Overview

overview

3

Static

static

1

Screenshot...23.png

windows10-2004-x64

3

Analysis

  • max time kernel
    61s
  • max time network
    59s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-06-2024 11:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Screenshot 2024-06-02 191723.png

  • Size

    2.2MB

  • MD5

    cd1d641d7bc39bb5d537a22c44f872e1

  • SHA1

    08c5f31a48f8a90868bfe185a0c1bd6463be22fd

  • SHA256

    b9bb5232ac281b9feb8d08577dbb2712ef1e11894e6a0cc0c17e62fb4aa687e3

  • SHA512

    67ddf0be1a516088af76593758c187e106c57c1937e713a1dc627ac58e3321479ca48dac0c37ff58c09cc37536d4e8b16eaa3783ec9189011f4a6d617e303f1b

  • SSDEEP

    49152:MKACsi5cpfzn0Ng7Kf3qHljuSaw72RkczCu1f5vrf3sLjnYC4380tMBfuU:Nn5cpfz0NgxFjdhCRkQCu1hzsLkv38lx

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-06-02 191723.png"
    1⤵
      PID:388
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4364
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:116
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.0.360874997\938474383" -parentBuildID 20230214051806 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d34b4c03-6ff3-4360-bf04-b152ce16a4ca} 116 "\\.\pipe\gecko-crash-server-pipe.116" 1868 1641260fb58 gpu
          3⤵
            PID:3168
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.1.381041172\1493017798" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f04784da-41ee-49f7-ab2a-e78c356351ba} 116 "\\.\pipe\gecko-crash-server-pipe.116" 2436 16412b69e58 socket
            3⤵
            • Checks processor information in registry
            PID:3240
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.2.138643467\39035523" -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 3048 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ce65fcb-26ac-4051-a6eb-9b6cac47ad94} 116 "\\.\pipe\gecko-crash-server-pipe.116" 3024 16411693f58 tab
            3⤵
              PID:1492
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.3.204289943\17182564" -childID 2 -isForBrowser -prefsHandle 4224 -prefMapHandle 4220 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d6dab6c-b2d5-4c50-8906-2a338625597c} 116 "\\.\pipe\gecko-crash-server-pipe.116" 4236 164179d4c58 tab
              3⤵
                PID:4652
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.4.1852412834\1155537954" -childID 3 -isForBrowser -prefsHandle 5096 -prefMapHandle 5108 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c26ea24-bb7c-425e-940a-f791204115af} 116 "\\.\pipe\gecko-crash-server-pipe.116" 5116 1641943a458 tab
                3⤵
                  PID:1616
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.5.870792009\1984536867" -childID 4 -isForBrowser -prefsHandle 5248 -prefMapHandle 5256 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {809ad52e-65a3-494c-b375-77949b101777} 116 "\\.\pipe\gecko-crash-server-pipe.116" 5236 1641943cb58 tab
                  3⤵
                    PID:5112
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.6.1398862308\593367739" -childID 5 -isForBrowser -prefsHandle 5516 -prefMapHandle 5512 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55a6ca01-c315-4201-a90a-a182909cc55c} 116 "\\.\pipe\gecko-crash-server-pipe.116" 5524 1641943c858 tab
                    3⤵
                      PID:4636
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="116.7.1533628378\193449550" -childID 6 -isForBrowser -prefsHandle 3596 -prefMapHandle 3592 -prefsLen 28036 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24884b26-f6d5-4373-b365-c1364e5326e0} 116 "\\.\pipe\gecko-crash-server-pipe.116" 3672 16417f0f758 tab
                      3⤵
                        PID:1268

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    23KB

                    MD5

                    2f56430d48e418c06dfea4140d23ec3a

                    SHA1

                    1fd47d9ebb20404f90a6402b5a5b4ebba788ea98

                    SHA256

                    562e433fb90095e6cb6fa05fdbcbb9cde912f2e24a1e2816ed46e58419b7e4ad

                    SHA512

                    ff3c75a54dc31a6e87f47d944ee8386a7b97366b4cbecf56f547dae79b487298dd251cc6905db3adfd61af87b55054a9beff5c7ae6ce4433913e2fe15cd4884a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    c243d37337086ac8be176f09fd3b35da

                    SHA1

                    6032d864b416e68d7f103d8ce15cec7e5117b688

                    SHA256

                    c98627a23ddc18042f4b5dd31eb3b7fe50be170b3b78400f4cb02e3268f1c333

                    SHA512

                    a4db0646bfd1c96f379a4bef59f1bf2b10f86053b9ef04476ac4d810ff9f863fcd9c8b1e7c2852843ead4226465c83bc0888120161b6130bcb3fe0578311d8f3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    0968a86bc236c55024c7513dd361d01f

                    SHA1

                    f28ccc2e01112b7fb9b334016aa878d4aac75a45

                    SHA256

                    4a9b31ab3a6b168ef841786036b9882abef957465093b9774dbadc01f6ea96a7

                    SHA512

                    eb6802208dd0aaa9ade54dca2a8efe3372a8be252459e38cbda67709f882e161cbf750ad49bb158052b521a6cccad43088bc658f154b2b810cdb13e2a821eedf

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    dcdb8298e9f2642f4a19420593dc45c0

                    SHA1

                    f7be82ebee77676e6742bf779fc3cdd0f282ed0e

                    SHA256

                    90f8b5584bd579558b83ba2d9f2d82645558feb5b2a5708b83f14eecbbcb14cf

                    SHA512

                    3d285f73193dd2446e95ec6e4c9aff22b075f9c45d7b8baa94c34c3e9f10cb3f20207b67cd552e9f822f11d32811d0c35b979f50fa4e3e62df25d74c8217e099

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    934e3ea92d1a03f53c626081527fc842

                    SHA1

                    1b3f740535b13a948332587a8cab234ba642a99f

                    SHA256

                    8c6ff3f925975e635ef6c8ea8afb5bd0a8c97427ee7bc43fcc9352fb2f38d974

                    SHA512

                    dc2290835c90a62e1fb7e3e5c9b1497a366e0e0012ebf87b082a858807fa2f417db77e29b0b957dfbaea1bd9717ec37e316ecce5e8a65a0d6648bf92a7a39217

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    18b0e77f73a786b5f5d928f0e8766a71

                    SHA1

                    ec761349464aff122fcb7e267312b16745b3177e

                    SHA256

                    d3cc35b2f32d3d2120deea78b0d46498f6730a2a8692093842d42bef17141df8

                    SHA512

                    591bb9e3be296424d6c5be1069b963eb3c15563e74b42d56a4feaa5404bd287d8002868ec4b5b7d07c415dcecc2b040cec3dff76d76096b52d552a2fd8c6ca98

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore.jsonlz4
                    Filesize

                    1KB

                    MD5

                    b29038751344b417d1b14fdd3d95d21d

                    SHA1

                    b04a11476e8dd62aa4bce377a44d12008655a30f

                    SHA256

                    fda2ddfc77ea280e51c045d57e89bbc02859aacede796c94c07b5a5d4f33f732

                    SHA512

                    04331a21d93717d288ee6ef33d1c07a2c0cf266e6ac0875e930f329a68bac6765f2a6a8c3e08d15f1ac20bb170117415ade0eb6e87306823be4dfa6ccd094a12

                    Download Submit