Overview

overview

3

Static

static

1

Capture1111.png

windows10-1703-x64

3

Analysis

  • max time kernel
    209s
  • max time network
    195s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25/05/2024, 05:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Capture1111.png

  • Size

    38KB

  • MD5

    6a0af458d9b2465fb286ae568bba41dd

  • SHA1

    4547c89c85caab332b72fbbcc9b3ae588f20b3f6

  • SHA256

    2e017a94c61f33e0c7bef748954a341adb47e242b111129b1e3eb5d18c309e6a

  • SHA512

    33f3d8b57b9b417a253a12fa36b36eef915fb49546361dcbc36ce649627f13e28e4c2673364d03d514382b1f7f4438758923e14b49b40b4526cb8ec7ea1a254c

  • SSDEEP

    768:zGge5nxu5r5T/XR7MSqwqFTHgoiPATeRrO83261MoZSuecPPaz9sEAxpbm:Enxer5T/BgTTAnAT5mreUPaOnO

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Capture1111.png
    1⤵
      PID:4912
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4960
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:196
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.0.1881871238\1150817984" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1660 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a294df1-2c20-42b1-b4da-e30a410e2aa9} 196 "\\.\pipe\gecko-crash-server-pipe.196" 1776 208b32d6458 gpu
          3⤵
            PID:4896
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.1.886461800\1935792745" -parentBuildID 20221007134813 -prefsHandle 2120 -prefMapHandle 2116 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40d81ca8-77a2-4113-83dd-6e09a0838889} 196 "\\.\pipe\gecko-crash-server-pipe.196" 2132 208a1072e58 socket
            3⤵
              PID:4484
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.2.920074581\894547885" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2928 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f629361e-9873-4357-b1ca-823efbde6fe4} 196 "\\.\pipe\gecko-crash-server-pipe.196" 2780 208b325db58 tab
              3⤵
                PID:5024
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.3.916981342\768160993" -childID 2 -isForBrowser -prefsHandle 3468 -prefMapHandle 2808 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e91df17e-5979-4506-b6ee-322fb9622e2a} 196 "\\.\pipe\gecko-crash-server-pipe.196" 3536 208b5cb7558 tab
                3⤵
                  PID:4456
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.4.540136104\1662944352" -childID 3 -isForBrowser -prefsHandle 4108 -prefMapHandle 4104 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8517c120-9a0a-4b54-99e1-ce3fa870f25b} 196 "\\.\pipe\gecko-crash-server-pipe.196" 4120 208b90fa858 tab
                  3⤵
                    PID:2064
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.5.516358045\244087879" -childID 4 -isForBrowser -prefsHandle 4812 -prefMapHandle 4892 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8050adee-5903-419a-9802-6ab308d3c75a} 196 "\\.\pipe\gecko-crash-server-pipe.196" 4884 208b7554158 tab
                    3⤵
                      PID:1792
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.6.307248449\172889561" -childID 5 -isForBrowser -prefsHandle 4960 -prefMapHandle 4964 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41335aae-0ca1-4065-978a-1db6b8101eeb} 196 "\\.\pipe\gecko-crash-server-pipe.196" 4952 208b7554758 tab
                      3⤵
                        PID:2200
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="196.7.301876457\1482400891" -childID 6 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f629307c-aaa5-4aa9-a130-660b9c8ce0bf} 196 "\\.\pipe\gecko-crash-server-pipe.196" 5124 208b7555958 tab
                        3⤵
                          PID:1536

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649
                      Filesize

                      13KB

                      MD5

                      ff96dc9c018fd8907d9fce6a23b8cbe5

                      SHA1

                      442d99267e97af766b875d867b90d3a83628f52b

                      SHA256

                      e461417a80ca92024283d5c2e14c953912b56faaef767b463a09f4a0487a66d7

                      SHA512

                      80a4c1e40340a675c17fe86fed7acef9e267d91c556430676e7ee4f5ab20c506beb183fc3a50f29d7066ea64bb6fe89027e87355ae4e4c1e901a8133f46aff2d

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                      Filesize

                      442KB

                      MD5

                      85430baed3398695717b0263807cf97c

                      SHA1

                      fffbee923cea216f50fce5d54219a188a5100f41

                      SHA256

                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                      SHA512

                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                      Filesize

                      8.0MB

                      MD5

                      a01c5ecd6108350ae23d2cddf0e77c17

                      SHA1

                      c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                      SHA256

                      345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                      SHA512

                      b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      d10a1017821170ae5f73362530f26b0c

                      SHA1

                      7c1ab7bc6412904ad4e6f316c131b630a65180a8

                      SHA256

                      4c0350d40b7c6431c31b448daeae643243a2495276a12398708b76ed937f7adf

                      SHA512

                      80128c25bd9c57725d93c1d9848bdeb9e8cb707fed3039c3252bb654f8f169a3f80fb54b358440907445d43d38429785043f770f7c57d89b324cdd8046567bd7

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\4e240eda-8213-4cea-a78f-8c9870271e84
                      Filesize

                      746B

                      MD5

                      0eb94e5763357d7b69fbdc8138d64b4e

                      SHA1

                      99365d238e25cf23480961ab58e75c4e692e8563

                      SHA256

                      6d1d3a78637085ffbe271b21cc0c3cce226dead99ced99acc14a10be10ef26ff

                      SHA512

                      d63b290a9681bf1dc8d40fdb790cdbf0dbd0752f870f150b7c31e2bf91866c189ce92148ab993707793ef8a9ed4bd107a03660b800cfffb22a98aa84e867c983

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\b8feff18-ee57-482b-bca3-09416e49e894
                      Filesize

                      11KB

                      MD5

                      c1d50e187d4c27b3bda2e3440b6610d8

                      SHA1

                      a403f52cee38ac19d245298cc81ee4319da8847c

                      SHA256

                      d207d358e832a42c56ad7bf63db7b16c2cdfef0cbf0919e53f66a382e13ebe04

                      SHA512

                      6cd1de95ec82df72faa40adaf0a317aad5eb9617cf46cd47c615bcba158a5bde624735189ad5b866289b972d38f8237ef7f5e5947378728d280df4c80af0f2d5

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                      Filesize

                      997KB

                      MD5

                      fe3355639648c417e8307c6d051e3e37

                      SHA1

                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                      SHA256

                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                      SHA512

                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                      Filesize

                      116B

                      MD5

                      3d33cdc0b3d281e67dd52e14435dd04f

                      SHA1

                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                      SHA256

                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                      SHA512

                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                      Filesize

                      479B

                      MD5

                      49ddb419d96dceb9069018535fb2e2fc

                      SHA1

                      62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                      SHA256

                      2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                      SHA512

                      48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                      Filesize

                      372B

                      MD5

                      8be33af717bb1b67fbd61c3f4b807e9e

                      SHA1

                      7cf17656d174d951957ff36810e874a134dd49e0

                      SHA256

                      e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                      SHA512

                      6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                      Filesize

                      11.8MB

                      MD5

                      33bf7b0439480effb9fb212efce87b13

                      SHA1

                      cee50f2745edc6dc291887b6075ca64d716f495a

                      SHA256

                      8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                      SHA512

                      d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                      Filesize

                      1KB

                      MD5

                      688bed3676d2104e7f17ae1cd2c59404

                      SHA1

                      952b2cdf783ac72fcb98338723e9afd38d47ad8e

                      SHA256

                      33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                      SHA512

                      7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                      Filesize

                      1KB

                      MD5

                      937326fead5fd401f6cca9118bd9ade9

                      SHA1

                      4526a57d4ae14ed29b37632c72aef3c408189d91

                      SHA256

                      68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                      SHA512

                      b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      de669ae2ce6f1a32db5fbcd85b850418

                      SHA1

                      3447476af2f9449ddf5c480f7a461b65532dcaed

                      SHA256

                      3c12615073ed09b94aa961f4421dfe41382419c1101da69b843c444b901241dd

                      SHA512

                      4f6a6a4be350dd949cf8f8f3fd618f2b53e6e74ced14a4c95813ac5557a91804d752cdf92a76f75a1df692a2019f36cc4923989fb6faf9da2c97c53fcb66d35f

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                      Filesize

                      8KB

                      MD5

                      909dacab3b5ef535ffdf4c91b05b8d99

                      SHA1

                      737e3aed2594c618378b91778d74277550f5a1a3

                      SHA256

                      bb141ebf0b71c6b02d921cac4d959c75a194bf8b788b6388b5dab0ded3fb3f37

                      SHA512

                      7d7d619b97af29d1b363cfa0a77bcec4a4e6585db1e264012072cabd860cf20e8aee287d6cbb7fab7dd1d4b61c4488b9076a4bc0556468d05147b2fe3d8023a4

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      533ff6e17b1ad12db7c6d5b066e65cb1

                      SHA1

                      a39cfe85f73e2e49f375f1f67221360aa721359e

                      SHA256

                      ac76d1d524f8919f611ccc6529a45dd08621b07515c720cf11149044bb928a83

                      SHA512

                      c828f133866ee6a13bc6bc7163ac7fbaf8c799a9f1a2c93faf3eb41fe5a905c41b1ad1938e0f33834d39d38749848ab28b60ee4b597071e95453a7980faf0f35

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      11c04743166069929c1191f9f5d5b163

                      SHA1

                      11bb69067d96b4484850931257db9dfcc41d3b20

                      SHA256

                      f6951b331f38d842c94a18ce3d38994658e5e931cfb39167f8fdf9730ee8a42b

                      SHA512

                      e008464e75371fc649c8cb79fd0c3d0403bd18b8e96b60022048e151ef9b26c7cc3c07754a10ad546f61483832fe8d93a605b44d3653423395cb284ba8077866

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      a25cf76add2b9c4c8ac6d960cb182ae8

                      SHA1

                      f21015b48ad5beeab67c6e87aa5cace1c64248b4

                      SHA256

                      1eded086f02d11305b3d60ea37632d8aa0068083965d3f6fc4529b60d4ba9ffe

                      SHA512

                      48ca693e28aff1c0676a76e2a4b1de6913623ae8cc5d9c83123ea97772d9a33f95f237cf05b9fa092dcdc96da949ea8310496c63081d33407fc80f04319d9ca2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                      Filesize

                      8.0MB

                      MD5

                      d5fd60421d661d22dcb548b8de0c53f6

                      SHA1

                      dd5398b24e95c15d2f36929e1bd1c92bfbffa91c

                      SHA256

                      a8efda97c8d7f6c5f7f455db280ccdf6b72c042f7f1cf722796a2b2b55866525

                      SHA512

                      3bd4f12060cd8fd1a3e948c69257c0b9b4e41beebf966fd4560a8d038acaa5bcd155a7c9c10226e69b443054f4d0fbf25b3b7f92a235e151da1a56b45a2ea76e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                      Filesize

                      184KB

                      MD5

                      e7d901ad03d22078f4c42ecc83c3bd45

                      SHA1

                      13ffe2ced2026e6b99c39a96d006c7832a72ba17

                      SHA256

                      fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

                      SHA512

                      8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

                      Download Submit