Overview

overview

4

Static

static

3

Graillon-F...de.pdf

windows10-1703-x64

1

Graillon-F...de.pdf

windows11-21h2-x64

1

Graillon-F...et.pdf

windows10-1703-x64

1

Graillon-F...et.pdf

windows11-21h2-x64

1

Graillon-F...on2.so

windows10-1703-x64

3

Graillon-F...on2.so

windows11-21h2-x64

3

Graillon-F...n 2.so

windows10-1703-x64

3

Graillon-F...n 2.so

windows11-21h2-x64

3

Graillon-F...n 2.so

windows10-1703-x64

3

Graillon-F...n 2.so

windows11-21h2-x64

3

Graillon-F....0.pkg

windows10-1703-x64

3

Graillon-F....0.pkg

windows11-21h2-x64

3

Graillon-F....0.exe

windows10-1703-x64

4

Graillon-F....0.exe

windows11-21h2-x64

4

$PLUGINSDI...em.dll

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PROGRAMFI... 2.dll

windows10-1703-x64

1

$PROGRAMFI... 2.dll

windows11-21h2-x64

1

$PROGRAMFI... 2.dll

windows10-1703-x64

1

$PROGRAMFI... 2.dll

windows11-21h2-x64

1

$PROGRAMFI...64.dll

windows10-1703-x64

1

$PROGRAMFI...64.dll

windows11-21h2-x64

1

$_26_/Aubu...64.dll

windows10-1703-x64

1

$_26_/Aubu...64.dll

windows11-21h2-x64

1

$_27_/Aubu... 2.dll

windows10-1703-x64

3

$_27_/Aubu... 2.dll

windows11-21h2-x64

3

$_28_/Grai...64.dll

windows10-1703-x64

1

$_28_/Grai...64.dll

windows11-21h2-x64

1

Graillon-F...e.html

windows10-1703-x64

1

Graillon-F...e.html

windows11-21h2-x64

1

Resubmissions

07-07-2024 20:29

240707-y91taaxgjk 4

07-07-2024 20:21

240707-y48lyaxflq 4

20-04-2024 11:56

240420-n355bagg7x 4

Analysis

  • max time kernel
    181s
  • max time network
    200s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07-07-2024 20:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Graillon-FREE-2.8/Windows/Graillon-2-FREE-2.8.0.exe

  • Size

    9.4MB

  • MD5

    b15e6247e307fe3438f17aa05688ae5e

  • SHA1

    f68fe99bf6e6ed87b8d192406f01a3669e440cd2

  • SHA256

    b17c4d698a7ff93edbe0512bbf180c896e3ff96c6be8495d3b08dfa1d5c1cf8d

  • SHA512

    cdfe99a47ada756f5898dc91dda695926293b4ac5207d585d30d7572b17246443a9ddeba1f9d440e6e800cef535d8b9f6a4be21301f67c6f55cb0795ddf9032c

  • SSDEEP

    196608:1tJV+nIDBO8XnlxYmRtxtGnScMHRAErNWw+xOE1h5hOUOkqkDioCnck10:1taIDBO8XlxYmttdcMHRzOxDOUO1CXCI

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 37 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Graillon-FREE-2.8\Windows\Graillon-2-FREE-2.8.0.exe
    "C:\Users\Admin\AppData\Local\Temp\Graillon-FREE-2.8\Windows\Graillon-2-FREE-2.8.0.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    PID:2196
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1104
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2256
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.0.932341617\1364768339" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {910948cb-25a9-4dd7-82d2-66e1a421cbea} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 1784 1927fcda258 gpu
        3⤵
          PID:1732
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.1.1340620011\574418382" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1acaaae2-9d53-42d4-a502-a3e9521de906} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 2120 19275071f58 socket
          3⤵
            PID:3448
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.2.973002944\1937542256" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57798761-c235-449e-9b60-a76e8dcaf897} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 2944 1920b79c858 tab
            3⤵
              PID:4964
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.3.1471369149\1201088814" -childID 2 -isForBrowser -prefsHandle 3320 -prefMapHandle 3316 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ac4b4ff-e1e1-4f67-bbb7-a61ad209a5ee} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 1320 1920a046e58 tab
              3⤵
                PID:4396
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.4.755646664\1530676870" -childID 3 -isForBrowser -prefsHandle 3360 -prefMapHandle 3356 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ff0e8ae-9566-4aac-969b-e17f8080b68b} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 3396 1920a043558 tab
                3⤵
                  PID:3404
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.5.348303735\799184819" -childID 4 -isForBrowser -prefsHandle 5036 -prefMapHandle 4752 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9eecb242-679d-46d3-8ff9-0688e72be776} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 4976 19208c97758 tab
                  3⤵
                    PID:1428
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.6.2114192757\1840069445" -childID 5 -isForBrowser -prefsHandle 4280 -prefMapHandle 5056 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91c7f6d6-2df2-47d4-847f-1bc668e2b595} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 4904 1920e5c5658 tab
                    3⤵
                      PID:4240
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.7.1360478153\190831158" -childID 6 -isForBrowser -prefsHandle 5304 -prefMapHandle 5308 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {12d09032-8b55-4c84-a236-e64baedd3739} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 5292 1920e5c5958 tab
                      3⤵
                        PID:1384

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    3810381889cd7c5032e6e2432eba002f

                    SHA1

                    2d01e39a16bf8cf53c86ab6912882541823a30ce

                    SHA256

                    e4bdeea371d4e39fab4117a544759a88c7482e7b925d9f0c6c46743713e5acfe

                    SHA512

                    95df2e9b78c368459092d4a0f6b584799ed26254bcd510d9a2d276ef9dd0607e574af6a88b34ef5900e30d5a56a740f694a337b9459dd453634b8621bd0fa235

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\23003a51-b496-45f5-94f4-089afa7eff5f
                    Filesize

                    746B

                    MD5

                    cd9fe21b931cdf93eae910d8b38a1ce0

                    SHA1

                    c1ea0d87bd68b75151d6bffe614a2442d24d8f02

                    SHA256

                    6a205836bddb3bf1e13f3bfe17e17be475da50a7b353edaa5799b36400de0c3f

                    SHA512

                    0fb0a0460ec6a2d58824fa95fccbcbd003d2e099f9c93e33442885a65bd6bbcc9203e728bb0290b22b12bebb9e2bf200af6ca7a30ad6cd5dd924a88703cbac61

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\278b3db5-2a7e-4ec0-a505-0fcff1395e4d
                    Filesize

                    12KB

                    MD5

                    5ff316aca1571e750f2d0005bcb0ed60

                    SHA1

                    08871233ca5ed42fb0a20f15a562b1179e81525e

                    SHA256

                    ad7819adb48f48ec9ab450b1850fbcef1676b9efa3872aaf19bfe65a11cf875e

                    SHA512

                    6556e4d2d823b9e9b56260e765dde951ea065a693d77768ec08d97f81a581c53194990ce257e8d23934eff204c8aab488ba4363c0a7857990239a395ef93244c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    7e74a8dbfc8f6419578d06423da68a9c

                    SHA1

                    3d341d55e0d07c8d3146158956e6def650b36969

                    SHA256

                    6693b158fbe522aee6084dc005f32c94a4190b9afa20657dbbb55990f2fbd9ee

                    SHA512

                    189265c8738ece0e1f804cec519914e140e7b2f98b0c90023b16174496f2ab4112ecdd43f198191c24bf2be83494b5251e05822189ad3f325cd70dad831ecc44

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    f1291f296a6e3baa9b1b29b27596c55a

                    SHA1

                    813be5143ba9892b7e26fb663c3953127a82065f

                    SHA256

                    d525244d05460ced1fac979434ab008f8d44764a1c34c1a48a12f7ba126c5774

                    SHA512

                    bdadfa2bb5b98213a4465ae003e290a1424625af34e229de0bd8d3a45ad623ca7694b0a3ead1f0eb91e81157034907f99433d8f9659736cde85cb9069e8917fb

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    8e788133d76c6402d56a0be58a84cd76

                    SHA1

                    a9993448faf0a219a53c06d9afcd14f03480c8a2

                    SHA256

                    6cecc9de0617f78368c6b425ddd07199bbfa4d2f9c25efc537a3a97f5878dc58

                    SHA512

                    93603601008f63cb5e3008ba24ba8e13dd7948ddc3a3c40a5b1be2f52030a83f0932e95e911c797decd04dabeb19e1e477d1c94ac0678425c194076c816ecba8

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4
                    Filesize

                    885B

                    MD5

                    27fb4a0b371875e8b628c7c2dbdb1cb5

                    SHA1

                    614573271e0c450b14885d31d9abd7cba51fbe29

                    SHA256

                    08da4464327d9e23a43f30cdb7b72e94fb8af680e2b2e6d64d5a1a486fe5ef23

                    SHA512

                    8de2fc5edd97d748bd070ce449e33dc25b048d6e96c46d7ebf740de609582db4ad91f5827b789b38c2ef33f04d83601e86bcbdb1c67cac10d29c5ea231138cc0

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    184KB

                    MD5

                    731c0e733fe1e3123d366af7c8e578ae

                    SHA1

                    9756304ea773dd9cd96e5996dc79de2ed6a9ae9c

                    SHA256

                    8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359

                    SHA512

                    d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427

                    Download Submit

                  • \Users\Admin\AppData\Local\Temp\nsa7A61.tmp\System.dll
                    Filesize

                    12KB

                    MD5

                    4add245d4ba34b04f213409bfe504c07

                    SHA1

                    ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

                    SHA256

                    9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

                    SHA512

                    1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

                    Download Submit