Overview

overview

7

Static

static

3

VeriFireTools.exe

windows10-1703-x64

7

VeriFireTools.exe

windows7-x64

7

VeriFireTools.exe

windows11-21h2-x64

7

Resubmissions

09/06/2024, 20:43

240609-zh4arsfd85 7

Analysis

  • max time kernel
    309s
  • max time network
    316s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2024, 20:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VeriFireTools.exe

  • Size

    218.6MB

  • MD5

    e7918ec8ced429e2d04b5c2c7a229bc7

  • SHA1

    054cc78f2a4527d9555c1e01a068688169acfcfa

  • SHA256

    a2f167bf0019c6bcbbcbabc0cc2af17ffce5e9f7b511f57ed2aa5e51e652e3d3

  • SHA512

    a4e113400b01e737be3c72bae0afcb58359cca4d541365ca365d1be21b77fe18a37f0d385091decb3616046955866a6d2af339b14965c941077888b16d450a76

  • SSDEEP

    6291456:n14Y9NiFD0ZCAGHnzUjiwm8lO3qDWDYv57aBQNwXSJ:n1LNUoCFwj9lOUWsv57aBKwX

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 34 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VeriFireTools.exe
    "C:\Users\Admin\AppData\Local\Temp\VeriFireTools.exe"
    1⤵
    • Loads dropped DLL
    PID:2932
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:3112
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1176

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\skin3708.rra
      Filesize

      14KB

      MD5

      fb570cc21dfa33c9850c75d8096c66c4

      SHA1

      414a68fdb2749ace69f2ecd334415b9e0b6dc70f

      SHA256

      457cf8e44308d158a13ab46cd1218989a7d7855592ce91810aad65b49ffbdafc

      SHA512

      86dd9b2dc2a26c8a9b2de23520911e6bd4318a913a4a886544444634400eb7d15ee36a2acf3ab2491309d730914a03261970952c6066d9106a393c226683fdb1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{E01B40CB-FACE-401D-9C03-2CAA21A932A7}\{6D627184-2AB7-46FF-A554-1DD2A834F525}\lice3979.rra
      Filesize

      358B

      MD5

      055aa0e030840628a5264b3ce9721876

      SHA1

      27d71b3cbb8023b50b64d0aff92d3c170ca0935b

      SHA256

      d532b726ef24d67b2dc4caa365175447171f23663f30beed866e9246630a966c

      SHA512

      5538171529b4e69bc6ae2aec35b31037f0b958aa81484f4be19fd5dd53594005b5b6020fc578dfab0e9ad06b24b9174467a2260f3d69d3bd45cc1c347b620b22

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{E01B40CB-FACE-401D-9C03-2CAA21A932A7}\{6D627184-2AB7-46FF-A554-1DD2A834F525}\setup.inx
      Filesize

      329KB

      MD5

      f6f617bb66c10a3c8854c2c99c459951

      SHA1

      ca339d3717251564939df42141207136e5d902e1

      SHA256

      51a16be1118d3a45f1b58456ce4ca3458fbe1e475a6ae3d440702053eb052a9c

      SHA512

      6d22ccc25b69267cb89a3a6065a8cc7cb969b4ab68daec03663c37d80b143be96172a46f2ddf9dad0fbe6d7491a941c70427e12148b804d004cbf35d0c1fadc4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F05ED7C9-8A61-4568-828B-1BD5794920D1}\Disk1\setup.isn
      Filesize

      82KB

      MD5

      edf0b1f943cf7d52d67709a811b70592

      SHA1

      86fdb5c5293bc2a9ba64e59ec2fe5a84ed6134e2

      SHA256

      a55906d9118c6aacbbf2b6b1daa3b5c66ec7219114f1ff57faa901f722319be1

      SHA512

      deb798271d50f51238faed1e156cc8412e349385ea919472532d3dbae07998f43865f37ff9bcd2b2ed8aba9b84b4977a46418c83b2215d423ad5940dccc79ba0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{F05ED7C9-8A61-4568-828B-1BD5794920D1}\setup.ini
      Filesize

      443B

      MD5

      0979ac8005ff9d1e781fc2d8cb758bfa

      SHA1

      ab2305ff9cdf53e6068a9510bda21b116f471fb5

      SHA256

      dff2b02b9040880c49323ba35460807f1ba6cce97bf2046ba345a8215595d74f

      SHA512

      0e70c4b48c6726e6dc910583256aef5479edead00f64ab374e7c5266fed76ad3da0378264a9e0e308380ad182ba7c5ad4e604f0e8714499e94192e83839061c6

      Download Submit

    • \Users\Admin\AppData\Local\Temp\{F05ED7C9-8A61-4568-828B-1BD5794920D1}\Disk1\ISSetup.dll
      Filesize

      542KB

      MD5

      2dd1c4a68e2a8a401018f5efdab5adde

      SHA1

      13fc964947516230c70d38281d0312bc1afe13c0

      SHA256

      7c173cdaea8e3a3cc95b7196681cb904f3996f81289d5890b30f38c99eba45ae

      SHA512

      c69f3e46d36e07e6093f66cf072c83fc8c7249ff86c9cd84168ee46dbb7a621d562cee7de5685b408bd5f71889d6433e99ff8045955e5b8ab2c9eeb71941d165

      Download Submit

    • \Users\Admin\AppData\Local\Temp\{F05ED7C9-8A61-4568-828B-1BD5794920D1}\Disk1\setup.exe
      Filesize

      384KB

      MD5

      8d699c26857440661fad1aed839ffc79

      SHA1

      7c38f49f874da346a4a3e4f3850d7cc287d83576

      SHA256

      350e4cfc8a692fc8382571d64ef00f6f4d4f997b85bb687e67ea222cdb2556ac

      SHA512

      4053a6cefe15cd29dfc4ece4d5521e1473dfc8af6275dfb7cca8863722b3807fc3ee7cdba33f0ba6ef417b3530b2cabe8d74e6235dab0554f00201305b465b9c

      Download Submit

    • \Users\Admin\AppData\Local\Temp\{F05ED7C9-8A61-4568-828B-1BD5794920D1}\_Setup.dll
      Filesize

      145KB

      MD5

      0d3f826d9467179b3d03feb31314ca63

      SHA1

      530d0fc49c93d7c84e0a7637f4a8c1639b80b1ba

      SHA256

      7d259642019033a6630208c28c096c03c8db8b68c1c35ac73a675e6eb7707d86

      SHA512

      295169fe2946a39f5aee1430a5d3cf8bccdae22b578cf1f3e907c8abced329d0627a4b8359e5be7161aa3785f81352fa90001a2acd35f21ebc50ccab010c59cd

      Download Submit

    • memory/1176-1561-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/1176-1562-0x0000000140000000-0x00000001405E8000-memory.dmp

      Filesize

      5.9MB

      Download

    • memory/2932-27-0x0000000000240000-0x0000000000242000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2932-24-0x0000000002300000-0x000000000249A000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2932-1541-0x0000000002300000-0x000000000249A000-memory.dmp

      Filesize

      1.6MB

      Download