Overview

overview

1

Static

static

1

Trusted Ro...ty.cer

windows7-x64

1

Trusted Ro...ty.cer

windows10-2004-x64

1

Trusted Ro...rp.cer

windows7-x64

1

Trusted Ro...rp.cer

windows10-2004-x64

1

Trusted Ro...X3.cer

windows7-x64

1

Trusted Ro...X3.cer

windows10-2004-x64

1

Trusted Ro...CA.cer

windows7-x64

1

Trusted Ro...CA.cer

windows10-2004-x64

1

Trusted Ro...G3.cer

windows7-x64

1

Trusted Ro...G3.cer

windows10-2004-x64

1

Trusted Ro...G4.cer

windows7-x64

1

Trusted Ro...G4.cer

windows10-2004-x64

1

Trusted Ro...G5.cer

windows7-x64

1

Trusted Ro...G5.cer

windows10-2004-x64

1

Trusted Ro...CA.cer

windows7-x64

1

Trusted Ro...CA.cer

windows10-2004-x64

1

Trusted Ro...G2.cer

windows7-x64

1

Trusted Ro...G2.cer

windows10-2004-x64

1

Trusted Ro...CA.cer

windows7-x64

1

Trusted Ro...CA.cer

windows10-2004-x64

1

Trusted Ro...45.cer

windows7-x64

1

Trusted Ro...45.cer

windows10-2004-x64

1

Trusted Ro...CA.cer

windows7-x64

1

Trusted Ro...CA.cer

windows10-2004-x64

1

Trusted Ro...gn.cer

windows7-x64

1

Trusted Ro...gn.cer

windows10-2004-x64

1

Trusted Ro...X1.cer

windows7-x64

1

Trusted Ro...X1.cer

windows10-2004-x64

1

Trusted Ro...ty.cer

windows7-x64

1

Trusted Ro...ty.cer

windows10-2004-x64

1

Trusted Ro...14.cer

windows7-x64

1

Trusted Ro...14.cer

windows10-2004-x64

1

Resubmissions

15-04-2024 17:10

240415-vpz5gabf35 1

15-04-2024 17:09

240415-vn3tzabe93 1

Analysis

  • max time kernel
    30s
  • max time network
    24s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-04-2024 17:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Trusted Root Certification Authorities/Class 3 Public Primary Certification Authority.cer

  • Size

    576B

  • MD5

    10fc635df6263e0df325be5f79cd6767

  • SHA1

    742c3192e607e424eb4549542be1bbc53e6174e2

  • SHA256

    e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e70

  • SHA512

    7c2f94225f679889b9ded741a00db15cc6ca2812bfbca82b22537af832412abbc105e00cd0a3979d5fcde99b6806e8e6ceefb2718e9160a2c80c5ae78b33f2aa

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe cryptext.dll,CryptExtOpenCER "C:\Users\Admin\AppData\Local\Temp\Trusted Root Certification Authorities\Class 3 Public Primary Certification Authority.cer"
    1⤵
      PID:1864
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:5016
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1840
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.0.193992947\116880101" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78b54635-b343-4791-8092-2a7a1ccb2652} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 1868 168c4c0c758 gpu
          3⤵
            PID:2576
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.1.1856694710\1262141858" -parentBuildID 20230214051806 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {772d10c7-9ab3-4ad0-9261-b2863e05cf7b} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 2440 168b7f89c58 socket
            3⤵
              PID:1384
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.2.101801580\1898221663" -childID 1 -isForBrowser -prefsHandle 3196 -prefMapHandle 3192 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edee585d-d7f2-401f-a61a-8d38b503b051} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 3164 168c7a12558 tab
              3⤵
                PID:1328
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.3.2019270976\923658106" -childID 2 -isForBrowser -prefsHandle 2572 -prefMapHandle 3580 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4126fec0-5be6-4b35-9161-e5de0079c692} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 3584 168c9791158 tab
                3⤵
                  PID:3056
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.4.2052370794\137315345" -childID 3 -isForBrowser -prefsHandle 5080 -prefMapHandle 4400 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c60ffff-8e8b-48f7-8b86-195bfa071554} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 5052 168cb895958 tab
                  3⤵
                    PID:4008
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.5.1802747698\699736348" -childID 4 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0037d5e5-c8dd-43ed-9199-ec72066f05b5} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 5176 168cb895c58 tab
                    3⤵
                      PID:4544
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1840.6.1177741338\21959269" -childID 5 -isForBrowser -prefsHandle 5472 -prefMapHandle 5468 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7da865fc-4b63-4f72-9a11-a493646a9729} 1840 "\\.\pipe\gecko-crash-server-pipe.1840" 5480 168cbebb958 tab
                      3⤵
                        PID:3028

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzqgx44a.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    25KB

                    MD5

                    8c58148f300d316452995314948a7961

                    SHA1

                    c63d1f690c7988407ef90c3978b540cba563d286

                    SHA256

                    27b42d6f5f50c5f27ed3b1b396d4dd24b7c2ca87fb5c5f435081e964438ad226

                    SHA512

                    4ccb6354ec69e6134b8440b1cb43e5be2da1dc265b53695610dbb66b373bd43e8c9089febab497a255adbce67f460585bbc41235fc0a36d046a50d8abfc6fbb1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hzqgx44a.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    24KB

                    MD5

                    ab6eaafb95ee70f206f018482eebbbba

                    SHA1

                    98a2542299681ea066433dcdc319f4a06211e856

                    SHA256

                    ef5b2f1e70d8dac8beaa82adaf36dfabda8869059c85b84cf915739a9c35d313

                    SHA512

                    23729797985ad0020c18e1ea4478b7d96ddf975c69c97e136d6f4653bf2803e0db3b568261d42353bc46fda7e4fc289c472b1b137f260f436a80b1f749727c1f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hzqgx44a.default-release\prefs.js
                    Filesize

                    7KB

                    MD5

                    be11878adf1746e4432ed7a28e117652

                    SHA1

                    475aafc5f280ad65ecc694573cb39ef16d30426d

                    SHA256

                    c37dfe0925e175015b2005d295503338d4f11470e833f3076a5c9360aa3453a2

                    SHA512

                    bb71d8fe245637f3b02610d851b7bd53030aa811dc3ef0fb49087a7c241ca6c901d259f45235cfc58126a3b0b7491ff080eb64ae52f4d7bf391dfce8168f03e4

                    Download Submit