Overview

overview

1

Static

static

1

42.zip

windows7-x64

1

42.zip

windows10-1703-x64

1

Resubmissions

29-04-2024 12:02

240429-n7qv7aad31 1

29-04-2024 11:58

240429-n45j6shh56 1

Analysis

  • max time kernel
    209s
  • max time network
    210s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29-04-2024 11:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42.zip

  • Size

    41KB

  • MD5

    1df9a18b18332f153918030b7b516615

  • SHA1

    6c42c62696616b72bbfc88a4be4ead57aa7bc503

  • SHA256

    bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

  • SHA512

    6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80

  • SSDEEP

    768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42.zip
    1⤵
      PID:5044
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3024
      • \??\c:\windows\system32\svchost.exe
        c:\windows\system32\svchost.exe -k localservice -s fdPHost
        1⤵
          PID:3060
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:4868
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe"
            2⤵
            • Checks processor information in registry
            • Suspicious use of WriteProcessMemory
            PID:4796
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4796.0.1037367926\1941533423" -parentBuildID 20221007134813 -prefsHandle 1648 -prefMapHandle 1640 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cafec0f1-c2c8-4550-b237-be6cf0c3d719} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" 1736 1895c6da758 gpu
              3⤵
                PID:3552
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4796.1.1959246784\2002362959" -parentBuildID 20221007134813 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d9f9fa3-af4a-4ee5-8276-f6f21ef438e2} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" 2116 1895206f858 socket
                3⤵
                  PID:5108
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4796.2.942259656\922599009" -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 1548 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d39b9eca-c0e1-466e-8f76-6c9a36ad81df} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" 2948 18960fb6e58 tab
                  3⤵
                    PID:3932
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4796.3.1412168341\1815203635" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3580 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bf35a58-ce8a-42f4-8cbe-b1e134699238} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" 3604 1895fa3d958 tab
                    3⤵
                      PID:4220
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4796.4.1890377059\150443448" -childID 3 -isForBrowser -prefsHandle 3796 -prefMapHandle 3784 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd4f8be9-1f6b-4e6e-a4f9-0426382148bf} 4796 "\\.\pipe\gecko-crash-server-pipe.4796" 3808 189617d2458 tab
                      3⤵
                        PID:768

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads