Overview

overview

3

Static

static

1

Prefetch/C...849.pf

windows7-x64

3

Prefetch/C...849.pf

windows10-2004-x64

3

Prefetch/C...7E0.pf

windows7-x64

3

Prefetch/C...7E0.pf

windows10-2004-x64

3

Prefetch/C...981.pf

windows7-x64

3

Prefetch/C...981.pf

windows10-2004-x64

3

Prefetch/C...0C5.pf

windows7-x64

3

Prefetch/C...0C5.pf

windows10-2004-x64

3

Prefetch/C...C25.pf

windows7-x64

3

Prefetch/C...C25.pf

windows10-2004-x64

3

Prefetch/C...64B.pf

windows7-x64

3

Prefetch/C...64B.pf

windows10-2004-x64

3

Prefetch/C...ECC.pf

windows7-x64

3

Prefetch/C...ECC.pf

windows10-2004-x64

3

Prefetch/C...0C1.pf

windows7-x64

3

Prefetch/C...0C1.pf

windows10-2004-x64

3

Prefetch/C...EB3.pf

windows7-x64

3

Prefetch/C...EB3.pf

windows10-2004-x64

3

Prefetch/C...B6C.pf

windows7-x64

3

Prefetch/C...B6C.pf

windows10-2004-x64

3

Prefetch/C...6FB.pf

windows7-x64

3

Prefetch/C...6FB.pf

windows10-2004-x64

3

Prefetch/C...367.pf

windows7-x64

3

Prefetch/C...367.pf

windows10-2004-x64

3

Prefetch/C...89A.pf

windows7-x64

3

Prefetch/C...89A.pf

windows10-2004-x64

3

Prefetch/C...3EB.pf

windows7-x64

3

Prefetch/C...3EB.pf

windows10-2004-x64

3

Prefetch/C...8CB.pf

windows7-x64

3

Prefetch/C...8CB.pf

windows10-2004-x64

3

Prefetch/C...130.pf

windows7-x64

3

Prefetch/C...130.pf

windows10-2004-x64

3

Resubmissions

25/03/2024, 21:05

240325-zxdnnahe48 3

25/03/2024, 20:59

240325-zswcxahd77 3

25/03/2024, 20:56

240325-zq3dfahd45 3

25/03/2024, 20:51

240325-zm6xfshc96 3

25/03/2024, 20:45

240325-zj6ghsca7s 3

25/03/2024, 20:38

240325-zezs6shb67 3

25/03/2024, 20:36

240325-zdscpshb45 3

Analysis

  • max time kernel
    31s
  • max time network
    43s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/03/2024, 20:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Prefetch/CISCLEANUPTOOL_X64_NJQ5MDMWYZ-D5FF57E0.pf

  • Size

    8KB

  • MD5

    39105222976b74ccd87106f842306c95

  • SHA1

    9f8fd9762266fc69dcdc5459f3fa3adaa5137909

  • SHA256

    8387a3d604ce79e33dfaf1f79533669fcb700beb773d210d7f61f00c11529b4e

  • SHA512

    e7daa204233659e9d3d378e6953656d88c2eb0f3db285c18d4b0a50d92872336e0a1ffd549be522b9dc5d1a14893567bd110685b35c4284542cf1f9f1536c9b3

  • SSDEEP

    192:D91wfGHe2VAoBiS5uAq5BRqXbSWecuxyNhlQOsjB1SB:D9CfGhVAoEdAkPqrSWeu+116

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Prefetch\CISCLEANUPTOOL_X64_NJQ5MDMWYZ-D5FF57E0.pf
    1⤵
    • Modifies registry class
    PID:936
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4388
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Prefetch\CISCLEANUPTOOL_X64_NJQ5MDMWYZ-D5FF57E0.pf"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4868
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Prefetch\CISCLEANUPTOOL_X64_NJQ5MDMWYZ-D5FF57E0.pf
        3⤵
        • Checks processor information in registry
        • Suspicious use of WriteProcessMemory
        PID:4872
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.0.270913556\1834650517" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f32c1a09-6441-41da-b552-298be900df67} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 1960 16804ed8758 gpu
          4⤵
            PID:3808
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.1.426843819\1243728892" -parentBuildID 20221007134813 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcb8d8e0-acb0-48a4-937a-454bcc6fc70a} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 2384 16804dfa858 socket
            4⤵
              PID:4428
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.2.2101676608\2060793471" -childID 1 -isForBrowser -prefsHandle 3156 -prefMapHandle 3172 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9ee3016-da90-4ba8-ae9b-ab6fbeda9dfe} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 3144 16808fbf958 tab
              4⤵
                PID:1412
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.3.929928004\398984710" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {facd857c-ea3f-4cb1-b23e-9077100ce918} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 3552 168079a0e58 tab
                4⤵
                  PID:3508
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.4.2141874725\419541465" -childID 3 -isForBrowser -prefsHandle 5096 -prefMapHandle 5084 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f52f7c8-6d9b-4687-9bef-6724f6a8bc3d} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5112 16807672a58 tab
                  4⤵
                    PID:5024
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.5.957281052\1487787884" -childID 4 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61ffeaec-8ac0-408d-9c12-c29809f3f3cb} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5244 1680bfa1558 tab
                    4⤵
                      PID:3424
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.6.1121906297\1014865221" -childID 5 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {225d3e46-1e5f-45b4-9594-7cdc06b102f5} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5436 1680bfa1858 tab
                      4⤵
                        PID:1616

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  061c73ef196e84eaed0c899051fe714c

                  SHA1

                  0d5a65ee39c02d0ec742fc7a497558f5a30ebb78

                  SHA256

                  617f8a5a1ad07e0077ebf6376b3172b606864b2ee6afa25ad63e8c04b936c535

                  SHA512

                  98eb8bcb119d2a3838998f8a446381060c81810ed6d768717f0b5c2245a8ad0386dcc006690514c4fce558640b7d1b7207e47065fd73fa89dc9cf00680d44d33

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\b7420e41-708d-44aa-90b1-d1109a993414
                  Filesize

                  12KB

                  MD5

                  7b2f571b3956e9883df17ce376277c64

                  SHA1

                  63855ed866171258151bee0b3922e2d9e47bac6d

                  SHA256

                  b5cb0967d94839b2148f586a1b3ac63fe1387dfd2be7c25f382d6c326d374140

                  SHA512

                  d2598e23b8bbe8d781260ac9031e9fcdafac4ded143c500b3deb121e72f66638d7ad03909bc60b5cceece234e473c1aa070586c8c8edd868adbdc40215838f74

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\e41c1d4f-eee5-47b1-9ff0-ae952466617a
                  Filesize

                  746B

                  MD5

                  491ea38eb4609f69b2365fff26dd6a54

                  SHA1

                  39657dfb721b4d0ff66cba5c3812aa2ecb72de03

                  SHA256

                  06cd9e2b3607238b8408d9f0b8b80efa61be817b8c28c9c3ad7a6098742b16a7

                  SHA512

                  4ae064be313301356ce36f2d1773de940111b41cc0ba4f119d9c9d80076d47351b74c819caf5d43a79c0947390bc3106746bae4b5fd636f6caa46d93efe5869b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  53d2e63d8b2006a658438009bdc313b5

                  SHA1

                  76cc98ad7eb8de32e1146d55a71d7cf94a832673

                  SHA256

                  54f55f3592f42834081e8287f3f25ab7efc3595f41566d9bbf3dfee976fd313c

                  SHA512

                  d8254515ab159222d94f50fe634fc9c53c92449ce4c487dcd79c4e87d9395bbea4dd02b69e8f3dde78a8869db6f11fe2d7387092b96f69e5c2279f1ff4457823

                  Download Submit

                • C:\Users\Admin\Downloads\Krld3JG0.pf.part
                  Filesize

                  8KB

                  MD5

                  39105222976b74ccd87106f842306c95

                  SHA1

                  9f8fd9762266fc69dcdc5459f3fa3adaa5137909

                  SHA256

                  8387a3d604ce79e33dfaf1f79533669fcb700beb773d210d7f61f00c11529b4e

                  SHA512

                  e7daa204233659e9d3d378e6953656d88c2eb0f3db285c18d4b0a50d92872336e0a1ffd549be522b9dc5d1a14893567bd110685b35c4284542cf1f9f1536c9b3

                  Download Submit