Overview

overview

3

Static

static

1

turbo.rar

windows10-1703-x64

3

Analysis

  • max time kernel
    131s
  • max time network
    141s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09-03-2024 01:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    turbo.rar

  • Size

    682B

  • MD5

    97c364b9377a6216d1557012fbc7f79b

  • SHA1

    eec48f208607df991cec92a22a79426bcaa4ad98

  • SHA256

    2bf3d48ce90bc88b9342b7f39910481ba877fc01fa1c8e11d8ce2a0da4992aac

  • SHA512

    7096be65c25bd1d9e64099d36c9a59d68df06f1fd1048101df527224dde67420a66d48fc23810f6438001374a1408b8b5d3034a2d9e5ba3c65f327ae6fa79074

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 14 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\turbo.rar
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:5064
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\turbo.rar"
      2⤵
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4896
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4872
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3312
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.0.1453755569\2135271277" -parentBuildID 20221007134813 -prefsHandle 1680 -prefMapHandle 1668 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2f48c76-d184-4aef-9b33-ac068b593eb4} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 1760 202fbbec458 gpu
        3⤵
          PID:520
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.1.1170532456\863010319" -parentBuildID 20221007134813 -prefsHandle 2096 -prefMapHandle 2092 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7e062db-7f50-46a0-b9f9-9ef033977e6c} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 2108 202e986f858 socket
          3⤵
          • Checks processor information in registry
          PID:4412
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.2.961760970\1569015216" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2936 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ceeb72f2-b6e3-411d-bf9b-09de3d73845e} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 2592 202fffab158 tab
          3⤵
            PID:3212
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.3.229327339\766666169" -childID 2 -isForBrowser -prefsHandle 3272 -prefMapHandle 3268 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a048dd6c-5fd1-465b-9278-5e7cf9c010fa} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 3200 202e9869058 tab
            3⤵
              PID:3672
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.4.221935712\2134837904" -childID 3 -isForBrowser -prefsHandle 4424 -prefMapHandle 4420 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b31fd566-4803-4c18-8246-28ee2b112c5d} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 4436 20300e7ae58 tab
              3⤵
                PID:504
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.5.1029696527\145422263" -childID 4 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31a22a61-cef0-467c-92a3-746887420120} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 4840 202e982d558 tab
                3⤵
                  PID:4336
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.6.1064411605\1692473950" -childID 5 -isForBrowser -prefsHandle 4980 -prefMapHandle 4984 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28842e5b-0371-4954-81e9-d9f1e68fa7ab} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 4972 203020f2e58 tab
                  3⤵
                    PID:4204
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.7.1235838857\657592654" -childID 6 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6915f3b-461b-46db-afef-281037b80a9d} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 5160 203020f1358 tab
                    3⤵
                      PID:4220
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3312.8.1268074327\40632153" -childID 7 -isForBrowser -prefsHandle 5540 -prefMapHandle 5512 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e9267b3-f048-4538-95fc-63d6a335cb34} 3312 "\\.\pipe\gecko-crash-server-pipe.3312" 5548 20303588158 tab
                      3⤵
                        PID:3168
                  • C:\Windows\system32\cmd.exe
                    "C:\Windows\system32\cmd.exe"
                    1⤵
                      PID:2728

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2kgs76lg.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      9KB

                      MD5

                      7bbfd1c8a2b9253626aad6b28cdf7845

                      SHA1

                      aa298c85b1f1631a46d535e4f1b669b7b7fa1708

                      SHA256

                      6d4a00da1433bd6c2c23a227fd6522c260c3fa53b8fcfba0f6f447580cc9e4ea

                      SHA512

                      0efffd0b86e572a1674e089574ca0a9363824d4c957be71905363ee00f2fd05178e6a8ba96cf71805cf0069c578a70195d372f58b00c06e498b49d350239313a

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2kgs76lg.default-release\datareporting\glean\pending_pings\990da025-9b49-46f6-b466-c47106ff379b
                      Filesize

                      734B

                      MD5

                      2b3d3e1f2fa5223968637ddacb48e519

                      SHA1

                      220d03caeb2c9eba443fc02c4e0173cd9fc2ab29

                      SHA256

                      1600df7f03ed6998d126a4e2ba1ef4dcd50b7f04931e2dbff8c35fec1c464742

                      SHA512

                      0fa1f53b41c4e1b43d24a483c5b06e50145876bf37c918757e039283b0c4546121bc6c178a186b8eb447f6d40164bd90642db4b7d5ff8c36c606cc6987ef40a4

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2kgs76lg.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      5874daac27c6756612d7d4ffd024bc39

                      SHA1

                      c0059308b0b8886024bb1af89db4773d1e91e16d

                      SHA256

                      e3ad3b9cb47244542744ae11c7ccf2467be25254a5eb526171c1bd2005ea9249

                      SHA512

                      4b18ca7335e1c3a77992142962e8fbccac6dbde15de4d1f7eb38fbc30789019f836bf09d98ad50c4034bcfad3f2f89b985bf3b96f84c9dd62a703028ed629a38

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2kgs76lg.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      0286ac1214cc31a2199f132c659f2979

                      SHA1

                      cc60725e472fc8de7e53d852892edf54884c60e4

                      SHA256

                      c3ea4ac32b1d4fd23a63d138ce321a647501527d50353166e9e574d8d26e3e5f

                      SHA512

                      81edd4ed57a45159ae30e762e9c8c987988951490796b479c71a652f10036cf1ea3bb48b2365b0a8b8d8069f14d8b6de5f59506707115795ba18f717469c4987

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2kgs76lg.default-release\sessionCheckpoints.json.tmp
                      Filesize

                      259B

                      MD5

                      e6c20f53d6714067f2b49d0e9ba8030e

                      SHA1

                      f516dc1084cdd8302b3e7f7167b905e603b6f04f

                      SHA256

                      50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

                      SHA512

                      462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2kgs76lg.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      cf2accc3a16a32a73fd3af859825c405

                      SHA1

                      5e6482921996ac37cab6877e08efbbcb2d900517

                      SHA256

                      c9b1f5e2807adabe28208858e9891c5a82213363193dec583dadcf09d54a6d24

                      SHA512

                      bf997176db2cd5c8485d4fa9cf291b81b9dabcedd68f7997cf0ab43d32bc0c0b7f96b569ec3d017bd0e3be12c260f0c4fd3dd4f0545223718f83f033d4583ee8

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2kgs76lg.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      4KB

                      MD5

                      2fc1acfa1910a34b011a698b8c3ae689

                      SHA1

                      7fca81796526cf179d9b76e5f97a679f1569ad41

                      SHA256

                      def6405dcbaf75be214097f8cb0a8575cc72c68252a6e505cadd5c90a0cbc196

                      SHA512

                      35c27ef7019b1dc35c0cb1f0bf439860f497c829ba19a934aec0067c4aceb8890579699bf07571aa0f05e25b2efa0214938cdff5edadca1c916bdec9a5141c21

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2kgs76lg.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      3KB

                      MD5

                      d7a42da6e613b83d8f2981598ece742c

                      SHA1

                      4368507a585ed276a59ca8b1e552f5123fd7d5d2

                      SHA256

                      c17b875935b339964e637397b9241733f4a30fbe8c9e2149eb868595e36d058a

                      SHA512

                      9a6bec2328da8e263eab71b27224a36f3ac42415539a9b6dc3a64c5e3dedb67e151afa1ef8db4939e3faa79b65f690f5e1fe7a425105fe1c9beb01f4628f5c33

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2kgs76lg.default-release\sessionstore.jsonlz4
                      Filesize

                      4KB

                      MD5

                      cb36f4d98f31d3dc6e3f4f94959167c1

                      SHA1

                      02e8e5b3de401b2f8b1f37f1e6dcf6b0e24be290

                      SHA256

                      573319c99ddc8c23dfe4845080a305f24263fc79aa4b4cf230497d6cab255048

                      SHA512

                      46c6e7f8c229f35e625ea7f12e088a6d3af510b4872a8bc159006b7b2ad73ba58445dbd047f7a5fffe46e58a16ffcaac09b11d7ff9c800d00d51e8b6303b1eaa

                      Download Submit