Overview

overview

1

Static

static

1

huhitworks-

windows10-1703-x64

1

Analysis

  • max time kernel
    189s
  • max time network
    188s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03-06-2024 23:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    huhitworks-

  • Size

    226KB

  • MD5

    854bc7fa3fb71fbbd41b46fb18abb31d

  • SHA1

    362c036a468660c3ba3007b1ec9992c2dc3ba952

  • SHA256

    b4493fdd8aab975c22a9df730ed6e5b36e93b05538e5d8c27a70805b44c79cef

  • SHA512

    4502f9ac941aaefed8cfd1f8b5beb8611272211658a705dd91a759a368e4d85946d32e8351dbc953b58e301954d6789014e6a89d1944e00e0fa6f981aaf8c804

  • SSDEEP

    6144:Auoqr2n9dH5M2vkm0aWyRv3pId9RN9HvZJT3CqbMrhryfQNRPaCieMjAkvCJv1VS:7oqr2n9dH5M2vkm0aWyRv3pId9RN9Hvd

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\huhitworks-
    1⤵
      PID:512
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:312
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1156
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1156.0.1821630061\1457747490" -parentBuildID 20221007134813 -prefsHandle 1760 -prefMapHandle 1752 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca0c0473-03e5-4a4b-8f8e-5a65da59f792} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" 1828 258910d6a58 gpu
          3⤵
            PID:4192
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1156.1.861468458\1756565439" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67f7e803-af30-4d31-9ac2-86b6cf9a80f0} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" 2168 25890ffbc58 socket
            3⤵
              PID:2508
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1156.2.551832108\946634254" -childID 1 -isForBrowser -prefsHandle 2764 -prefMapHandle 2956 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24bbec12-0273-4a93-8ee6-fb28dfd86524} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" 2940 2589519b958 tab
              3⤵
                PID:2560
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1156.3.664150421\1899468645" -childID 2 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39419c37-d02a-4b1c-9f65-f3245b605e3f} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" 3488 258fc56d058 tab
                3⤵
                  PID:1288
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1156.4.540128978\85887814" -childID 3 -isForBrowser -prefsHandle 4068 -prefMapHandle 4064 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4f1c75e-c70b-48f5-ba09-190117f8de06} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" 4080 25896962658 tab
                  3⤵
                    PID:4576
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1156.5.2049271147\1419471211" -childID 4 -isForBrowser -prefsHandle 4808 -prefMapHandle 4812 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bddc4f4-f1c2-4171-9729-4a6b622a3b56} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" 4912 25895830558 tab
                    3⤵
                      PID:4048
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1156.6.1244499676\1094814248" -childID 5 -isForBrowser -prefsHandle 5048 -prefMapHandle 5052 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80fdabf6-1449-4f46-8c9b-d447c4ed475f} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" 5040 258977ed358 tab
                      3⤵
                        PID:308
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1156.7.226588687\934489921" -childID 6 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {451f96f5-be73-4fa7-bf36-227e85dd63c2} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" 5320 258fc55bb58 tab
                        3⤵
                          PID:2316
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1156.8.462719036\668463820" -childID 7 -isForBrowser -prefsHandle 2616 -prefMapHandle 3040 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {569ae547-6ca8-4a87-b76c-fc48bf8a3617} 1156 "\\.\pipe\gecko-crash-server-pipe.1156" 5128 25890ffb958 tab
                          3⤵
                            PID:4272

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\9D67DE63BC05FC8C2BB415AE05CD43D50B4A1D70
                        Filesize

                        60KB

                        MD5

                        8df54ddf5d3965603c8dd1f5b8605cc8

                        SHA1

                        79b7cadab46ba4154516541310aaf2d39d2b4348

                        SHA256

                        1e5d2cae96f440d9bb1c837b12cdaf03c8816fc81721691ed9232ef2ede49547

                        SHA512

                        9c73f10a3a13e1d06b05cec532dc447dc37c5f07f1fe326e85fd6f4cd7d579bcf150a11b57c6e1332602a383794abbc7d578c33c22ca4a17aa77d366b72e4652

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        2KB

                        MD5

                        5851773c79181b13330a03381a72bdc0

                        SHA1

                        82c643067fc50279c523b86c839a238ea584fd17

                        SHA256

                        dee9cd44653c4f2d156a6eb9c74971d4b43dcd92a533f255e19a9d6700c2cb30

                        SHA512

                        73d38800ab203091ac3682d6cd3a72260ea8e12f0bef2a8e50596cea9ce8d22d765f8c9c4764c3163908faa411de946a423122bc9dc4ae19697edd15a949da6c

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\068b3c8a-8296-46b0-86de-6be13e3e6927
                        Filesize

                        768B

                        MD5

                        2398a8e5aef94896bfa69cf3c33ef952

                        SHA1

                        77b17a2f4711928417bc9ffa1eaf221bf9595b0d

                        SHA256

                        a88bf3509c1eecfb43bf89bc95c4cda2d56a1e2c7e4acf090f9b5df0ee22416b

                        SHA512

                        2bfa8e1617d0f73b0e7c1a0eb1ca0d709ce4bf94dd432601c1f1f546907236ed93eb8330b4b3ad80948a354169e1c6e6ea70261437af9aab12f093e039fa0582

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\342bc12e-2fd5-4562-999e-c8d0e89cf567
                        Filesize

                        10KB

                        MD5

                        8588e9eba64f5cf8405a838975622b52

                        SHA1

                        a31d68e236b07c21b60a3e201f274be73dd75286

                        SHA256

                        712adb1798ee97aa629c84cd96db0cd80d2d143c88339c63840227f901de2683

                        SHA512

                        21d21122418a28c379e4518779b6ed1f1fecc45a9b9bcab7600fa803ccd542918efc45d89fa4f704d9f7bfeb658126fac8853d847b5eb2ce4ba4d059721debaf

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\b9a4c1c1-6d63-433a-aff0-e2abbdbd7dc9
                        Filesize

                        746B

                        MD5

                        019fb811103b5f78bc3f3f675cb67b3c

                        SHA1

                        043c310fea513f7bef87d08f1de09034d67eced1

                        SHA256

                        b540f7768e78e64bbb8bb2941e1e25011b02f69e83b6cf3d9b4f23d27de54fbd

                        SHA512

                        c066ca7ee2a310cfb2b2af8d3096ceaed241d932e24dd1cdd066d5a2d54ee835a148c347043acfe27a0bc2cfa34b9ccf2cbf412b0399ae91e189a4569c8db0fe

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\bbaa65a0-9c90-44f5-9248-51c243796957
                        Filesize

                        855B

                        MD5

                        f9bf740a1e0fa41d9e3e9f1c77233827

                        SHA1

                        e949275ee0e9fb68be7f1919e17a73ca40861b62

                        SHA256

                        055339edf0665421187d04986524f066d0f2570c972b11e62fce03464dbad21f

                        SHA512

                        026cbf0976071ff3bbfb572b358a279923225ad30436531559b69129a47e27961c668941360ffe39b81297d4e4e5893689865d310d26cb9c93fadf3315131d56

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        c56d993facc589f99ce1c4eaab9fa9ce

                        SHA1

                        aef218917d7fc73c16ada1a382c0df0d31294648

                        SHA256

                        678035c58a35156fc35d339ab5d1333687d4096c640c6c106ea3d7ac655ec708

                        SHA512

                        d8ad54c9639a9aedb3698fb60ef06f81fee922cec0c5626e27ce42a16ce55b08b9fb2a0865671bbd04f661b2e6d60d1429d39dd58634e7f3371a5020adbb5e62

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js
                        Filesize

                        6KB

                        MD5

                        3b9c9873f2bee5e760e9c64c713c9fe0

                        SHA1

                        303d84b10063482b4909a0a0f82e2b857b38d5cd

                        SHA256

                        e053d5ee916eedf3b3cd93fd7f051f9b2098fd6a43570b6e54883387683e03bf

                        SHA512

                        05c6c0923192e4b4d7b5462482021cf21a70bd53f7d3cd7bdbcbbbfd76f90982a782623b81a8e7adbd9580f8530b18ef51c05d11a5aaf67a4b1c034789598670

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        4KB

                        MD5

                        e1d36b98d5a215dcd055e3d78f9b42fd

                        SHA1

                        7507913a2b749db7d432e14df66e0bd5cbe83bcc

                        SHA256

                        d9bddf6a31dcf4760af9e7e06dcfc9a88e7e63a18eb2349667a6e8e7da4fcb50

                        SHA512

                        5071073056183f70008ace1d0ff9348a99a4a0d37c95b722077b180e08a1076e31b3ae8c62bfa315b0a6d891d890b6d9446786e1bf7a042f63cb5170cf64a401

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        1KB

                        MD5

                        cf70a27013e61ae8ccde47d1ea208453

                        SHA1

                        ed8a62ca92df33563b72319c769cae0f7673f5c5

                        SHA256

                        8a4525bfb44de03ee513e797d2c8f33c7c5bf6bdd7d74a90efdc20bb85e6368d

                        SHA512

                        e3954c492cfef33b75467757e2b0df56a023a35c83c37886f99e6032cc442668beba9e16107298f528f6441438a4ab292cc48304b46268a523b123f5a54b6b5e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        4KB

                        MD5

                        3ff780ffcf1c51f17adff816ccafffe1

                        SHA1

                        382a051cfe50f53e1867da7fb279d4eaaf1db063

                        SHA256

                        889346f0da991055c7ca6f12ebbc77621915756d072cf23d5db92ae1bcbf421f

                        SHA512

                        43247c29fc6997e72f7dba0729d682f4f5b7f4181df7ddce57232b210534c5ab7a4e618e8d40562d6c7ad7cc0b500effd938ea899b448a2bad3c1d74bc0091e0

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        3KB

                        MD5

                        2a53d5eaf7b16b7d5bfe506eca620040

                        SHA1

                        cde0805da147b6414468549a0489faaafa520ba4

                        SHA256

                        59448ffffece8244803783af1c5cbf08279a64a2f58547669c651ed77245a105

                        SHA512

                        f73951ef28c1bb375505391988e0e37c8cb6fcf8da4dcd9226c5df8dbd59cd67e25b426d7c82ca55d50821291da0ed26591324f0638c85b59bf3644267244422

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
                        Filesize

                        4KB

                        MD5

                        65e6072d3a9e736d2bf3474dbec5e272

                        SHA1

                        6e9bc549f50ee84bfad47c74d4678b47fef24ad3

                        SHA256

                        586533d355872e34025cca9448d06659fb8f32767011afdadef4022ad385fe6c

                        SHA512

                        1faff9c152585983baa9186d4752b37c9d1cc882f51ea1af5b006c7ebf62018f286e6266862dfb321f5b5cf3843406bf90d3a5bf0a04cd19b3e8227fe9f76a21

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        184KB

                        MD5

                        3018d1aad8385b734068dbad441e344e

                        SHA1

                        2a3925bc92ec843db64b6db2cd6fe18ccf084a86

                        SHA256

                        f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88

                        SHA512

                        7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0

                        Download Submit