Overview

overview

3

Static

static

1

RERERERERE...orrent

windows10-2004-x64

3

RERERERERE...orrent

windows7-x64

3

RERERERERE...orrent

windows10-1703-x64

3

RERERERERE...orrent

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-03-2024 04:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    REREREREREREDDDDDDDDNONONO.torrent

  • Size

    209KB

  • MD5

    51843e655ac4fb021058f10ce3c856c3

  • SHA1

    295f97816acbc368f5965d4c767874861f0a93eb

  • SHA256

    7779e8956d0a9ab29dd5a79ed55a285367a9e9c20c90623bec4ca7f6f4002a36

  • SHA512

    521dd5530a2038c011f27f4868c3c9479aca26d66a39ce6b565a51df33a7062cf9e67dc2649df93f0a441a6363f88682e410e10f9a7ae1e7328c1d03f21a4971

  • SSDEEP

    6144:tIzeHUWbX7V8IdDLM4AXwQbQXp+y+biBCVndSj2E:tQS7qgBQwQUQX2CAj2E

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 14 IoCs
  • Suspicious use of SendNotifyMessage 13 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\REREREREREREDDDDDDDDNONONO.torrent
    1⤵
    • Modifies registry class
    PID:3984
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1832
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:852
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.0.1905520420\435319624" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39bd5cef-1282-4344-8e48-e1ba26d5e3f7} 852 "\\.\pipe\gecko-crash-server-pipe.852" 1996 24ef91bb458 gpu
        3⤵
          PID:4216
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.1.118559386\2139236544" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09e6fc36-0f1c-4a62-b3ee-63c118d97288} 852 "\\.\pipe\gecko-crash-server-pipe.852" 2376 24ef8930e58 socket
          3⤵
            PID:1784
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.2.2080166306\218719826" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 2940 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8b4b325-874a-48ca-a9c5-0adc9e8b807b} 852 "\\.\pipe\gecko-crash-server-pipe.852" 3200 24efcebcd58 tab
            3⤵
              PID:5232
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.3.1154236443\736928449" -childID 2 -isForBrowser -prefsHandle 3760 -prefMapHandle 3756 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e686a40-2c41-4970-9ad2-2d9045d927d5} 852 "\\.\pipe\gecko-crash-server-pipe.852" 3768 24efb4c7358 tab
              3⤵
                PID:5392
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.4.242903924\1110392646" -childID 3 -isForBrowser -prefsHandle 3984 -prefMapHandle 3980 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {543bb422-db7b-4108-bca8-256bd1b72cd8} 852 "\\.\pipe\gecko-crash-server-pipe.852" 3992 24efd4b7258 tab
                3⤵
                  PID:5408
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.5.344708695\2125133954" -childID 4 -isForBrowser -prefsHandle 4920 -prefMapHandle 4924 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e4a1835-bae2-4db2-8c81-e4f1c7f19d21} 852 "\\.\pipe\gecko-crash-server-pipe.852" 4944 24efe7d0458 tab
                  3⤵
                    PID:6072
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.6.1144650744\34769871" -childID 5 -isForBrowser -prefsHandle 4972 -prefMapHandle 5080 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52dc98c7-a200-416c-a263-47882c76762b} 852 "\\.\pipe\gecko-crash-server-pipe.852" 5168 24efd4b7e58 tab
                    3⤵
                      PID:6088
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.7.2124704730\1529488621" -childID 6 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc328f76-c2a2-4545-b6e2-055db55f209d} 852 "\\.\pipe\gecko-crash-server-pipe.852" 5192 24eff965e58 tab
                      3⤵
                        PID:6096
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="852.8.166929595\134456114" -childID 7 -isForBrowser -prefsHandle 5896 -prefMapHandle 5892 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8a1ee47-3ba4-4bb7-adbd-a3fc0a319e41} 852 "\\.\pipe\gecko-crash-server-pipe.852" 5904 24efbfbad58 tab
                        3⤵
                          PID:5876
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3144 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
                      1⤵
                        PID:2392

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\4E0C28FF25B34AA6D81276C14EFAA147A7403E02
                        Filesize

                        57KB

                        MD5

                        2d0c5e3425431e59c9160c8533dcd459

                        SHA1

                        803ff0b2742083b86946966e47a7249652cb6acf

                        SHA256

                        88a48bc6ab5d6f76131365351d58abef58d22640bb117a950c8c0a17bc77888a

                        SHA512

                        2ae5443236ca7dcde93b46900b0182d974f301bb251d5e465fd25f6ce88e75b23715caa3a1ddf32cd29da9d87d0b4d811feb9f36d44916b6fe3b6a83f59b2270

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        3KB

                        MD5

                        bfef77255e6278462e091fe89f968ed0

                        SHA1

                        569adca19c6dd5c1bb064540b645894f8451dc33

                        SHA256

                        3ced9559ffc1bf87e733901b91ed2b05d4e19716810867a7b1d54bb5bacf83a9

                        SHA512

                        cde21310e103ff21e052c0a60e0ad7b5d134778e0432ca5242683665fa5c888c929cf4ebede40e77ff674a0a5b72f7f71dd7859e76ddff9410949a6fe43965c7

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        2KB

                        MD5

                        fd7e4e0bea4020e42ea937985f4942bc

                        SHA1

                        4d17a0680f084456d5fb79445b1541309ad7b43d

                        SHA256

                        25aef172d608e04dcaf090e6b237a70417c094067e5e04fe3d76cf1ca0f36ed6

                        SHA512

                        8ff89fec29522b9257aa1e9456e5435332081ec049204b4e2eeafe6faf738751cd343019845eab559d7637117aac34de55b866573286568a5e6a5194397e571d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\5661600d-ef3b-4fcb-b674-88fef3cfd733
                        Filesize

                        746B

                        MD5

                        0a688ddc908e83ecab2404fa9b49d1ac

                        SHA1

                        a20a5971ddda5ff6cd7141863680a487a8f89074

                        SHA256

                        141ae3cca7195a140cf0531b8ec2fbc7bbb64df4f41ee8d5679e17d4e3d3ea59

                        SHA512

                        9d4fbc5eca16bed428d12311b954a98597c865ed7fc49ba267a062831eb28d90a5a68f667bda3ce708d29b41a7556da15c2efaae2d3acc13c166a2cd5d3bf2e3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\81f4d495-6a14-4045-a554-7c69638951de
                        Filesize

                        11KB

                        MD5

                        a9c1e8359c34db284459b363073b5ff7

                        SHA1

                        d6c183ccffb7efbd2a5362a9500f271623ad2977

                        SHA256

                        aa904f0e75c5de20a82ecd4aef24c7fe4d8465210c4466cefddd7f519f971d0a

                        SHA512

                        a51132925399eb7683966094282203d70f11414aa03c805d7fc7d3042a7d4bf7f11b3226b9cb5f2c294eea2c4b811e20fbce420384d34b80a863e12aeedfbd46

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        a87a7aed797c5446337b65a1522913fa

                        SHA1

                        ad18a6cb3d51599e430db0d7bd805842bdd017e0

                        SHA256

                        34d43b7dfcdfb7008d2e38d487fb7f8f9fb70dadc1ab6eefa8a6711206642e0d

                        SHA512

                        d8d85bfb265bf32fba2bd92c2830aa660269ac784d5a59fc22e912ded7712abad33019ae1d034ba639206dae1207546b876f85c4954282cba314c5a535bc94ab

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        5775aa8ecbf504e2f97a650e1cce991f

                        SHA1

                        a7ca32bd695792a97ca6e5ad0a99ccf1673b2a25

                        SHA256

                        3039d018fdd3325682be1630f559b262d3bb827b6fb6e7cd59ca6aae47537a5e

                        SHA512

                        a705d3f03da0a852eaa67fc5bd716920020bef05f5f76653f137d875bc2be6eb0d11cbf0a28d118f121bb092af19d491bb1ff00419d5a6f294ec565b7f7745c9

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        7a06760ee0154b9a309b4386f5107d1e

                        SHA1

                        b06a2adb030f3be01f1238cd523fa8c9f3919e19

                        SHA256

                        1f04feb485e57144826d68d5555c0acee67d9ab9120ca700d7613356891afd52

                        SHA512

                        6766f0533f00dda8054bcf4229eaa924621bdb5588ecb7f568c993b38117fac96e1890f6979b18175c97ddb087718482199104159382abee13fa13dcdb2696c0

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        4ad73dc50dac5a286a20cb32b3227c79

                        SHA1

                        a47c2b90786c57f86843727bf9257da23d16e164

                        SHA256

                        d1a61db8977ddd69d15546183d66c1e1b264a5bea652021f9158a239d4cae198

                        SHA512

                        27d44bf262c2abe808c2af2ab85184dee2fdd1aa2efc6a80552f1110aad5485728030fe734d70ec998deb606770f9d9330c308602f54efb6d54f91366fb57ea3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        3KB

                        MD5

                        ec738efa57f4de8606723a2a20e50d47

                        SHA1

                        6fb8e7471369faa082e3836d1efbeeb2946b114a

                        SHA256

                        31df10b2d4803fba6879f8385e9b4cc6b20b2ce1735db21a2eae32248f9012f5

                        SHA512

                        1d8646fef3dcdb7e9752f6b0eef0bf33d84f4e6a085bae774ff3356c883c94f65b458f23bb0604a4008e7942e60d4f0dce74fe6e9d5caec75ce967709dc40cb1

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        4KB

                        MD5

                        8b53ea054b6ba0ec7fa8518143dfd449

                        SHA1

                        551d211fe4cfbdf417378c17d8970f973ac7e72d

                        SHA256

                        6914ab74172a486557e2992c013b42215d55e49de8923156d593c54ce33470e0

                        SHA512

                        fcac55ee91f69e5eaebec566229c4822c239bfb50860246eb5312d3fd8789191b4db216fe41eee71e06cfcfa93b4b5c52830192d821ae98b651412adae8e4046

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        4KB

                        MD5

                        8a7831118966aeee53fa5ff4d903b1b3

                        SHA1

                        af55e225737902ba883cd3c89eac5a98020770a5

                        SHA256

                        46a9f5f831fb916141e661b8c27a57f2bee1bc95077d0bf78e451a5555bce39c

                        SHA512

                        cff9f9b35052ce16cf89cb16033ec37b66aca454ff37d46e20378c6ad4e98ca92302cf1bdd1b879a14b0f33528dbe99536428b07a3ea7bb535e27bc8132bfe3c

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        4KB

                        MD5

                        40007ee4e857d686a8875679cb172076

                        SHA1

                        a8a856665330794e1d21ba8a14901ddf1bb7eeaa

                        SHA256

                        246504c7c407d63ba5e78a4b321580d7efc21dbd18f82153735fcb8275248cc1

                        SHA512

                        d5ec26bf61ee8e157754beb764938dd98dfc878ceb76f9f4458019ccef3820621ba31b90b416b0dcceae6ae74f056848f0f6cd91d5ab655b826a1735fbabede3

                        Download Submit