Analysis
-
max time kernel
123s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
06/04/2024, 03:11
General
-
Target
PizzaTower.exe
-
Size
6.7MB
-
MD5
b2d54e6e34f87f6baabb6df4308190d0
-
SHA1
9caf5db51307f9c4d7b67350b2b5ba5c825ff19d
-
SHA256
4a07c50ec0c659d24d25e19b12ee111d289462ca0e64dd34a7c7f13d2e6c9f1d
-
SHA512
bd8e88d00b76375ec5e67e0fa22f9464d25c9158fe92528d5deac82fd9b339d5ccc8df4607ae2f4801250d0286519da01172b9bbefb1748efd6ce51428d95895
-
SSDEEP
196608:91J0RvrxpiA76rXI565kqgy+lHX/TlD5qqutk5ZcPErh6W:8++lPyELuHW
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 32 IoCs
-
Modifies data under HKEY_USERS 9 IoCs
-
Modifies registry class 32 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\PizzaTower.exe"C:\Users\Admin\AppData\Local\Temp\PizzaTower.exe"1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.0.1546169710\92267704" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1224 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3ed3ed7-1fa1-4eac-bb97-ca41b9b8e7a7} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 1316 113beb58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.1.1185849500\1420210964" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89c69a13-d1d8-460b-9199-2387c17d6a24} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 1500 d70d58 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.2.2068596252\1274563357" -childID 1 -isForBrowser -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 20933 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3c8b3ca-efb9-4e1d-ac27-f8a30c6b874e} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 2116 19a7ed58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.3.777808830\1480973837" -childID 2 -isForBrowser -prefsHandle 628 -prefMapHandle 1656 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {319cbab8-6c08-48b8-8431-27070c32105f} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 2460 d72558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.4.374042938\369283851" -childID 3 -isForBrowser -prefsHandle 2804 -prefMapHandle 2800 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b17e997-9533-4974-88a4-7d517487ad1b} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 2816 1b768458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.5.356871030\373783176" -childID 4 -isForBrowser -prefsHandle 3036 -prefMapHandle 3704 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21f89e33-2229-4113-9480-ed264d86489d} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 3708 1c6a9258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.6.954617278\616855118" -childID 5 -isForBrowser -prefsHandle 3824 -prefMapHandle 3828 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03fdcc81-9432-4668-98fc-a803c23485c9} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 3812 1df63b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.7.515516529\465807706" -childID 6 -isForBrowser -prefsHandle 3996 -prefMapHandle 4000 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3d9bf96-463d-4a37-ab3b-700c83592dd3} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 3984 1df63558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.8.603017139\368734156" -childID 7 -isForBrowser -prefsHandle 4416 -prefMapHandle 4412 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2644f510-bb6b-42df-9e01-76c967df8f90} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 4432 2128fa58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.9.936989446\1263021352" -childID 8 -isForBrowser -prefsHandle 3812 -prefMapHandle 2540 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {516b7b89-3f16-4435-895a-8000bf692496} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 4068 21d77d58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.10.507429692\592816869" -parentBuildID 20221007134813 -prefsHandle 4624 -prefMapHandle 4540 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f239aaba-28b6-4a45-a828-0d672ccda0a8} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 4524 21db9458 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2980.11.783415059\2004728725" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3216 -prefMapHandle 3884 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f6ec03a-b181-404e-9c4b-67c999e7ed49} 2980 "\\.\pipe\gecko-crash-server-pipe.2980" 4640 1d877c58 utility3⤵
-
-
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
- Enumerates system info in registry
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x02⤵
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5ca66d9652193a34c8605a54d418b7377
SHA1ba91fb766bdb1c5f25cef3a4088c6db0298af1b1
SHA2567fd9a053b0e32ce35d1a83423f7332a5188487c1492d76119c571440ef0cc546
SHA5124397d654347ebf3a154e96ec4ea2552378676a08f7995103a8626e7e3beecb35635296fa79e7409f81ef1c7c43fd5c30cecdb2a2c95fcf3b93d5ad5439d1b2d3
-
Filesize
733B
MD5dbdb44e8c86eeb57c2488cfc69b361ce
SHA1a1b4aa763733226df48dfbf100ee40799e776609
SHA256bf396d82c4c14c9b8b93ee86da85abb205d58743ea0c03f81acdcb98598373e4
SHA5121bdea0757e23e887d378b50ca8f5adc779cc1db2a63458b7a4235f1e1e81049e301fe5c17e3b150b44c4a6bd6568e65c6e2f2f0193cec87ecb099f2a5cd28a5f
-
Filesize
6KB
MD5c49c0e69744fbde5b8dc765715edff55
SHA11f8b6c28d902712833dc75c4f283637f974267b3
SHA2568aca26a3d3c8adbb50b50475aaf0f35c19607ed90a6f1ff071b9aba124952786
SHA512563fcdb169c2150c9ef9b59034ec2543e4e29be4365161c7cd7feeca5aca85f1bda3d96f1967f7fb421b7eea5c852d4b553cc7c3b1406de994fc1cbe0597df53
-
Filesize
6KB
MD53bd4989c09e37d7379dadf3b2c0681ff
SHA1ccb79326464c6408e97c9e94f5745e7df472caec
SHA256b6dfec0dacd5c8d4e8387c34cb4d069a385ab5b54a5297388e4169d2ea7cf831
SHA512209e4d6af4bdd337193c4373d230a35d97b025b5aa22edfbe01e72e59043d61a583b592802c24e482764b6f9325c8e01205ffd3b13d4b4cbf9b27353837d5c94
-
Filesize
5KB
MD5a8961e938f44585a223c522ad78b5fef
SHA1ca46e5ea7ece483a528402c40c2fec93709315a2
SHA2565df0aa76be3c883854af3df43dacf50850b366e3fad5a16631cc2a82cba0b5d8
SHA51243f2fba0318b346800bd78ad6177374a67b2ee303ee4dd8d85e1c42544e4e0c19df14188c0b8a88b8436676a2c58fad6b565fe3ecaf0b67f344d8a47d412261b
-
Filesize
2KB
MD5ba8ff84609f93ceafa7b66a960082b5d
SHA195f3912403828e2da8290bcd6f3dbcda5908624a
SHA25630399b534467aa4883f48216ed06900534a00190aa7afa79175ed59c051e835b
SHA512c04b575cdc75db682b3d0354fcd6836177f901a17a4d252f88e09e32c5462998a364cc3a4cc780a985089c91d29d6d39266ec2c344763e3db3a4dcfc6636a6b6
-
Filesize
3KB
MD53ab032eba909fb79cb0e38d8a6bd4e99
SHA13a7077305c24040b3aa4d8b4de813ac8b949651f
SHA256c503b65e3441d683b1aec03efe8009092f514202f94924f461e7b7fde3277f7b
SHA5125a24d27b88aca4fe8e22fc103eed12b8c8078119f811537df6eb5f1fbb980fcb76c4a8eab7a3b14aa2d80f1736fe57e1df7f6ba94d90599328cd48f066c976ef
-
Filesize
4KB
MD5eb9a4204cc032b04e45d4710858386f4
SHA10286b48afa984d66c1c030ea8b9ad113c33e314c
SHA256ed91ba59d0bf5a5630dbfeaabf9e6a4bcb373a365f9a6d0464fb1d20e795c474
SHA5122e9deb8792484024f203ee608320a53621421bc0804d314d13312887cadce663ec6daa84ca7ee638a450a24df01f160295815d7b25846f6d9f2779dda7a919b1
-
Filesize
48KB
MD547c8e729ab2b70adbe15d98faa51b187
SHA182c217e3141b567978693591fbf9162421191eca
SHA256361aa7884424581295aec5dec71dc84229d4f95be80309054de9bc51f9596a88
SHA512f899448e6152a4e6e6f32bc823fcd4578cbbb54e0043fb23096ed6160c1b0f4c697f403c1cda2d9550fdf8d28188f932c916ae741769cf155136e2a52d0b940f
-
Filesize
184KB
MD57a6617d0df47caa312dd00c58a3efbd4
SHA132a40a5b3f515ff98803cf6d8d3b216fc9320093
SHA256fd57a094abea8936532e54aeed8d9879dd9b428bc9938f881fb3e38cb8786f2f
SHA51236e3efbca607bb3a1833e4478ba293c9e6e0063205d6d24952e5cf7aafc9cfdbc126390e91b9d81887b0ce5b34df5ff9e1fef28cdca6818250453a6c16eea69c
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB