Overview

overview

1

Static

static

1

racingtune.ini

windows7-x64

1

racingtune.ini

windows10-2004-x64

1

Analysis

  • max time kernel
    62s
  • max time network
    53s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24/04/2024, 13:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    racingtune.ini

  • Size

    14KB

  • MD5

    875ccbea4d0078f4b2598cb9c03585d9

  • SHA1

    54ec6c2adb7a6a260b0d4b7c5cc94a31b390646c

  • SHA256

    ffe47d0cbe32365c164fdb78aefd84ddf8ffd24db26a758182c43668008d3680

  • SHA512

    b42af776e81c3989966aea602e8aaf5a857b14bded3641de8d16a173ebc0d10deef55cb629d5e791bc0efedd08f8c0ce73f123a0fb024923d80e554026c6b1f5

  • SSDEEP

    192:/dp5tZGRnzlpt031tey6543SdKA9X+1OlCDM:/dftZGVzlpSGy6yif+1OlmM

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\racingtune.ini
    1⤵
    • Opens file in notepad (likely ransom note)
    • Suspicious use of FindShellTrayWindow
    PID:2956
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2528
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.0.754835142\1488263003" -parentBuildID 20221007134813 -prefsHandle 1276 -prefMapHandle 1188 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d4371ae-d08e-4fda-8ff4-fa36b013fbcb} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 1352 10afa758 gpu
        3⤵
          PID:1964
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.1.1631968101\2023416078" -parentBuildID 20221007134813 -prefsHandle 1528 -prefMapHandle 1524 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {714aa139-e291-4888-98a3-29caa1f11c99} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 1540 e72258 socket
          3⤵
            PID:2436
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.2.82269201\1618766281" -childID 1 -isForBrowser -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94041728-1003-40f7-8e5d-3360122182dd} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 2088 1934c158 tab
            3⤵
              PID:608
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.3.1283970178\297209556" -childID 2 -isForBrowser -prefsHandle 2684 -prefMapHandle 2680 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {591e4768-3ace-4606-8338-bf164a04d114} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 2696 1bd8b858 tab
              3⤵
                PID:1224
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.4.125969022\628094851" -childID 3 -isForBrowser -prefsHandle 2928 -prefMapHandle 2924 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0beddd60-d6f7-47e2-93fc-efa7f5f55564} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 2940 1cd0b258 tab
                3⤵
                  PID:2360
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.5.96620707\432431181" -childID 4 -isForBrowser -prefsHandle 3764 -prefMapHandle 2652 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b223fab8-32f1-42db-bd49-8527ce516d2c} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 3780 1bdbb258 tab
                  3⤵
                    PID:980
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.6.251387564\1751451463" -childID 5 -isForBrowser -prefsHandle 3888 -prefMapHandle 3892 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2535c01e-0d3a-4839-8b42-19866eebfc02} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 3876 1bdbbb58 tab
                    3⤵
                      PID:1792
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2528.7.1202561747\2140358508" -childID 6 -isForBrowser -prefsHandle 4064 -prefMapHandle 4068 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 564 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91e75372-ff51-4b45-ac79-34ecde7d94b2} 2528 "\\.\pipe\gecko-crash-server-pipe.2528" 4052 1e316258 tab
                      3⤵
                        PID:2076

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    1KB

                    MD5

                    a70f7fd2944c36c0dfd527f683dc7be5

                    SHA1

                    4f5bb3d264da3e62af8404b8c0723728c32391bb

                    SHA256

                    e2c99b55ee5288266c5d7c6437040630f03a35deb3d35198e27ce742777d2a19

                    SHA512

                    a66ed9dd508e7feca32bafeba0b9f49575fe6e8a38a9fc2239b22280f4c2f62a7fba162945d03450e6aac19cfba8e6756a80d57cbc56c504fca7d5367594584c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    5a0f91a25ca28d573198d73480d16aca

                    SHA1

                    6324f315d30b005cb4141cb93a4657f5167e2679

                    SHA256

                    c5e518b2450cd2ab5ad29e0beb62f6a6463c7a0d4502d0489a0094de45355b49

                    SHA512

                    627100a33d897628248f9c39966bf1de620d25f91fa618f700c8344f2b1c139923627da14e54f7c1b36aa57c59598519dc4b37214b67203e45a895f8d6ff44ae

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\e448caa4-37a2-4d46-9d79-4f8592d753ef
                    Filesize

                    745B

                    MD5

                    334a91ad08c25714e695405fb71f4b2d

                    SHA1

                    a7b08cc4a52b456458130616aa0d71fe9b1f9cc0

                    SHA256

                    378dd50242168ae6b01213281d3ea5af9dd3b7c22cf649714259717aebb6d1e8

                    SHA512

                    149689210db65eb745f9d71d27f535fb32c35f553cb3c9c2ac747dba7ab101126aacb82093b1e8b3e3d477143cfa58d3c9e41c74e87976bee4a7565c32a896e0

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\f9881b8d-a682-490b-9bb3-102f5bed590a
                    Filesize

                    12KB

                    MD5

                    f41fe1153670d201ddbe032c11245b69

                    SHA1

                    c6f5f63c830a062b46be20594a08233289312a30

                    SHA256

                    2c4fdc4636dab1f0234f4286663c29be07ff933a26cc3294cf41d2493296a7a1

                    SHA512

                    2634b3d02357ef4a4ad8da11622c5a7e77ead6a406ff4ed90e1f2b37ebf80b82e4e222bff13ccaced90f1a734ccfb7cc435b5b063fa498bfa6a843397d17c697

                    Download Submit