Overview

overview

1

Static

static

1

SY40iA.html

windows7-x64

1

SY40iA.html

windows10-2004-x64

1

Analysis

  • max time kernel
    12s
  • max time network
    7s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 19:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SY40iA.html

  • Size

    504B

  • MD5

    e0363a8c4b776ad4ac2c554f3da045e7

  • SHA1

    e4884cfe52382fe63e5b64636c054d80f39a948a

  • SHA256

    1a3bf6a6e9f28d5ed4cfd2796b07c61765667f5f1b71de6e5bb7e75ec13ab496

  • SHA512

    409730866ec94b44597f645d1d309ee5aacd27467bef82ac76d0dbd4a918f6f09f5b5302251487fdd4bf100a24eeceb1fb01346f148d3d1f6723f311702ecced

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\SY40iA.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4540
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\SY40iA.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2176
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2176.0.1134151095\1166488039" -parentBuildID 20230214051806 -prefsHandle 1820 -prefMapHandle 1700 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c5581f9-56b0-469e-8fff-270fc01224bf} 2176 "\\.\pipe\gecko-crash-server-pipe.2176" 1896 1fbcff0e758 gpu
        3⤵
          PID:3320
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2176.1.2026887855\1799385126" -parentBuildID 20230214051806 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a773121b-8764-4de0-94fb-63871f13cf51} 2176 "\\.\pipe\gecko-crash-server-pipe.2176" 2488 1fbbbc89d58 socket
          3⤵
            PID:1968
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2176.2.357469189\979797344" -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 2980 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {465eeb8a-1f7e-43f8-b989-765fdb406e1c} 2176 "\\.\pipe\gecko-crash-server-pipe.2176" 2896 1fbd2f49258 tab
            3⤵
              PID:3172
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2176.3.448232567\982717989" -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3664 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4f0f0ed-0581-4071-875e-21855f5858ae} 2176 "\\.\pipe\gecko-crash-server-pipe.2176" 3680 1fbbbc7bb58 tab
              3⤵
                PID:3208
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2176.4.311263\878337427" -childID 3 -isForBrowser -prefsHandle 4880 -prefMapHandle 5040 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69557245-f8b8-4f27-b6b1-8de85c799d69} 2176 "\\.\pipe\gecko-crash-server-pipe.2176" 5060 1fbd61caa58 tab
                3⤵
                  PID:548
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2176.5.1870141867\1682071732" -childID 4 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d3bdd2a-34a3-4c70-9d1d-5d046746ab9f} 2176 "\\.\pipe\gecko-crash-server-pipe.2176" 5196 1fbd6872958 tab
                  3⤵
                    PID:2924
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2176.6.27780916\1126130389" -childID 5 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1204 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0f8787c-4821-4868-b6b6-79a0465db420} 2176 "\\.\pipe\gecko-crash-server-pipe.2176" 5420 1fbd6871d58 tab
                    3⤵
                      PID:2948

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kqdoq520.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  26KB

                  MD5

                  a3096bf9dbde322287e6078d92c2b9a7

                  SHA1

                  4f0f38514ba7637590ed3e1375fad76738fc78c2

                  SHA256

                  83a55bdb489211052aa98a0e362fd0f6132d51cc80ed8411b8b40f5d1d1ee746

                  SHA512

                  38e39f977fb4d1282c01bc7b49e9c716c43524bc9a67448ffa287516048a093827dcdfcfad51af471b1571d02bd9f048f2a2aa688a2060aeb56f47349cdbcc9e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kqdoq520.default-release\prefs.js
                  Filesize

                  7KB

                  MD5

                  3adf90889d877e29c410feba8d1c6994

                  SHA1

                  6dd3253745b16588cf3282fd30f2f442c782a4da

                  SHA256

                  749292ceadddb5af4c2dbcc3ca6de399681032834d8879787206e4d4aa33a106

                  SHA512

                  cb9623953f4d113738e9bf3f106cc35fab40856ac78b621d7951c0abff841f8dcdc2dead1c0c2bc45803abce38f572006fd7afc1352aabc9af80465cdb5841db

                  Download Submit