Analysis
-
max time kernel
127s -
max time network
113s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
-
submitted
21-05-2024 16:40
General
-
Target
Easy_Iauncher_1212.rar
-
Size
9.3MB
-
MD5
d4c7a100f2d5bd3e51f7b8151f4c2bc6
-
SHA1
e184941a04e0124cd00c6a7965a7403cd74c04d9
-
SHA256
197cf7e3e961eef0e3e7dfebb7ae642f6738986d5eecc2fc041a5ec611e89c97
-
SHA512
bf945ef2abe884f8e085ad48005a01d807581f410f18756db32cc0ac1dacc753a78dfc0b6dde7f5b714c229f9e89ae9fb3b91024fb5b0aa7b80311f642cc03bb
-
SSDEEP
196608:OFzyirrkS/SoYr2w6xGIuX45hyWImrbzR024zhGmrNeeYJxKrbpj3/jDROF:OBkSqowMx5rdImrbd02KxKxK3pj3bdOF
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 26 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 3 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SetWindowsHookEx 17 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Easy_Iauncher_1212.rar1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Easy_Iauncher_1212.rar"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Easy_Iauncher_1212.rar3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0de807d1-ea07-449b-a67d-7aa4425f70db} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" gpu4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {321d1b13-addc-4af8-b7d7-8e1622219478} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" socket4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2924 -childID 1 -isForBrowser -prefsHandle 3228 -prefMapHandle 3188 -prefsLen 26520 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f18fa0ae-b8ac-4282-a4f1-94c387e9d692} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1468 -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 2580 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca0b6b2e-92d5-40ae-acde-c11a710d187b} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4700 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4696 -prefMapHandle 4688 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {817fc9fd-f4c9-470b-95e7-fdf92cbd92c9} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" utility4⤵
- Checks processor information in registry
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 3 -isForBrowser -prefsHandle 5596 -prefMapHandle 5592 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a7c255-d3fb-4e58-8f4d-14abd4fbe257} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 4 -isForBrowser -prefsHandle 5740 -prefMapHandle 5744 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75579365-3060-47ce-93a5-f6a547524961} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5948 -childID 5 -isForBrowser -prefsHandle 6024 -prefMapHandle 6020 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c754404-b318-43b9-b515-7ef558d6914b} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Easy_Iauncher_1212.rar"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Easy_Iauncher_1212.rar2⤵
- Checks processor information in registry
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Easy_Iauncher_1212.rar"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\Easy_Iauncher_1212.rar2⤵
- Checks processor information in registry
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Easy_Iauncher_1212.rar"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\Easy_Iauncher_1212.rar2⤵
- Checks processor information in registry
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD5f8cfe3646e491a46e1ffa8db8e31a658
SHA111c058e2b8b75b41f16c3b9eecbdb0c2531910dc
SHA256508316cc3b71104cb885a7010ac047a97fe4f9b8a99091ecdaf35b1293b30614
SHA5122a95956bcb4c34f98656e474509d276acc750485b8dccb0b0cc7e5c06643d3d6bea0f21e322a97b8b795ec388cfb86ae81889a1a666b59514fbf71ddcb826d65
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
7KB
MD599d5ff7cf02a5bbabe2b12a57f0bcef7
SHA1a7d8d7f302480abeda1d52b77d1bf0882e281c37
SHA256c29c03c6700490511ab7ab4268ad0aea77d1986f40c4d17fdd98b49f0fde17f8
SHA512153965751889d670afe90e6c33c19ee77a7a5b70febb395098604fecb00df5a3233cad4fc2781da0c3611396438464d214189993d83602da3a823f252f4cbf96
-
Filesize
5KB
MD53ffea6aa5d4bb95a5db2e9b13c458a43
SHA1ff2f8e7e07681ce0cacdcf978f6a13f59ecfd5ec
SHA2566459e585c7e9572e8d4f229d1e67650a45d5b168988ea58ae4aa711a1a5fa0f0
SHA51291180857077dcd006ca374aed23dbe4a24fb2f950cac103dc6c6d6c904fb22d376f16f164e1436884714f68c26aeecbb5986b3837904cdc6e1e63cb682334632
-
Filesize
6KB
MD53ab76229e57b40c6e4ba77ef5be3c88c
SHA18b0b49d74f03575ed203482c1c6a064a9f0e317f
SHA256016cd67e1d902e803f43f6b7f4cd6d59a4927fd99d470928566c2bdd04e4fa0b
SHA5121c070cd2e907cc9d985bd70a53e72a577b1a88ad1e89874b19e5fed6cc31efde125eaddbae67395e3c391664ee6f7afa711fed8ea49b1bf1517485ace0968a22
-
Filesize
14KB
MD583a1a440ee88b3de112014b8d25e34df
SHA1b250e04b7fe3339e9a5925841dc50a5599ef01ce
SHA2568599ecb11c6c5da9c363bbef0691238c65aa4d879eb82daf7f493e099e76dc57
SHA51295c5257f270272f71b1d11cec3d25162987f4913fe47e0eb757cc6f9466ccee8005bab3a1d352775cc7e435d650fcc80ccc7fb554411a10f7f98f30b78998889
-
Filesize
6KB
MD5c82374dceb263c371d03b5eacdaa298d
SHA14c2cfaf55a86f994bbb9b79b778f408c802a3b5e
SHA25612cd097a5221315bdbac55fd074dcdcdd803ced551568355bc96a836c0d01461
SHA512323f22f9a0eb95ea68335f7a2c87e131bc4869bf1d7fbc956bfe7b50ad740bc3945c833db2d2ef09fb08539cc8116313a624efa7ea8a51910909b3d06eedb8cf
-
Filesize
671B
MD53a32d2bf338e5429fadc850e280352b8
SHA197c8fe65d80532b9aee1405a2163bbed55739f78
SHA256c2f2ada263263a33e2a77140380f172ae3019be2797e072993c51d433838a867
SHA512cb32c8c0930abe8fa7457ea919a18685ee8494520ec18d3566783f56a5bfa74d99097a72744baf6fbc214c94655ad83b97c4b1e12932183cc9e019ae10bd8509
-
Filesize
982B
MD5eb56a8024c35eb35c636d3cf11cb3182
SHA161fe012bdf7d7db80382a4a753a77af3a4d0ec46
SHA2566c9bb040dd4dcd2d9bf555be2744d738df08af0f5114728c9018c6243090e98b
SHA512e715f8d9764269318023aa6f52bd10d520fcb73f60fdebc79219626b44d66b53c0b5f9c96efb530ff7d5d86bea6ffadf9077ff5541554350024cd551c9014a76
-
Filesize
24KB
MD54b18e0ee10ce44a08329ce6452c4b70f
SHA1d5b3e37e8e98f90ef30213b8fa8b1c78f450ac62
SHA256368bf742feb29d2a8c65ed31bbc2cf4b6f338d284d1631e5a8c3626900676d29
SHA512f55b5d21cb2e7ad8304c3284f9e19332bd64194446f3279f54fec1fff5de20fd4f1ca47a733a64dad309959a39a42c6c2af4810784245883a9917c7b69b3bfa9
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
9KB
MD52828c341ac481fe33655679672d4d5af
SHA1521c2f85423e517fd01ba5e3217ec20e9c7a560e
SHA25638485801d7b3a5fd879318ded086e0647e1864bed2e5643cf1e69d5eb05a2fd3
SHA5122fde93ccae3dc34c2d940da13f4a1b119bcf27106398e0041362e82a4df2e01fabe8ed63d7e6a81b10c388a9bbd8c7a6aad57bdf08ed562011722b175a4d6b7f
-
Filesize
9KB
MD542c6c490db962a18114c8c7ff1f43122
SHA13b8befe010d0575cacde46acce784a83b92abd3a
SHA256bed896d28ec56e1daf11c9b3edc3f88eb1fd56f5c54018d376e26890df60c5a9
SHA51222b0e7e92185891d73aab2fce59e03c0759e73f8000519450801823580a1212c4076e665d36ad40e28b7972ed774d3cbe6d95fa15f61340c49f20ee82a3fb86e
-
Filesize
8KB
MD5d5fd6411ea25394645a24c613b8525c0
SHA1cfe6cebebe59ef6439710d78379b5c7e01af80d5
SHA256079e22cd9f294f9a28705649aa3805a74ff3b54c9e42f3d6e17bcdd180caa990
SHA51226393165ba753972422ecc6d3a44005222b654718179acd8832ad00655df08753d9d9d0e19ea9b321141079bb8942cf715b4813cbaef52ea1e21fc8f67647c0b
-
Filesize
8KB
MD5be2c0bfeacc1ed7ef27852bcbe9146c4
SHA1e8820eb4b97b135ac36af19412a0eab98dd31f4a
SHA25638bedae66fcd8ef94574f674773bbf38bc01127e35456eb119d0e913b313b0eb
SHA51264510ec8b28a6677186f9e9d3f544a51280491db8f10881f33c7b3c869156d8f02733368abf0c4ab91a3c2035003bbf6e3ba8334bd567bc79c4f356d0061eac2
-
Filesize
8KB
MD59754fa83d990fa92357fb64f2d97a3e8
SHA13fe24c22b8599af650a74ccb693fe69554415037
SHA25685c01d09952d40add8d5f2353ea435764d8c74fc316823e69ca81dd6b77bc8e0
SHA512ec089d187fecf6f3da3e31edd30202f9c424aab7d700c0c336fd5e9c43589ad878be9d551c0d9b770a71f52b807d8fb577188758315c66d9e694b982981984ef
-
Filesize
1KB
MD52519ca16786ad97f734f38b98767f3bd
SHA14cb1de7fc92f8b5ba4447414f2d738c7355de597
SHA256f39769fba2105b618bba508f76aecf2c7ad4d5dd99b852aca1f61f356a796cc0
SHA51251aa417a06ede9b8137649ee5c7e1ae95394526c2fcede7e42b6e9a85e14f4c7d27775183be752855e415feef4018c746c98f29abed14e52562a6a06227905e9
-
Filesize
1KB
MD5614b81e111f9e8c0ccb9a2b29e4f36ed
SHA10015cb9ddc45e4c127f656912215fc2747b5025e
SHA256aaa3d542f6bea4f16b0df3c31fff161ec87a4cdfbcbeb677fc589f334d79289c
SHA512be72e37b4c306e96e31e27df7d7528251959d7cbbce3b68e9c27f58e31dc7990b30f9c8092b9065a9898ecb80897d916ce029aa0705fb95ec84632d1de997dfe
-
Filesize
9.3MB
MD5d4c7a100f2d5bd3e51f7b8151f4c2bc6
SHA1e184941a04e0124cd00c6a7965a7403cd74c04d9
SHA256197cf7e3e961eef0e3e7dfebb7ae642f6738986d5eecc2fc041a5ec611e89c97
SHA512bf945ef2abe884f8e085ad48005a01d807581f410f18756db32cc0ac1dacc753a78dfc0b6dde7f5b714c229f9e89ae9fb3b91024fb5b0aa7b80311f642cc03bb