Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
-
submitted
29/04/2024, 12:02
General
-
Target
42.zip
-
Size
41KB
-
MD5
1df9a18b18332f153918030b7b516615
-
SHA1
6c42c62696616b72bbfc88a4be4ead57aa7bc503
-
SHA256
bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
-
SHA512
6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
-
SSDEEP
768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 6 IoCs
-
Suspicious use of SendNotifyMessage 5 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42.zip1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.0.1312636409\207317500" -parentBuildID 20230214051806 -prefsHandle 1804 -prefMapHandle 1784 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {975351b6-fe69-4d46-8435-8fb7f94902c0} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 1884 1d23540dd58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.1.1609236492\1066806203" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a16fa290-8cf6-478b-8f1c-2f0f2bf07e15} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 2424 1d228686e58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.2.2103945032\462589308" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {143b2b8b-a1bd-453d-9240-4c6c0fa21f4e} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 2948 1d237bd3458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.3.774848304\1676023948" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3560 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5d80265-1c27-4a4d-969c-fe25081588e3} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 3576 1d23ad42358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.4.814412820\876774008" -childID 3 -isForBrowser -prefsHandle 4644 -prefMapHandle 5088 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51735b41-89fd-4c91-bfb4-2702924e0d1c} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 5100 1d23d174a58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.5.73836386\724070191" -childID 4 -isForBrowser -prefsHandle 5244 -prefMapHandle 5104 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f61043e-5b17-48d1-b665-d06059e86da3} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 5232 1d23d174d58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.6.1406331201\1471497822" -childID 5 -isForBrowser -prefsHandle 5436 -prefMapHandle 5128 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {228ba716-b73b-4bc7-a6c0-98dc78d26de6} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 5424 1d23d175958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.7.1867603341\1832089753" -childID 6 -isForBrowser -prefsHandle 1620 -prefMapHandle 2764 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5121c263-d9b0-49e7-b28c-047aa10870c4} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 5668 1d23bf9e758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.8.853134058\1049559710" -childID 7 -isForBrowser -prefsHandle 5156 -prefMapHandle 5180 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a74c9cf4-ae3d-4e26-9d06-03196de13250} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 5172 1d23e5c4c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.9.149617077\296251359" -childID 8 -isForBrowser -prefsHandle 4964 -prefMapHandle 4960 -prefsLen 27960 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {632eb208-237e-4e86-a623-07d4f70e9983} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 4940 1d23ed42c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.10.1542653670\304794218" -childID 9 -isForBrowser -prefsHandle 6260 -prefMapHandle 6104 -prefsLen 27960 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42d0078e-3626-457f-9009-dad3668f7568} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 6180 1d23bf9fc58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1608.11.401595119\411585686" -childID 10 -isForBrowser -prefsHandle 6584 -prefMapHandle 6592 -prefsLen 27960 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {669996ee-ba36-416b-bd09-2dedd2e9f18f} 1608 "\\.\pipe\gecko-crash-server-pipe.1608" 6600 1d234223b58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
26KB
MD55b805cffb693154a3bd8b0e9971b8482
SHA1dd8e7aac4c82a3290994c1248d0f6575bb392d45
SHA25660762ea6d7384ccb4d6fbefdd23edf43a774e44507b487cc8284feaff9e508bb
SHA51298f3c4da6e376894e2d5e1278a307520bcedc40d0d199e32a9b28197c034748a4a030e7c566825051e47590c847e0aeb910f38e97e1d760683ab58a83241a030
-
Filesize
26KB
MD5e07675d4022fc54826f5a3dea79579eb
SHA18b9aa24ef856c9cfbbe52e94dfe287861b2a2166
SHA25663b878f69fce30102dab18ac69cddfb7bf1a7095fb39c6a13f5b0049ec0b9fe7
SHA5120557b36f92d5714bc9b4c4db6a596193f8cc8ff2e1fd55c3410314a9fdff657164376895b69c6b005d6dbdb6025c521857bf8adcc58357921bae2c879984ac24
-
Filesize
90KB
MD5465e1d2381284fc1dc5550ac12b0ab3c
SHA174256fa435bc20f859669073dd5b1218ff03ca98
SHA256f5f3a48af3c126b20b26d53f5513c00c2163bb90956dd9acf538750be709ba07
SHA5120b2c764b876a5e91ee0e1035229b6681dadaf3f1a92aea3a953dd1c7464b74e3a02d0b76d8af6d988ff3dc50bebfa7db77a4902ae183e5ce789c2bdf55145c7e
-
Filesize
7KB
MD5a1ad02b3dfaa506531c5947cec7ff0d7
SHA1bbedd91dd58d7cfeec075c6e1cae30e063a85f89
SHA256ee7e8895ec2ca1ee75b3fbedbb9343b9acbcbccc1b2a4b9d8c1583cd2be4dc3c
SHA5126b2a47c3ece239090fb86b2584600ba3fa94f4243e7116788f74133b0f2036442685edb11b94db1f393e6120cc7fd806da2a0c888b542eabdb9e715a90e3101d
-
Filesize
6KB
MD544cab68676ec6a44c4bfb381cb12ce96
SHA1fd8aadbe34349392c8d9f66427daa42efd6b308a
SHA2566a3a5198e71935d6629b5807bb2b6e9fe3efa42a185271a4f13765adf002ce7c
SHA512050cf981d7b0b0c454b4228220f0a149262036b375b4685602cbae9696d1ab38d1ae332e853ba2263c58aaa787a8a89dd816789bdaa15438b800c34125ba110b
-
Filesize
7KB
MD5b18e2ac71c0903be62a6c5d015d24db5
SHA146fa0cb5b53a839acda6c83ede005318ca4a4817
SHA256ad23d6ae23edbb204f841d1565eb053852a84387e1fe86251ffdf5b1262c7775
SHA51229c9a8ec4ea69dddf7a47db2ab6d51cbf87ac08cc24f8ac6879a7432babc1196d765f8a4c4f9479fcbc5c66c5759493a2cd083ba2a8ebb2379c74142a75b8f8d
-
Filesize
7KB
MD58e519a68091c0cc782834652f84df884
SHA17acb3e55ed4e1dfffd8857be8c7d8a058d73fae9
SHA2560b558c581cb7c30fc8e29fa4e11b192e5ad55d4124299d7c91028cf93ecd9009
SHA5127cf91658c819bb1b603d62fa74a153cf08d6b145c4f82661075fa551f234826b2949b66a76aec6bc831025e6e584fad6c824e34203fc1620239a69445d455e9a
-
Filesize
13KB
MD5e38b201e144f5ba08299977adc381ad0
SHA10aead5717887817402fce9d3399f40b3d8012917
SHA256579ace18946481b7fa886e651eb4c3be915cd54ef4a2a0b8acf82dc05f676602
SHA5120740a23bc78f34603ce973e0324058205c9476d920ffc55ced8a2c49b19b00a52d2be71744d862a85eac4a618aed512575916d2e1debb33493362584830f75ac
-
Filesize
13KB
MD53bae71500ff61f263cef512229643d87
SHA14c7f69ec10be00637eb973ce64fb7e5773d1ec69
SHA256b1620cd3bc54a57cc2bdb91dc398df2b2c1c5e20d9f83a976158b78bdb74c559
SHA5129c67675f0fe73671c958b7d61fe1b83ea65eacc25790269130c3baa893272d13ebf3a613e425cf59b3b9bfd5cdcc7bfd718f9892b7ed6525aa95c58ed2a17c60
-
Filesize
1KB
MD5f294fa8fcc07021b6a6d1eb5a4b376af
SHA17d0878a287d76968554330279c1a86b20d3fb6b1
SHA2569a3700e7c8b7c061b88a5864cca56f702baceedaffcfc940869d489dd183dbb0
SHA512392fb70a8d08eeb197db2c8653effeb0d93450b6b117d4dcb57b73e9e5807e0ac3650908941b86a2d8e1ce89c40cf964705af496e760af5aeac4a3c330c2d2bf
-
Filesize
11KB
MD5e237a9522872649a12be5e85bca710f8
SHA1cf73a7e1a8f60de033d921d196a27923205f12e5
SHA2568767f7cd73d85eb11d0421d0567029088f5bf9337a9a16a823ee4f4f2afaa79d
SHA512169ac6e123ef8c433a582c4840689968d8b1837c8ad5203b2625be38c912be21fa64239f5d84769b849f34dc475ab8960deecb6070ebfe9d6edd10c572062441
-
Filesize
13KB
MD59489b8fdaf8fe6cda512624ae042977b
SHA12504a45bcd6fdcc1e0550ab0dc5d1da95e410851
SHA2560c70fa3396ebb027e2197404fd822fc76162ea559d0d3a4ddae733bfd1ec2ae4
SHA51263345913cbc9cd622bcbe8eef09c970ac6b81ed431fbda180e31407c1f370e11d8bf62613dcaa03139d22fafc6727a646239ec21f9dcbfd09c15316cedcff272
-
Filesize
2KB
MD5458d2de1b15816375d733955774b54f3
SHA11eef839cf4ededce91dfd4c2890e3dd5e795c7bf
SHA25619f27b07f1dc509e9bc7f854c5cf98be7d226624e9ebb5d831310ff3f6c4b80c
SHA512570e5086008092479008d6dce7a32d1ed7dacdb23d9f63f36ed0cbedc9f85c70c5523c6d70d7c4aa9fbdea139bdf48ca37a84226b526136f03c6058a23744261
-
Filesize
41KB
MD51df9a18b18332f153918030b7b516615
SHA16c42c62696616b72bbfc88a4be4ead57aa7bc503
SHA256bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
SHA5126382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80