Overview

overview

3

Static

static

1

16256-1139...k.avif

windows7-x64

3

16256-1139...k.avif

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/05/2024, 03:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    16256-113921-f76073564_4k.avif

  • Size

    127KB

  • MD5

    dd6c1f05a99a8b0a46089d2f802fc2ac

  • SHA1

    da1728449863d633a2ba14840881b30e99f12d04

  • SHA256

    d1b4d69db2643b5440c020407a751ffc16ecc525944e32131e3d96b1a6a4170b

  • SHA512

    4b4c55616ae8c6b4a3de222d6d8e0f5cc339a2510d8bb74c060dce659f31e380ab99d09bfa2e6708f22932bef9b66718415e6294138d351b5a5c038b06473fb4

  • SSDEEP

    3072:sWLBhItkvgxcl+0MmPh9qXRzq0NMoHb7VX7rqZEm5FYR2:sWLBhI+ocl+UPh8huV0UZ7FX

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\16256-113921-f76073564_4k.avif
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\16256-113921-f76073564_4k.avif
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2584
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\16256-113921-f76073564_4k.avif"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2432
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\16256-113921-f76073564_4k.avif
          4⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2940
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.0.1565578340\1960854831" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1128 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efe0be53-e215-4070-a794-53365e3e67dc} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 1312 eadae58 gpu
            5⤵
              PID:2860
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.1.1397952279\1806228603" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8143ded-db4e-4b1e-b63e-42110ea543a8} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 1500 d72858 socket
              5⤵
                PID:1672
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.2.1578858486\71232596" -childID 1 -isForBrowser -prefsHandle 1988 -prefMapHandle 1984 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1a7aafc-cacf-44f4-8981-a68b9fe6387d} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 2000 ea64e58 tab
                5⤵
                  PID:1748
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.3.487685006\200236912" -childID 2 -isForBrowser -prefsHandle 2648 -prefMapHandle 2644 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28bc7c77-9791-4831-8858-9f373a334900} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 2660 d61958 tab
                  5⤵
                    PID:2616
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.4.284066745\1434752176" -childID 3 -isForBrowser -prefsHandle 3624 -prefMapHandle 3628 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {391cec83-99a8-4510-a115-f0dc638e9049} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 3644 1cf8fb58 tab
                    5⤵
                      PID:892
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.5.1553283190\1267919943" -childID 4 -isForBrowser -prefsHandle 3756 -prefMapHandle 3760 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c5fb089-d55e-4eb1-a765-ff6fe4a47cc8} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 3744 1f096c58 tab
                      5⤵
                        PID:2328
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.6.957392658\1606168462" -childID 5 -isForBrowser -prefsHandle 3920 -prefMapHandle 3924 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b76a65d-d1ce-42b7-8f74-5e4443f6b328} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 3908 1f094258 tab
                        5⤵
                          PID:2816

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ifb4waqr.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649
                        Filesize

                        13KB

                        MD5

                        66cb57b7b035726fac39ebc0bdca6af8

                        SHA1

                        c9f3217ab7873d832831e4fb27155478630908c5

                        SHA256

                        565a0a83e4788d757b3bc523c1aa50bc51f81c4b2629a13d7946281cd87ff853

                        SHA512

                        f0fea26687f32e848c38b2dafce8d6613a05939768e1353e7cf0650f8ffe314ea6479d4874f970ff0c7e13a17dbe0b1ec02720ba71cfb62ec706454d251f31c3

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                        Filesize

                        442KB

                        MD5

                        85430baed3398695717b0263807cf97c

                        SHA1

                        fffbee923cea216f50fce5d54219a188a5100f41

                        SHA256

                        a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                        SHA512

                        06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                        Filesize

                        8.0MB

                        MD5

                        a01c5ecd6108350ae23d2cddf0e77c17

                        SHA1

                        c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                        SHA256

                        345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                        SHA512

                        b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        9KB

                        MD5

                        c02daeb24cd9fe2b872ffbfb9b2b90b6

                        SHA1

                        36f3b7cd6563922f3c32d5cb61b8138b84a34268

                        SHA256

                        3f4d8114d3bbf34dea5f54bb8df8ad169adc61d25b2e50f8c7bdcd45ee674408

                        SHA512

                        f387aa28ee8fec31ee9623180918d01822d2fa284d318c12c4aa633af5cdc3c9622e5f98b5e1b3cda3882d4482bc51910fdb1dd02ef4db6b71dc83902b0dde97

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\datareporting\glean\pending_pings\b9aa9669-3506-4e16-b172-59897af5cf1c
                        Filesize

                        733B

                        MD5

                        81478cb95152e17bb8f7799b60fc11b6

                        SHA1

                        3bc496f0ba44aec0f4d7f74b86bab255fc8d9c0a

                        SHA256

                        0630541ab099efa8c1b4c51b402418c185408ceca0dafd90ff9b382f3e5d0331

                        SHA512

                        8e71117bb5dcd61c8e5451746390e679c8387aa7de5e4a83e168c7eadd76e3fbca0da63e777cb075282eac73f69a5b8082ade7ed6832dac5df5b4c9c7ed7e3f4

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                        Filesize

                        997KB

                        MD5

                        fe3355639648c417e8307c6d051e3e37

                        SHA1

                        f54602d4b4778da21bc97c7238fc66aa68c8ee34

                        SHA256

                        1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                        SHA512

                        8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                        Filesize

                        116B

                        MD5

                        3d33cdc0b3d281e67dd52e14435dd04f

                        SHA1

                        4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                        SHA256

                        f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                        SHA512

                        a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                        Filesize

                        479B

                        MD5

                        49ddb419d96dceb9069018535fb2e2fc

                        SHA1

                        62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                        SHA256

                        2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                        SHA512

                        48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                        Filesize

                        372B

                        MD5

                        8be33af717bb1b67fbd61c3f4b807e9e

                        SHA1

                        7cf17656d174d951957ff36810e874a134dd49e0

                        SHA256

                        e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                        SHA512

                        6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                        Filesize

                        11.8MB

                        MD5

                        33bf7b0439480effb9fb212efce87b13

                        SHA1

                        cee50f2745edc6dc291887b6075ca64d716f495a

                        SHA256

                        8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                        SHA512

                        d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                        Filesize

                        1KB

                        MD5

                        688bed3676d2104e7f17ae1cd2c59404

                        SHA1

                        952b2cdf783ac72fcb98338723e9afd38d47ad8e

                        SHA256

                        33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                        SHA512

                        7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                        Filesize

                        1KB

                        MD5

                        937326fead5fd401f6cca9118bd9ade9

                        SHA1

                        4526a57d4ae14ed29b37632c72aef3c408189d91

                        SHA256

                        68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                        SHA512

                        b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js
                        Filesize

                        8KB

                        MD5

                        c3838141fd59fea6ad7a33971dfd2cf0

                        SHA1

                        95a6e55283390ab959a1de7bab6ddf2fe2aad077

                        SHA256

                        b97c89c6a7f0c4e85b324a5cee87b17fa4d1bc9b75f7f0be10205cb21fbc9dfb

                        SHA512

                        17025c570686bf6fa0d3b4bfc15fb4035772a86ba00c9083db0318e5bd37b512a33c287601eacf4ecebd5670261561e35627bb269e1d9bb33f4957986fa91773

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        9673e0708975c9da4683b255877406c7

                        SHA1

                        4bf31d8f37f3c0cf1dd8f0000a7b39824986b5cd

                        SHA256

                        50a7d44bfa2b85dcbace8b1db1084773a730b56dcbcf6ae590586d874ec02221

                        SHA512

                        99c1a116d60af958a374b2751067cdfc32df7a7c5d044f96134ffc93931f494db2b0756da9ca15b4bdbad967fb952290422ca25d4ec9c4fbe3c4c5582c554de5

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        fba470eed9b91aed51deb05464791d3d

                        SHA1

                        ff009a3b12d9bb8e5bfda41a28c9918a95670cc1

                        SHA256

                        5449da5d52db05be52e1eb71e6be5517233fa497804d21b74d0fb4db35171ced

                        SHA512

                        7cb53836e1c47726b7712b64da720e75d9926b3ff8b41eac736441e659a1c90cd5b92a68a8e7c9d91b2da0d7325997134f9eb0365f071423ceaaaa08d97949e8

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        7a0b9bcca566f768b83654d85cf679fe

                        SHA1

                        25a9567879ce53e30d597b97fac4d00aee25656a

                        SHA256

                        9be41ed2ea53fdbc4ec575ec918a8f1fa775ee24d917cd5d6712e20a19b6efce

                        SHA512

                        382b19683b21ddb2e5489785a7299924357b3f6184d25a7fc038f7346403b291dfbad7703c40db85c9cb05a35979115a420909275d77b5371238a908cc93a20e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ifb4waqr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        7.9MB

                        MD5

                        35eb092e946dcb52c064f0a114124b5c

                        SHA1

                        9e0ff1d298eedfef4112e922675aabcb99f2d6e7

                        SHA256

                        8c47a023b28d8a1e489acec902da639f179d4955c2deb7d59ee0aa28ea66791f

                        SHA512

                        20378d7373b52c97e582b8f5122fbb79e83b7448b5d91741e4b7ed6533e46aa44677566f69efcb141b89891aa5256829d7a741bb5448291e7bf3d3ce5e68e1cc

                        Download Submit