Overview

overview

3

Static

static

3

Termux.exe

windows10-1703-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30/04/2024, 12:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Termux.exe

  • Size

    77KB

  • MD5

    24fc295b24bc1913a0fa549b8b555625

  • SHA1

    78888fc628571e85b46da2c005c46bf0e70fff4d

  • SHA256

    2aea0d6cbc56c310f1956b421e6d98489621f0edb5410004f4128a5090b336f5

  • SHA512

    6428d63758dcfdd022f87926bac6921c64d918beba1cc1f785d01fe3f247fe92df27e778cfb6bdaf59eb8b1e26bf5d13364af5ff90eeb560312e46ad3ddaf8a5

  • SSDEEP

    768:QTw20HhoH48QZycv0y6DBEMHiBrcGZxZHA69g4:QTwCHuXsy66MHiBgGZxZH

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Termux.exe
    "C:\Users\Admin\AppData\Local\Temp\Termux.exe"
    1⤵
      PID:3152
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4160
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4760
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4760.0.1905140556\1363912205" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29035847-e363-48ca-869b-8000abb5b4ba} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" 1828 144ba3d3458 gpu
          3⤵
            PID:4552
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4760.1.1742019500\1588844874" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a13b3930-e591-47ab-923e-0269d4317264} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" 2184 144a826f858 socket
            3⤵
              PID:3828
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4760.2.1849046765\1889932920" -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 2648 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {255e379d-a651-49e7-bd3a-55f355eb623d} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" 2684 144be893258 tab
              3⤵
                PID:3360
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4760.3.385296385\652645110" -childID 2 -isForBrowser -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec7d049d-6d9d-40b4-945f-c826aa04b58a} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" 3172 144a8262858 tab
                3⤵
                  PID:3016
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4760.4.279412944\408553777" -childID 3 -isForBrowser -prefsHandle 4252 -prefMapHandle 4264 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9707b61-58ce-48e1-8b82-07c1ed294666} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" 4216 144c07d4958 tab
                  3⤵
                    PID:3124
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4760.5.110810372\444776919" -childID 4 -isForBrowser -prefsHandle 4848 -prefMapHandle 4844 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b45c8b2-1e7a-4688-9e98-279cc03d044c} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" 4860 144be844b58 tab
                    3⤵
                      PID:660
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4760.6.585537920\1284684142" -childID 5 -isForBrowser -prefsHandle 5004 -prefMapHandle 5008 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc894861-1154-433b-8459-68de651db26b} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" 4996 144be844e58 tab
                      3⤵
                        PID:5100
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4760.7.730294905\827053067" -childID 6 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0181508e-5f9d-432f-9ab2-9c3a1de524e2} 4760 "\\.\pipe\gecko-crash-server-pipe.4760" 5192 144be844258 tab
                        3⤵
                          PID:428

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA
                      Filesize

                      13KB

                      MD5

                      376412bbde49553fabf764ef05fbe2d1

                      SHA1

                      8e913012cbd4ca3f4c5d30e8f833cdc626348dce

                      SHA256

                      e6f16cf1c0ea55ccd8743fe998103477305654e67827d88fa204732fb4e5044b

                      SHA512

                      4fae47ab5abe0945d4712f8a9abbe7989cda789c28c268285f69ed4100a432e17fee9ee58bc5fa1a358099a7c7ce35b51969b253b85e9c1d96b77b00b963208a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                      Filesize

                      442KB

                      MD5

                      85430baed3398695717b0263807cf97c

                      SHA1

                      fffbee923cea216f50fce5d54219a188a5100f41

                      SHA256

                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                      SHA512

                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                      Filesize

                      8.0MB

                      MD5

                      a01c5ecd6108350ae23d2cddf0e77c17

                      SHA1

                      c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                      SHA256

                      345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                      SHA512

                      b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      7b725755e2cdfc6c8ab1766b84291fbe

                      SHA1

                      050f963476b73c293c7d9390cb99c75bada5317b

                      SHA256

                      f2edb02600f6e23c68a8ac9773e5361249f1c245b7adcfcd7027bb0a1b419ff2

                      SHA512

                      4040e9327b818d8311f20c3e167260d05823f269c864598dfe2eeab6d655a06aa03c4833ccdb92c1ccac7bb462294c44d07af5e68402775102dae498a5d7f2e5

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\2387e3eb-b13a-4b4b-999e-d422d603da67
                      Filesize

                      746B

                      MD5

                      e05000f2da7f553e39440c0d95972f6d

                      SHA1

                      a039e84888bc13a2f385e33ee08ebab479d7cc29

                      SHA256

                      f003d3f072276a3a4653f6b28f1e7ac827a7e7073f17082a7248b7a07a3891fe

                      SHA512

                      29a782ed6d9fcdc80a4c42bcea52a4fcd8996ee0cbeeb16ce37e2e1539c2182ffd277628e2e1693db4bc9e4f0421ae80ec6761c75f0cf933c40c500a93c9bfdb

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\453f87c1-cb5e-4834-9042-7839ca4d5296
                      Filesize

                      10KB

                      MD5

                      c714e1896d9744cde814b47a51f7584c

                      SHA1

                      a5b1d01b30d7ec1cf49991307983350aa3c7b018

                      SHA256

                      5f3ef8ecdde1626b94d2571ec0099bd1c34997caacf80810b4a92ef77aeeacdc

                      SHA512

                      1a5b9b775a449410515ce342c929a33b19e9325fda54e7994b9f1d9149b008782bf34fbb28376cc14667b53b8ff1f1dacd9f992445e6081e4bae26f0cad9f32f

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                      Filesize

                      997KB

                      MD5

                      fe3355639648c417e8307c6d051e3e37

                      SHA1

                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                      SHA256

                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                      SHA512

                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                      Filesize

                      116B

                      MD5

                      3d33cdc0b3d281e67dd52e14435dd04f

                      SHA1

                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                      SHA256

                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                      SHA512

                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                      Filesize

                      479B

                      MD5

                      49ddb419d96dceb9069018535fb2e2fc

                      SHA1

                      62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                      SHA256

                      2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                      SHA512

                      48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                      Filesize

                      372B

                      MD5

                      8be33af717bb1b67fbd61c3f4b807e9e

                      SHA1

                      7cf17656d174d951957ff36810e874a134dd49e0

                      SHA256

                      e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                      SHA512

                      6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                      Filesize

                      11.8MB

                      MD5

                      33bf7b0439480effb9fb212efce87b13

                      SHA1

                      cee50f2745edc6dc291887b6075ca64d716f495a

                      SHA256

                      8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                      SHA512

                      d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                      Filesize

                      1KB

                      MD5

                      688bed3676d2104e7f17ae1cd2c59404

                      SHA1

                      952b2cdf783ac72fcb98338723e9afd38d47ad8e

                      SHA256

                      33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                      SHA512

                      7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                      Filesize

                      1KB

                      MD5

                      937326fead5fd401f6cca9118bd9ade9

                      SHA1

                      4526a57d4ae14ed29b37632c72aef3c408189d91

                      SHA256

                      68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                      SHA512

                      b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                      Filesize

                      8KB

                      MD5

                      a70951cfa33d9a93b7cdafab203d650f

                      SHA1

                      483318b3b3ee9825f3df3cf3a80be5a69d791dfb

                      SHA256

                      246c406bf733720269ee0aa4218fafceff9070129ad9171fba5ac535e525adc6

                      SHA512

                      27bdcdb87e8c5282b9275e2bfe6bdca2e2f9bf0273e1a7d41a8d7968f4bb919d324645f7238a15a1738cf7f5bbe04f169b9b0b2f3c3214d4fd590ccce0ddc15c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      492ffdbede17a4fa7f432e0d3ad7e83d

                      SHA1

                      5d2485c07eccc1427186848b880ea83b449b60ce

                      SHA256

                      e1029bbf559838508cbb05036ef553c3cb215626a0cb8cdee5f9a54230e80ccc

                      SHA512

                      a86c9f66ad0b6c6583a54e23cb63e5ce37879d7464d2acdcd704930cff64f6d0fb57bbabc14b8e6029a4ed84c9f53ab8d86d4af5d624511f3b8b3bef28b5ca98

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                      Filesize

                      7.7MB

                      MD5

                      50220def7016405d438c40753de77774

                      SHA1

                      309413326255f086cdfbdb385aed04888349d81c

                      SHA256

                      c44d73aaa00869306814caf360680a511ab76976ced9da3df5c97723ed223560

                      SHA512

                      d4fe20c14003f13dc6f1851c26dc61672d240f20aacdc223ea4e4763ed5a93b5e124bfa9e142078f664cb742c45e64d76d8380d953a71e54a649b31bcf566756

                      Download Submit

                    • memory/3152-0-0x00007FF676DD0000-0x00007FF676DFA000-memory.dmp

                      Filesize

                      168KB

                      Download