Overview

overview

1

Static

static

1

42.zip

windows10-1703-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18-06-2024 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42.zip

  • Size

    41KB

  • MD5

    1df9a18b18332f153918030b7b516615

  • SHA1

    6c42c62696616b72bbfc88a4be4ead57aa7bc503

  • SHA256

    bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

  • SHA512

    6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80

  • SSDEEP

    768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42.zip
    1⤵
      PID:4584
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4720
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:5060
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:208
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.0.367448797\1027966907" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1640 -prefsLen 20935 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44be8ac3-314b-42e0-993d-6dc075090127} 208 "\\.\pipe\gecko-crash-server-pipe.208" 1796 14c09eb3b58 gpu
            3⤵
              PID:2016
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.1.172982110\45713438" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 21016 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {778980a8-ec81-42dc-b01f-f17ff1d90e09} 208 "\\.\pipe\gecko-crash-server-pipe.208" 2152 14c09df8558 socket
              3⤵
                PID:3376
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.2.778569947\1469352402" -childID 1 -isForBrowser -prefsHandle 2896 -prefMapHandle 2912 -prefsLen 21119 -prefMapSize 233414 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e1c224b-e47d-4b2e-ae4b-99b0b4163aa9} 208 "\\.\pipe\gecko-crash-server-pipe.208" 2884 14c0de98558 tab
                3⤵
                  PID:4736
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.3.1781345664\1179357860" -childID 2 -isForBrowser -prefsHandle 3540 -prefMapHandle 3536 -prefsLen 26212 -prefMapSize 233414 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e1ec13c-2281-4039-b03f-d0e163091d76} 208 "\\.\pipe\gecko-crash-server-pipe.208" 3508 14c0ed35158 tab
                  3⤵
                    PID:4380
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.4.1098827401\127582322" -childID 3 -isForBrowser -prefsHandle 3924 -prefMapHandle 3920 -prefsLen 26271 -prefMapSize 233414 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e06c1d4b-9853-4a07-a188-989d6b69a6f0} 208 "\\.\pipe\gecko-crash-server-pipe.208" 3932 14c0f19fa58 tab
                    3⤵
                      PID:3616
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.5.1868420399\525307082" -childID 4 -isForBrowser -prefsHandle 4948 -prefMapHandle 4944 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9bf9c0c-41b6-4a01-9e76-db832b67a11a} 208 "\\.\pipe\gecko-crash-server-pipe.208" 4956 14c10318658 tab
                      3⤵
                        PID:1316
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.6.1382324564\875063563" -childID 5 -isForBrowser -prefsHandle 5092 -prefMapHandle 5096 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcf8465e-7f6a-4501-a898-128fcff63d20} 208 "\\.\pipe\gecko-crash-server-pipe.208" 5080 14c10318f58 tab
                        3⤵
                          PID:168
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.7.403119809\1175421304" -childID 6 -isForBrowser -prefsHandle 5304 -prefMapHandle 5308 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8eeaeb0d-9b96-406d-b747-99c33a53651f} 208 "\\.\pipe\gecko-crash-server-pipe.208" 5296 14c10319b58 tab
                          3⤵
                            PID:5060
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.8.2101496830\342774009" -childID 7 -isForBrowser -prefsHandle 5496 -prefMapHandle 5304 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76f02e77-9f92-4c8a-bacb-da0d5024023e} 208 "\\.\pipe\gecko-crash-server-pipe.208" 5488 14c11133e58 tab
                            3⤵
                              PID:888

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          26KB

                          MD5

                          2fbb794fb12686f350d1bfa2ff9ad9dc

                          SHA1

                          fdafba6c76614bf057d4e176d45ca0b37ce1e446

                          SHA256

                          1ed6b86bb99a376a71f58328e8389ef26644bdec8f4256fbfde4226b2e3caecb

                          SHA512

                          28744922d78a9a7e91944f1f93689d89160588182a71287edfcc1c6b859d7e92538fae2cdf9ffe89df8e20ad8df955bd34fc2cda3c24a79509e5f39ff2795b98

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\D4D34D19E2639F2E09A6AEED2F398A705DF5A427
                          Filesize

                          60KB

                          MD5

                          309922fce768cb6162fe557b2f0903cf

                          SHA1

                          7963b8ee8de26e521f63e69b82999b2ab94db244

                          SHA256

                          e6702470b340aaf1d47b1610afc72aa6ef93fe592675e5b540e7e62d7a9d70b6

                          SHA512

                          5c46c89e888713a850a3b669957ad61f1e50132489a8e62d6132128c0c4b82e00467733bae4fefa3c9b1f97a70630d0f0ef1798068949d4b7497f386fb7a7cb6

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
                          Filesize

                          2KB

                          MD5

                          78cf37338ad58432bc13efe55e6a6f3a

                          SHA1

                          836962d7d178e397ca722e4581401a55b677a864

                          SHA256

                          4ecfbf9f613d592616d9de28e29d6d5e38e097840cfe852fe7788c4919915a68

                          SHA512

                          406163be147d5464be9804b17a9a600e8329f1eabc0df7597be84ce24fbfbf532c2313ba0bf2fdb21ef6f43dcee2ae8efdcbd281e0efb9501b371a7fdf49a92a

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\91324735-de9e-48c1-8cdd-0df75d73bff9
                          Filesize

                          10KB

                          MD5

                          c1ac56dfb0af210a7a5c72d5b574581a

                          SHA1

                          94031086eb48be8148a775185caec1cc5091a6ca

                          SHA256

                          5792ed0946ac4e9406141218a2b0fba4a64dadd30def16577499d72e56fbf60c

                          SHA512

                          5eeb28549132758688e4e6c3cc93b90192ebd6cf81b1c35eeeccc2d33a01cb84130d801a987c2b989fd1ee5d4b62368fe6dcec82e2569eedeecf5335b59d1332

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\b84fc06f-0658-42e4-b65c-f08b87e59fea
                          Filesize

                          669B

                          MD5

                          2bc74349911dfb0c679e500b80f821e5

                          SHA1

                          dd48a85c35c0fd98d153c737fb51b7d51ea56847

                          SHA256

                          cc35bca3c1641ec465cae729a21ca88099580eef0bbc65f9fc35695d0b426458

                          SHA512

                          4791e97693a1798c285b3467dbb54d37cea25e875fc0143b74d3f0b21dd300084133b0183315907e9d01a464d1b56f5c93ef39d50b58c054bb0420f02de7eedb

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          472fec183ce7a3fb925075c6668acc42

                          SHA1

                          413756e01fa0f2704e4de361075918031fafb1b1

                          SHA256

                          f3a2d477b009ba77c876cf3202a2367e880e5bf4e84376b682199630b9b4dbd8

                          SHA512

                          f41d2ba517efee88ece67ddd7fb47502ec18a165c117d78f47f2183f2d069907f94a4fbdf4553529a505a8eee15b24f550e31e9d6dc2727ec32d45709445754a

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          eba7d880d2c57ed4562586588201092d

                          SHA1

                          14e88d5124447c2d1ca1f2a0b1e285b0ad02baf2

                          SHA256

                          1790657fa40e47fb023e9c2dd1850c120dd3a8f4c4b248e462cc06ce6af6b228

                          SHA512

                          4cd38fae068f59f078243170dd143ebf3cdcb590a7282ccf9a22c92312490e28e1e52d99912613a2369f7c0d9770586226976d2d6be21b01d732665fa628d00e

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          3KB

                          MD5

                          ad1a46197dd9ebc244a3455e42b583ea

                          SHA1

                          983c12e1fc3a408e0be93994960e70c3b1799ded

                          SHA256

                          10c92021bf951d17114aaf486ec020c21c5c830f88cee58a25431cce213fcc3d

                          SHA512

                          b5c3896f750da66edcfce022644eb2593a3d30e4602465d2075f616323695260883443c147c83d457eda9115e43cd03339f954d473de99b8b3130b5658de528d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          4KB

                          MD5

                          9a86408f0c078ed64ff4ad1a0c19132a

                          SHA1

                          1a380dbe20edaafbae1978bc5c8a9a3df2d894b7

                          SHA256

                          f28ca536c3b8c12e1b1a1dc6202ac49c27c8ed237256b2e8a20e93e73af20405

                          SHA512

                          51589446b528c4612533939b799528aaf2c1ff93eb441a783bd49621516bdab5d87679f19dbd48406ec7dd76df346db53cb3afdbd77b8d164d70258c650c7e32

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          4KB

                          MD5

                          54371a5386fcd3cfa68cb0292e5fe7c3

                          SHA1

                          3d4397aa7bf52e73cad88227ed910d7d1411df47

                          SHA256

                          284feb52c9a0f6464dea0804a6fa2455995bcacd8172197ff8ef9a3212a1cf72

                          SHA512

                          3604503ad38f18fcfe76d89e8242f7615a7da7b63ae7fcb1566ef7dae57abf704cee520413ff313a58e3b9057219be48ad95aed04b3204560b43fd4179ec5ec3

                          Download Submit