Overview

overview

3

Static

static

3

tinytask/tinytask.exe

windows10-1703-x64

1

Analysis

  • max time kernel
    70s
  • max time network
    80s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/04/2024, 00:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tinytask/tinytask.exe

  • Size

    35KB

  • MD5

    8fd3551654f0f5281ddbd7e32cb73054

  • SHA1

    9b1c9722847cd57cd11e4de80cd9e8197c3c34cd

  • SHA256

    75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12

  • SHA512

    a716f535e363fc1225b1665e1c24693e768d13699ea37bdf57effe4fea24b4b30a2181174f66c35e749b9c845b07f82eecbf282ee5972de0426f847293d46b4b

  • SSDEEP

    768:sAzGzd0LnFjuwY6QlVwvHI1pSgNEl/MYoeAW:5zGzd0wXlVwv0SgNQXoeAW

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\tinytask\tinytask.exe
    "C:\Users\Admin\AppData\Local\Temp\tinytask\tinytask.exe"
    1⤵
      PID:772
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4608
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.0.2009585914\1977073813" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1688 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d5a3706-80cb-4273-a762-41ec6a0e950a} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 1792 256c7ddba58 gpu
        2⤵
          PID:3900
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.1.1358837419\1918855405" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3433c9a7-febe-40ce-bc5e-532b51803dac} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 2148 256c7cfaa58 socket
          2⤵
          • Checks processor information in registry
          PID:4840
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.2.605366433\1466728643" -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 2852 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18169300-590e-4d4f-813b-fe6ac6bf37c9} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 2868 256c7d5fc58 tab
          2⤵
            PID:4308
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.3.1378671074\2146190281" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3468 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cd73137-77bb-4e2e-8858-17729b1c7bd3} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 3488 256ca4f9a58 tab
            2⤵
              PID:4288
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.4.1086736567\1933440100" -childID 3 -isForBrowser -prefsHandle 4336 -prefMapHandle 4332 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e911bf20-0e30-4713-8b31-5ff1b9fa341d} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 4348 256cdc55258 tab
              2⤵
                PID:444
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.5.1754880419\1511383924" -childID 4 -isForBrowser -prefsHandle 4716 -prefMapHandle 4788 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dea676f-8187-48bc-b045-7c06671166f5} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 4700 256cbe1b558 tab
                2⤵
                  PID:4592
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.6.1936311024\1298782071" -childID 5 -isForBrowser -prefsHandle 4952 -prefMapHandle 4956 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0530fca6-2dda-432a-8cd7-35458094ef91} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 4700 256ce6a2c58 tab
                  2⤵
                    PID:2072
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4608.7.57400433\862736815" -childID 6 -isForBrowser -prefsHandle 4932 -prefMapHandle 4916 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1228 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59ddcb19-5a60-4ac0-a8bd-1980d82f674d} 4608 "\\.\pipe\gecko-crash-server-pipe.4608" 5132 256ce6a3b58 tab
                    2⤵
                      PID:2008
                  • C:\Windows\System32\rundll32.exe
                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    1⤵
                      PID:2236

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                      Filesize

                      7KB

                      MD5

                      c460716b62456449360b23cf5663f275

                      SHA1

                      06573a83d88286153066bae7062cc9300e567d92

                      SHA256

                      0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

                      SHA512

                      476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      9KB

                      MD5

                      bfe18188ec9aa73bf66c65cdcca4f4c4

                      SHA1

                      e7451f300cc7668803ce02549cb8c69421bd6509

                      SHA256

                      3e62bd9e140b26d6870052f954e16ec2218ca3fe8a11fcd5bbe47df4696e1654

                      SHA512

                      673521b90b05d0f8e0dd63752cc7915c49332baa6cba1972fa0c050a01d8eb4017924edbccb6c29be370323d5593741512b9c177dbf68fe8a658bd9b1b7f64d9

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\4dfd01b9-5b05-4733-a395-7b667fa40b31
                      Filesize

                      734B

                      MD5

                      ee00fe0059b4cfc045efcd1bb9d003e3

                      SHA1

                      e1af23054c48efbb33682b57f80cd54bc27d3247

                      SHA256

                      6ee1028809a093ffc1d023abf4cd78a28cd36dbed4e1f6857638377dae80bab2

                      SHA512

                      3e1be567945a64a9793b40a089a22494d79759f72722541d15a781ba9fe144c32c37af3b2cdfc15af15fc6faa6f15eaf057f100208aa3e3581f4a63697fad85e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      3e930626b04b08b7f48ebb5be5fcce3c

                      SHA1

                      4677f5e6ec44717f697b81d7b89808e73229b7f3

                      SHA256

                      0ac191eb4b1c6b936f319c7f43369a39582f459d38690b2c88c5f2d0f2dc8c3f

                      SHA512

                      af6b7fafb5ee169f8f3fe2b5abeaf259e33767d8e6b2b0f8fbde1ed151d922f3213a86bc3a596ee8b4bad9885c730d8ae43dc7f13eb0df736d85318aa9aafded

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      de65ac6bdf51319998c7a2897be110bb

                      SHA1

                      fa4c05390abaec666fbaa64b8eefc4bd48ec86f4

                      SHA256

                      de7d12994eef96b9ae85b08b8c0cba74c63c00575ecaea4d30784c7d79553e75

                      SHA512

                      c52ca89c4c0aefe0b9f6a730a8d25cb3cf5ed416b9389d964e6b75707d6ccf4c3b1d8344356f6736bd4fdfcc2a0586350c4948d6f43dde8ac1dc5ad3b8df0d7a

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      76a72a98405055fe71756fcecd2d8ef6

                      SHA1

                      bf1f6ad2ccc9b669b6900eb4dc811f06417b5a36

                      SHA256

                      5145e4d89a0aa1370ae6855ed806df3f3f395cbc38e938f418f9b71ab6932fc7

                      SHA512

                      310002dbd4edbf32ebe3e1f99ca8b25bed4e7afe96ef72f8af40eb3d15fae02f64fa0f8e44259a69c6c152e7220ef936f2eb13b29c123c9d76c9f25811d03a4e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      5763e11f66632199478f7ff2a13659e7

                      SHA1

                      7760730d793001e11c5ef7abb55aa520e008c67c

                      SHA256

                      f388e494bcf9d452a7e5c7b66f908cca0fc683e1b1c6b7204f79d4dc76121a86

                      SHA512

                      ad116dd20a070fa328040776f45d9fe1eff461520c46e83ccedcf80de93c3297568d508f92666f6f0ce8a8433b033dacd65d512b7bf2e222526477d305dce8e5

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore.jsonlz4
                      Filesize

                      894B

                      MD5

                      dae6532ff3fc42fb148c3b5ec20bf168

                      SHA1

                      f8ba16f27e10e926f88562ccc7e0c20eeed209b8

                      SHA256

                      5560af35fd652a29f25c1051fade05c650c3f9a223111b9c28245ca41808d45d

                      SHA512

                      019010a0900b748a8bae9ab25e243d837a4c7f2c210356d49ad6b0fa0d60f9f341a36cbfe0f27e9ae671d8da8058acbfc13b161ff86b8526bc0c780267744c1c

                      Download Submit