Overview

overview

1

Static

static

1

eicar_com.zip

windows7-x64

1

eicar_com.zip

windows10-2004-x64

1

eicar.com

windows7-x64

eicar.com

windows10-2004-x64

Analysis

  • max time kernel
    146s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 19:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    eicar_com.zip

  • Size

    184B

  • MD5

    6ce6f415d8475545be5ba114f208b0ff

  • SHA1

    d27265074c9eac2e2122ed69294dbc4d7cce9141

  • SHA256

    2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad

  • SHA512

    d9305862fe0bf552718d19db43075d88cffd768974627db60fa1a90a8d45563e035a6449663b8f66aac53791d77f37dbb5035159aa08e69fc473972022f80010

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar_com.zip
    1⤵
      PID:2348
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2672
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.0.1255014807\1315676517" -parentBuildID 20221007134813 -prefsHandle 1240 -prefMapHandle 1092 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {924a3f05-ec4a-452a-aea1-a5eba4ac0e8c} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 1332 fbef758 gpu
          3⤵
            PID:2468
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.1.775275305\1204901173" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9adaacb9-aeaa-4b42-9ccb-8f0469abafc9} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 1532 e72b58 socket
            3⤵
              PID:2748
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.2.132717590\426207430" -childID 1 -isForBrowser -prefsHandle 2168 -prefMapHandle 2164 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4ebeee5-ad0e-49bd-bd7a-e5a949aae26a} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 2180 18947258 tab
              3⤵
                PID:2956
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.3.1256897454\1362056502" -childID 2 -isForBrowser -prefsHandle 1848 -prefMapHandle 1864 -prefsLen 26151 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b302c57d-7f10-41ce-99af-467b277678c5} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 2452 1c29ce58 tab
                3⤵
                  PID:1796
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.4.1776268825\1546141928" -childID 3 -isForBrowser -prefsHandle 2640 -prefMapHandle 2636 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7876d94-7f05-4459-b06c-0352091c9a9d} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 2656 1c29f558 tab
                  3⤵
                    PID:376
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.5.977531878\349764537" -childID 4 -isForBrowser -prefsHandle 3904 -prefMapHandle 3908 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e359a8f-b424-48f7-8050-29f9b23e5472} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 3884 1ff5cb58 tab
                    3⤵
                      PID:3044
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.6.1388313984\312225572" -childID 5 -isForBrowser -prefsHandle 4016 -prefMapHandle 4020 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {692421f1-fcc8-46c4-8d07-dbdba96fc0ee} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 4004 200caa58 tab
                      3⤵
                        PID:1544
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.7.1071013926\1309780989" -childID 6 -isForBrowser -prefsHandle 4200 -prefMapHandle 4204 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1732b31d-6189-40b4-8f56-86ec00ba1539} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 4192 200c9b58 tab
                        3⤵
                          PID:3008
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.8.1299919113\172621582" -childID 7 -isForBrowser -prefsHandle 1168 -prefMapHandle 3096 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 576 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f16c0cbd-fd07-4a5c-bef1-d00305967945} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 2480 1c18fd58 tab
                          3⤵
                            PID:1812

                      Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\activity-stream.discovery_stream.json.tmp
                              Filesize

                              26KB

                              MD5

                              efbb0c4b3b9d957a33052767f6a3137e

                              SHA1

                              c7edc1f5d1fde3003680007e17da692fa93bd3e3

                              SHA256

                              5e8991a8e730b41ac96a3b48c12a55a26117d18e9bcfe5dc7cef653deb0238e3

                              SHA512

                              8c044746f8ffda1b7e1e6aa4b7be5eec04c67d4ea952077127716739405cef2574c3b05b3444ebeafd0a919006f790bc1de8c079b3f3464eaad6df232ca4ee15

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\activity-stream.discovery_stream.json.tmp
                              Filesize

                              26KB

                              MD5

                              49b397cb6e618ff438c27128f9be144e

                              SHA1

                              ad049cc9005525e94ae14323892b53d12941a850

                              SHA256

                              033ce0d7f093eba7ad10ca38f72f12b006f744acb94353a254eb502f049432ff

                              SHA512

                              7e0349ec9b6169384ca0d5cd488339b107ae5208155d2a853a43e761972efb324f18dd55d68b0a332e30753ceaff9881ff7245125c2ac2def887a0922fb87d7b

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\datareporting\glean\db\data.safe.bin
                              Filesize

                              2KB

                              MD5

                              661567600e5ce50b7d830a247ebdf35d

                              SHA1

                              dfb32df2b3cde8d4aea14f9cd54177ba8a3bb4f5

                              SHA256

                              28ad1af2d819c1fe34cf40c51b740d80b182487ea6328676c2f75b5bb51f9bfe

                              SHA512

                              8e7af2aa2f80996a1f19f8d3a4bdc3f6dd82c1934e84ef4be6cfb91c2c6adcefc81bde8d44da48f70b17e739043029093101b133a21b57f7698b147e60161bef

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\datareporting\glean\pending_pings\bdcf304f-4ec4-42d3-8d23-979f64aa1213
                              Filesize

                              745B

                              MD5

                              04639e6c25a9509cdc890c2760f08c8c

                              SHA1

                              03098f45825fd3e56a12bcace37f3779d6eb8b0b

                              SHA256

                              e657c2ae180d1c227eba0919972c34cda20b8bb9793bb970854d6b94bab395ce

                              SHA512

                              f02aabebe5db6ebbc3afbcd45ecc338a251b0c76495ff5c199d502af0d4457c2155bf2537526741d49a7cc832e2c8a3937d41da016344ad32a869952f53ac205

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\datareporting\glean\pending_pings\c46469a7-d02d-4e6b-a745-5739f9f3a5c6
                              Filesize

                              11KB

                              MD5

                              e460832e6de7bfd1fda95bf256d2ef5f

                              SHA1

                              212eebce392b50c1e726a862123e979fce9d7751

                              SHA256

                              8c6d47b5ab4d7600721e50027ea1e57e070d45f3bcaccba262768a815ad7f34d

                              SHA512

                              204628249f90c886a006948369978d725d622d9dbbd495d083f12bd3ccaab530370dd0d9a254070ec5c09eea4767ff5fc5585a33bdef1c1e3da31dc8061e6d59

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              a7d8a34261f94a3fb6e019c01b565a40

                              SHA1

                              ece3f20d81602bc602a21c416afe8bc8263731a2

                              SHA256

                              f246c17d4dc3dda755d7fd82f6fd0e428d78a311743eb32f04587e7a7f219543

                              SHA512

                              ef751c18fb73ab561e701738b19290a89e1d3af22217d23a4175d38bb30991405f8c7f6d555153e7b1417570c7bcc1e8a04db82bacff1582058feca99a76f365

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              fd8c93c8c3cb683472714178bea2479e

                              SHA1

                              ac04292b413d3fb18012ca235df9bf6ce5311556

                              SHA256

                              9bef8e10afea64b3d1c2a35473c866f1d33c1dd914c044c865ee46e72b51f5ff

                              SHA512

                              147b72ed772ca9462d4f0ea8f4c0c1a1a2f8691b72ad050e79eeeb7ccacbdc33224b884c1e7be5c44da6b25c1cabd25e8e810212a5f604a3e6852c1ecba71adb

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              05f18c0e7ad8cf502aa4b6d8913a6b13

                              SHA1

                              64d0f578ebf6ea6d71512209aa82367749f9220d

                              SHA256

                              307c48574da3e14b981efe67472c7bb15f3cc2565fc97238aab15886ca103a93

                              SHA512

                              4f536b0ad5a0eec6c204b3ff4da7a504bb327e3bf6d8d6a8d4873ae038977159c5238bb49a5013d64c17bb0d70f52cb2051706156f9e925af7a5d76d093e8deb

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              3KB

                              MD5

                              0f3d966458b76a74fccda597d3fd561e

                              SHA1

                              2f8b09851a0259f63bfb3fe33aa318360373baeb

                              SHA256

                              b2008a5a0b6d769a113f4d98bd60f958715fcba58dc58d9298c088687bc19b0c

                              SHA512

                              05795dac3182639e6e836d9ecde62e673c22ebd44d16df5cb1007710833e11f013ba505afbabc99e6ebc50ab610507b4af52a87588c5941627a50504207c9222

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              1KB

                              MD5

                              f884601aad63544629a99ee750b74582

                              SHA1

                              816230028267091e6cfb521f36b07ac8b0448fb6

                              SHA256

                              dd03cecb17ab922abf38a7cb68e621a1583ffc2f99a2f35eedda88292586faac

                              SHA512

                              2753bca5dda036a97e87852266320147fb9dc370ba9e4f74025679b1d6ecdab3f01c0348d262269fa003b2d112bf3a59e8196d24b32df8a600dc81fd22197095

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              3KB

                              MD5

                              5a5bf0f6fa3821468056ef5118dafe92

                              SHA1

                              db3d062de75320a73d4165c300cbcf00876354c8

                              SHA256

                              3904a7be67a7fe342ac6f4f4d3b22452d503cf47fd02e40a6cbeaf8684e438d0

                              SHA512

                              e5952ddb65de7e2f50f17bc147d053508fa1c37c73cb8334033ab05f76219b3692b76156070ec19cff9cfe9db0e1b6adee6d3c0c212a81f58036b3517cff9430

                              Download Submit