20935c304d2e661264713fb152b1558850d404b59353a09e7f830c264
SHA51216e9f6c632ecb3f96663d06f567445f294a0195a922e9e2105893550fba609767602cbaa87dd5380c5888274d7988b25e937335f58200e91db9cce6cc375c0e5
-
Filesize
216B
MD53341dc71980278836bfcb53019619155
SHA13d1c96ef1bf273854d80fc213ca1cca9256ff477
SHA256f534bf2a11323edbb296c542e4f4b51fac06e4e203f4a3aa58315f2ba285b05d
SHA5125d0715be9e47647adc1e91c59863abe91706925882056283ebc8c7ed86e82b554b97610f25cba13bba39c8bfefa76a17b33536eb8b630f0e0c56dbcde0eb5271
-
Filesize
2KB
MD5e1d938c0270f976d3f8b448bc493dee5
SHA16297379884315fc0a202973e60d31ba410f2f49a
SHA256f040868645903862798aa913d07056634390347f2fc5230442c06538428f6ef1
SHA5124be8352f95d106253a73512bb4751dd9b859ab65a87c7b8e7813e6b2e32fce4470705e3b1058fa1b442eb41e606238d4ccc2e28f42f91c8b0f8022285027462f
-
Filesize
746B
MD523252adbe4c494f218c270b56f8ca0ae
SHA17bb08089693bfc2e67c1df384fd59d29c8056204
SHA25615bfdb4397567d27e1cbdf7182c22553159fb88d89270b11fdaae52ffa34ba1e
SHA512099158105012ad91c62e34b4cac592343f07ccff77f0c890cc6ad582b12e7d20237df3e2d8fbac6e32453fedc2070370a9af0260861fa9835688fed875440e4b
-
Filesize
10KB
MD5dbdf4df12ad0f63942e0dd72959af474
SHA1cc78767c975eede109abb8ac4335cc2220d53583
SHA2562dd6950ae751725e37c8e78fd118bc7a17eff1dc470abaea4324b885a0ac7eb4
SHA5120fa7acfa2678b1adefd95ec941319350e23b350c8d53a3c8734e3035dcbceb476c5e147959fee5404d8c2da29f53c41d082f2254517d95acce334e3b23f1142e
-
Filesize
34KB
MD5f7016d8a2229e3f56d1e6d90b11654f8
SHA1fd5b74a4a1c3da00e7489da745fc77af3f2b70dd
SHA2563c2e04a2ecb5f25269a5a123019dbcb32be9131208a02b28e1222508871522be
SHA5129f7a14a5f58230dccd61b1fd9583fb995d57b004aef7dfd2bd1778865b5fc60a0a6a0fd6b35f31992d7de41e69b915a252b8419b50bf4e4a8e5bc0e28fdcec65
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
6.3MB
MD5c2786f57c06f74184907f6bd4336043d
SHA1cff163720cfd58340ca94e04dc28b11d11eeb0b6
SHA2568d4b5833530836d692a79ecee074d69fe256d1bec6925c59553e2bc50284d9dc
SHA512fbef56b7caeb90b89ccd508db4c052dbc8d2e9b33024be8d80d6f6552846df2461d8932249a1b655ab7403400b353b1ad9b77ca5cbe5f9f66e7654ddcf13cb91
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
10KB
MD5815e3d65d15ce118d9affc8b564dded4
SHA143b9db94dc579782a37530826090ffa5aee38aff
SHA2560ee28d84a1768cdd54c7f0de512f879ed2fb6aaadbcdb2cf85c730a4d146e19e
SHA512d361cdfafd10e0f415a27a0e3e7fdc8c099ff2573f4242f4fec4f1d000ad3a54f40de4449926aa5d8d2d93ce415943d15b823915c4503bb2e561c317117f7c33
-
Filesize
10KB
MD559c40bb5fcb545f54f1b8f370541583e
SHA10ae84231b34b0a176cfbde23e2edf34b3ac92c73
SHA256b8b058d1b590f99a738724742b05a59053498387450827d39873a0e1e00c12dd
SHA512a3d6e0fe448018984c53d068f2c0dba5a41431f9e9756a254d29d6c634f266e2781c5f5ae572e91ef88ef8ce5a18d5348cfe72257caf318037021e890c66c167
-
Filesize
6KB
MD5b8e953373001d9dd1beeda66591d317a
SHA156a5d9bdcb31f7bb273bf2eacb6963e0706c916e
SHA256e04aaf29fbe73ebb0e08386550ebd8ef3e292fbed36dc88a3a32a36d49ed07dd
SHA5126286c728304c9e9418e4316a7733cf148c2e879f16982398756fc34c0e35658469df3dfc0044e2e8ae4ea3b6d4c57966e231ba5e88f854b3769505a339b9815b
-
Filesize
6KB
MD58987c94f7435f801459f4c8dd95e84fc
SHA1cd8018a4f5a54416ec7f285f3bca0281583fb7b2
SHA25613daecfc952c1da60eedfb4c5a523f032d2769d12e8f18f502650d374bcda050
SHA51237183108ad35876e8feab942eed3b8125024b2e6f967f560fee204e05ae54a269fdea4b70f5daeb46449bea5e80657b819b23337513960833788e8049d2c1d38
-
Filesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
Filesize
1KB
MD53c34cbcc6109f0de2659e1b9bb581d2c
SHA1feb631b7f4d4f9b04ec1b6fc1f353c2f3c20a193
SHA256bb4ba2a8cb58840a76381e0d199b35df3c689e88e4af57a195039689725f6d02
SHA51223af97b82108e5968530f4809e201b530742a67ac8c8821a80e8990044475e280d48686b8a177f41c6a5757e693338916ef05fbb1056fec4454708b242f54897
-
Filesize
1.3MB
MD5eef06e6390a2286837363efe86e66b57
SHA1b8d36b786323ca86916c3ab7162cb1324616558b
SHA2561ef33a4a92cab041d6100d80d9eccb9abefbb697f8c2a292de09ba5bfaf83730
SHA5125f2a61a98f9e1777fd842b7f47514343053c81dccc7fd5fa9f9f3b1fa2e1fe2e5d9bdd796d8dcb94bf2e5605a77c7b7f63b428d5c9f3f5dae3f52d53a0d3c00c
-
Filesize
3KB
MD54e758d5b46efb6b80f2c41c082d2bb18
SHA1001d56b2df7e25d62427645a396b7d0475e581b0
SHA256aec7264ace0eec2c87b2bd26beeb1fd75f4530aa8a3505dca474cdf7292df665
SHA512d9c98802c380590c6eb4bdf9caf87110636fe9b5547665e90b902ce07f6cc4693debf0de7082e37c43edcd79a20498bb88c4933612be799049dd91951322af98