Overview

overview

10

Static

static

10

fd8ff9de93...b2.elf

windows7-x64

3

Resubmissions

29-05-2024 02:24

240529-cv1dbaeg8y 10

29-05-2024 02:23

240529-ct89tsff35 10

29-05-2024 02:22

240529-ctvrfaeg5s 10

29-05-2024 02:18

240529-crpseaef6s 10

29-05-2024 02:15

240529-cpnsbsfd57 10

29-05-2024 02:14

240529-cpgn1see6y 10

Analysis

  • max time kernel
    147s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    29-05-2024 02:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd8ff9de932932bf7264ba598c7ae899b9cea81f998e3eb5e9d9f18dc2b428b2.elf

  • Size

    98KB

  • MD5

    102e77b70024942c692b36b962e9803b

  • SHA1

    8b2f2c397432ac5799a56e16e14d19f8dd428aad

  • SHA256

    fd8ff9de932932bf7264ba598c7ae899b9cea81f998e3eb5e9d9f18dc2b428b2

  • SHA512

    a232c523c59d020fec10303aa98b3ee04bac5bb49084fb8f0f6d5e226a62f5366742d00f58f8b905a20b9705cdd00bdf299e14004af400316ce8fc5be4a645f4

  • SSDEEP

    3072:RucT7B75gVPUbcj6/k6Sdz3DqzUNa0jLmCP:Ruc3d5ujCSp3Oaa0jv

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Modifies registry class 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\fd8ff9de932932bf7264ba598c7ae899b9cea81f998e3eb5e9d9f18dc2b428b2.elf
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\fd8ff9de932932bf7264ba598c7ae899b9cea81f998e3eb5e9d9f18dc2b428b2.elf
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of WriteProcessMemory
      PID:2664
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fd8ff9de932932bf7264ba598c7ae899b9cea81f998e3eb5e9d9f18dc2b428b2.elf
        3⤵
        • Modifies Internet Explorer Phishing Filter
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2040
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2632
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fd8ff9de932932bf7264ba598c7ae899b9cea81f998e3eb5e9d9f18dc2b428b2.elf
          4⤵
            PID:1516
    • C:\Program Files\Windows Defender\MSASCui.exe
      "C:\Program Files\Windows Defender\MSASCui.exe"
      1⤵
        PID:2356
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1052
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:1900
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1900.0.828422852\346010254" -parentBuildID 20221007134813 -prefsHandle 1240 -prefMapHandle 1232 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f82045a3-1c47-4313-9d84-0ac57f58096c} 1900 "\\.\pipe\gecko-crash-server-pipe.1900" 1304 124ed458 gpu
            3⤵
              PID:2448
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1900.1.182133973\2052057115" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a7c50f8-c471-4bd9-9dc3-65bb567d224e} 1900 "\\.\pipe\gecko-crash-server-pipe.1900" 1508 e6fe58 socket
              3⤵
                PID:1644
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1900.2.1909537169\882911129" -childID 1 -isForBrowser -prefsHandle 2116 -prefMapHandle 2132 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5477649a-2ada-446e-87d0-49a69a62a0bb} 1900 "\\.\pipe\gecko-crash-server-pipe.1900" 2108 1ae73258 tab
                3⤵
                  PID:3016
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1900.3.1992905397\534034091" -childID 2 -isForBrowser -prefsHandle 1776 -prefMapHandle 1136 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e771ea9-c561-4bdb-95ba-dc6355a7763a} 1900 "\\.\pipe\gecko-crash-server-pipe.1900" 824 124ee058 tab
                  3⤵
                    PID:2816
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1900.4.1529525462\2027917673" -childID 3 -isForBrowser -prefsHandle 1136 -prefMapHandle 2716 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80f40f06-53e6-4cac-8ef7-a02d483d15e6} 1900 "\\.\pipe\gecko-crash-server-pipe.1900" 2980 1aee1858 tab
                    3⤵
                      PID:1296
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1900.5.1277970215\1491640689" -childID 4 -isForBrowser -prefsHandle 3740 -prefMapHandle 3736 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42ac9d63-21b8-4fd8-a5fe-708593b358dc} 1900 "\\.\pipe\gecko-crash-server-pipe.1900" 3752 1e99d258 tab
                      3⤵
                        PID:2744
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1900.6.853912707\1089144345" -childID 5 -isForBrowser -prefsHandle 3860 -prefMapHandle 3864 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09bad9ec-216d-41f4-ad45-e400ea7b1744} 1900 "\\.\pipe\gecko-crash-server-pipe.1900" 3848 1e99e158 tab
                        3⤵
                          PID:2572
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1900.7.63896041\2056745440" -childID 6 -isForBrowser -prefsHandle 4024 -prefMapHandle 4028 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 852 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6a09b4d-ee75-4d76-ac55-996648010e59} 1900 "\\.\pipe\gecko-crash-server-pipe.1900" 4012 1e9dcc58 tab
                          3⤵
                            PID:2828

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        1460d54b32dccc2238babba1ea672623

                        SHA1

                        98a053a31fe3a5a51d223ad24d9bfa32649d2ced

                        SHA256

                        d9c69d648e5f5682b2fcaa2f3043cc62d7716444d6b248d924e2d6a68229c205

                        SHA512

                        b5a998f9a624c0551f258c2b8f99c4ede79b9a35afab6011022ccc49ebf3a517614f44af5fe042a82d30035fb116facc1e69f8e076864d37a5ee635541dc384f

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        e1f79307ae40cc2d5b50c568f417cfaf

                        SHA1

                        b8aeafe9e3de8da7ab34f5cf9da2d289098948fd

                        SHA256

                        5b66b9070f3de5545a45124b525891655a9a7525801007111edb8da23b68d207

                        SHA512

                        0cffa16eb1cd03053445e0bdc58b38dc40266cf33854fd3562c64d149d24756fee9a6a49ecde11887ffefbcc2324080f2133035991b51813476ba4d7ce718948

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        786c20c7be2e899c53a0e95afd2c428f

                        SHA1

                        a2985ff1175f5bf35d050c28196f1f716e82e26a

                        SHA256

                        0e116d95e021bf0c429dc0675d37242e35d5f1be26029c0c6b97ce0c52188a80

                        SHA512

                        a3106182dd891903a8479b0ec7b334a45f4ec7ec58fb0272618593af2374a68e787384c5b318bda8cd0b28ddaa2f899cdd23aa489e993ea42138fa446436719d

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        7b659c9d25dbb617704d18ad888510f3

                        SHA1

                        30199aa1c2f46b476ec16713df356e67c70e0a43

                        SHA256

                        80cfee38bf398a58f0505945a842b67132413918fababfa55d1ded971788c3a5

                        SHA512

                        a19daeab5e8cbe5afeb9743a6fe11c9454e2868888b617f05cb6898e0dc51785a254923393235722b1fb0f06ff42002c6c5190443866b72cfe6d92dde64a6c80

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        110c210e4633b01fadb55bb84171a385

                        SHA1

                        62397de504c4e36e61a1514628fba0627f6244ca

                        SHA256

                        32a1ceefd52f4a46c4f3e57b36c70ac5f7dd62676c66165558df665f834d97ac

                        SHA512

                        c08497f3c7950ebb7f2e008899fd789159f22c49652d40fd3827d1440c52fb8d6972a0e02c7b65d4ae95bbae57ebb32a4329f6112b986c3dc6942f55ed411229

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        5abee495bcd207e9dec61001f797aa56

                        SHA1

                        196931d3701741800f8f596ad037505497c50234

                        SHA256

                        0c30b8e32895ff836959fb9ef8d8c3fce7b4fee388290152d4f5a9c8545f5ff6

                        SHA512

                        6a2016ece50a5d35b725df35ca3ed0b6d3c29ca68d338e93854190dbbaa6cafa3e837062df04ad5629d38e0d18bdc89deb86543c1157de83429e6647c17ced3d

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        72aa8ddb96e589153dfd03c18c2e3260

                        SHA1

                        f4b7f66927b57505af4412956ee37da79fce2df8

                        SHA256

                        45498106bbe6d224c5f3d4b38848d89f640feb5ead9e862f23bcb9c4510d26aa

                        SHA512

                        a1fd66cf672d3ed4db1a9e599e992c9fa95eeab3649f29f8bfa88f7f47e88eb6ac8954c89c3de9e17a1af982c5b2eb7a4efc88f9131ddb54ea4787fea9ef8b7d

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        aaecebd2a2c29bce8f194290b5314eda

                        SHA1

                        8d0e2575735c4b55c7c1ce33c7f0ed6909b39f25

                        SHA256

                        61b5135967fece7fe506a4ec649906733b15e0c754b2a345042f3783ad861a9c

                        SHA512

                        b90a583a2dc8024ace52d6f7ade1cbd47f321fa65ed666e326d3d0d340d6a16b973c03ab0302a9b572df97a4dde4cef111cbc77994996e6e4212907cb0241857

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        9dfbe063e5c768ed173b4e21225140a2

                        SHA1

                        bb6350ad5fdcebe2c742495173a08a2872909d24

                        SHA256

                        6c64ffc3ec6eb62e38786c9dcb93abbbfcecef390638f83703957730c3733196

                        SHA512

                        2cfd14a6690b0742e603c73170e2c0914ab04c1ff5ced56f90fa7c8a295961c8ed9c972bc8855ec50c7f9c20eaf94307f5b15e39d20842f84f038920a24dcf5d

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        2f40c44015aa58b194533138884d8f7c

                        SHA1

                        8888a13495b17002bf07397a76afc8296263ce79

                        SHA256

                        3b4475eca2cdadb3b23c9084e6d1213eb7dbcb31f54c9e42e0edf0e9624df5d1

                        SHA512

                        7f4b396ad7c72f4307573b0eb9cddf231ef5523478d384812c9933a1c23e1f5b895b65bfa08f9b4599a9070aa49a30341399fed597495f62e8ec109787fd3cf9

                        Download Submit

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                        Filesize

                        342B

                        MD5

                        2cf16a06acc8dd8c2f533f870e89f57d

                        SHA1

                        e746853a56d2290fd8692d8637d03250c02a4afa

                        SHA256

                        819653cf6ce0369eb2ff68d2927a9328711e86a397d3a6b839b99b8337a1138a

                        SHA512

                        f07a1ffb1888c7c41c77525d432168e54ec4fa62af163f366af5698a24f50e890deb1ed0dc5b5f9da4a5308e393f019c1ee468804f33bd49acc88b5bcaee412f

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        24KB

                        MD5

                        93e0b14d70a15a6770c8c386ea967e1c

                        SHA1

                        ff25c2d8c6566aac35769a00c19f09dace34207b

                        SHA256

                        d5a9c4c2afc80fd9a9b33d7edd8631748cd8b898798f05c0a37b9333d8a06fdd

                        SHA512

                        16ce7dfe9e3a59dc5131186b0898c8f6001a7524d03bf900835c0f431a246267b0064622626468583dd5be126ccedf1b7df1bc60c067ae23dbaed9f93fdd2ca6

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\CabAB6C.tmp
                        Filesize

                        68KB

                        MD5

                        29f65ba8e88c063813cc50a4ea544e93

                        SHA1

                        05a7040d5c127e68c25d81cc51271ffb8bef3568

                        SHA256

                        1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

                        SHA512

                        e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\CabABFC.tmp
                        Filesize

                        70KB

                        MD5

                        49aebf8cbd62d92ac215b2923fb1b9f5

                        SHA1

                        1723be06719828dda65ad804298d0431f6aff976

                        SHA256

                        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

                        SHA512

                        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\TarAC11.tmp
                        Filesize

                        181KB

                        MD5

                        4ea6026cf93ec6338144661bf1202cd1

                        SHA1

                        a1dec9044f750ad887935a01430bf49322fbdcb7

                        SHA256

                        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

                        SHA512

                        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        9KB

                        MD5

                        0daaf12dd611c76ebaa4ab37269084bc

                        SHA1

                        07e151b4347d6b6cd139b604e9a666dcef7afc2e

                        SHA256

                        e9523a57f6528d9d7f615b04ba8918afe7578eb337e0d1eaf480e806e770b454

                        SHA512

                        632e9ed6dfb78402e4541b29e19d4dc4cd77b846dce10f827886970c97246beb951b060c337d800f6ceb9cf34568496c9abd3c1183efcdb034a90be90062c2f8

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\datareporting\glean\pending_pings\f9468f1f-52b8-4a37-8df9-70e7fa754fcf
                        Filesize

                        733B

                        MD5

                        9244c64b6e452fa2ef3cf63099a9031a

                        SHA1

                        0213c33f241e517fab5e17f9655c85b886a2a25d

                        SHA256

                        950dc4c69ea4f04ef7b20094585e906e907a4314e0604fd24e392032d02e62a9

                        SHA512

                        e465c85171afe5918776ed815054f1f94df81c650183dde07729690f7360dbbe7d2dfc3f1a0bc4ce2621ae5a038c86da30dadb533ecf9de1577b48eabbb9a02f

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nfhvy4wu.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        c4d3318e679a92c4b4f96fbef2c3c9f3

                        SHA1

                        5fe024a7584930bfc4a44667c14f35f16bbd8903

                        SHA256

                        1d2721628837735a2a6d85feea10ab187bec27724f4ca66602b3a6c67e27d2c8

                        SHA512

                        730ad431f27c73235aaf576cc257459e0f8120dda7ccf2a68e9b617260247fadd7ca4669e0fadd31fc29ced568ae22a9519e6da3ef0921aac84760e5de533202

                        Download Submit