Overview

overview

3

Static

static

1

45930-anim...ne.jpg

windows10-1703-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14/07/2024, 13:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    45930-anime-Laughing_Coffin-Sword_Art_Online.jpg

  • Size

    80KB

  • MD5

    7d678e5bc3da1887bf80549727fb0e57

  • SHA1

    b71510b0b1dae37110582daf29c91e3eeba784e2

  • SHA256

    9ec27cfdf0ad10a9a8a4c319e64cb18d2213dc96b14bacff043236e632626ea1

  • SHA512

    023126151a9a70559d751f70b5edf3d905e717837df15027112db7b310add82181aad4cbc2a6562e686dda41fe69a55bd7983aa97eb6ae2d79ae13a43b5a12af

  • SSDEEP

    1536:5py4/sO2Y9IColW3swII0YVnFQnJleWV8:3y46sICoMczIAJlS

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\45930-anime-Laughing_Coffin-Sword_Art_Online.jpg
    1⤵
      PID:412
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3160
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:624
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="624.0.570155471\1490048409" -parentBuildID 20221007134813 -prefsHandle 1660 -prefMapHandle 1656 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74fd1bd9-9e11-4be3-be63-81843d879880} 624 "\\.\pipe\gecko-crash-server-pipe.624" 1776 251110f7e58 gpu
          3⤵
            PID:1324
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="624.1.1588806355\2067288368" -parentBuildID 20221007134813 -prefsHandle 2120 -prefMapHandle 2116 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5d00f8a-a6fe-400a-9434-c280220a17f0} 624 "\\.\pipe\gecko-crash-server-pipe.624" 2132 25110ff9558 socket
            3⤵
              PID:4364
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="624.2.2004443887\519186796" -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 3148 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {806bd535-abde-42ce-8aa7-c5c9b7cd23c1} 624 "\\.\pipe\gecko-crash-server-pipe.624" 3096 25115299158 tab
              3⤵
                PID:4796
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="624.3.1405184143\976941397" -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39138386-8b72-4b04-af6b-f02e4b21830b} 624 "\\.\pipe\gecko-crash-server-pipe.624" 3652 25116276358 tab
                3⤵
                  PID:2232
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="624.4.33874287\344922342" -childID 3 -isForBrowser -prefsHandle 4244 -prefMapHandle 4240 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1ebb973-d6bd-4d82-bdcc-d8f854035502} 624 "\\.\pipe\gecko-crash-server-pipe.624" 4260 25116afee58 tab
                  3⤵
                    PID:2544
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="624.5.1769086500\1983406242" -childID 4 -isForBrowser -prefsHandle 4884 -prefMapHandle 4896 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93a3f3b9-0196-45ec-a17c-74d9121decdb} 624 "\\.\pipe\gecko-crash-server-pipe.624" 4900 251175c4758 tab
                    3⤵
                      PID:4056
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="624.6.1298001068\57365675" -childID 5 -isForBrowser -prefsHandle 5080 -prefMapHandle 5084 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebb1a727-fae0-4503-974f-12acb4c1c5e3} 624 "\\.\pipe\gecko-crash-server-pipe.624" 5068 25117815f58 tab
                      3⤵
                        PID:4372
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="624.7.1580579899\1419119410" -childID 6 -isForBrowser -prefsHandle 5256 -prefMapHandle 5260 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84a9b744-7028-4549-9755-1142b277e2b8} 624 "\\.\pipe\gecko-crash-server-pipe.624" 5248 25117816e58 tab
                        3⤵
                          PID:4116
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="624.8.402596186\139390170" -childID 7 -isForBrowser -prefsHandle 4804 -prefMapHandle 1564 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a162881-158f-40a0-b131-c830f25d2cc8} 624 "\\.\pipe\gecko-crash-server-pipe.624" 3116 25113920b58 tab
                          3⤵
                            PID:3088

                      Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\BF27C53A6304DE459D0C07883A9FCAC5D8FF4132
                              Filesize

                              60KB

                              MD5

                              c0b4162094c973730290e32fd49bff2f

                              SHA1

                              286ae0b138610aa35127e9de76724342b2bffd97

                              SHA256

                              c523e22410c29895338514db0990feaa6e0c19c218b49ebfa658ac91ea3e6f76

                              SHA512

                              52e2236823e6318e78d0a10c82626687ac6a47073f056a7b41b6a8b8582873ad0f5f3d55b36d7faf9325812d3f409d1a9a7c608cc9e33357b815b1b0601732b4

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin
                              Filesize

                              2KB

                              MD5

                              947c58d7a33896c2d28950ce3c1b3422

                              SHA1

                              8daa624c171e196e54ecbf15e0756cd72560fffd

                              SHA256

                              b34ae27afc959f3fb756ef030268c83be4fa2b5f8a60272325651647f9081297

                              SHA512

                              1b6cf0e754907c01aec0a69a6648b5faaf1d33c1754b0d2c7d857acb950f9415122651a5a985a02add890b1e36e7e75e35cbcb0ba233e4d38e6e3d14a909a0c2

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\1b809f1d-1f0a-4746-a6cc-b882cc6e5dc4
                              Filesize

                              746B

                              MD5

                              1b7d6163eacce7c4a2bd3e2b363c6b1c

                              SHA1

                              6df0512b1186f31097664e3e7707842b07e4eb4e

                              SHA256

                              464755a38b8c48acbd63854a388714ee1ef3c3ca39e87b94fc2b9bcc6dd46a82

                              SHA512

                              21d0459c727f0e51df054e6a2b23c0b4c9aadd6712d5365f493fac8bc2d66ebc66046992b56906489b36af2daaa6747e6a771d0a94f90e84c1d285964b9a63fe

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\5f224476-c1ea-4f94-b12b-055e744f0ac6
                              Filesize

                              10KB

                              MD5

                              fb982bbfd77518c2ca6df98b2d77b0ff

                              SHA1

                              e75d77cc59324f8267ff444d7fd052047c58d318

                              SHA256

                              7324f9d23e786f3a4e32556662504644ba44ba03b3dbdae537f0e381dd75aaa2

                              SHA512

                              8272c1589aed2bbab0a614299100eb27bb59624da00ff0b5402805316d07444e3364d04fff1d37ac7e779400d1b43f7b84045cbf0b15c70cbe1ee2c89a05eeb1

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              cc3faf82a5c8f8c9392379b71248cd8e

                              SHA1

                              d854f6df946b3f6b2c5fc5b8155a5955db078532

                              SHA256

                              6dc3167d2b2b240bf0ad2fc969ca0050070770778baded219ca0d64a01b81c24

                              SHA512

                              9384731f8e46797c5fc5d7511f2adb50fdfe019e85ad767c20229ae1fb96abcad48ab76f90a351f396bfeac167c9a40de26ee614439123930fab8956000f9101

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              0093464ae9cb56424c67bc97a86fd50d

                              SHA1

                              bcbb3e270cde13ee04007f7e8b92f45963b9cdc4

                              SHA256

                              2fc78677705bd1991391e5b43435f7def2c5f125a3cb7fc4966bff88a5cf317e

                              SHA512

                              709d682275a7bf329bdfb339a3c3ebbfb0b04c0f561f0c6951f3c172f236362dc9236f1f1af68549fdd19de9ca3d0751408c77f9fc5f63bc0bb13f9ca28fe923

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              1KB

                              MD5

                              62c1d377f0fde77a77289129f3dbf3f9

                              SHA1

                              9b16d4d481ff6b479a02b3628a03e4aec732dfdc

                              SHA256

                              1d2047a85943540fc4253be98d6f9e637a818d57ef5c2382b83c5c48ba88ebde

                              SHA512

                              f44421ed307f061c6ffdb7928bf88567ecd658a15235953496f0af7caf2b9949204dd31493ce4f07ca270c6852eec0c8cfedff1879f4b8d4a380bc6ba190181f

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              4KB

                              MD5

                              05a347d23813bd8921a10c2725ae6931

                              SHA1

                              5377a10401b9f07baec953d218178a477defffdf

                              SHA256

                              c796cf0fc825cad90599d0823058848e9ce32ea47d0dc0ce7691894aa5ec913e

                              SHA512

                              239c2b40464efd3d4843c556dffd6dbfe0a30f2a3d03c31358d64353e9dc898bcfec4e67011287a4b39b9d17b536a122d1ea6fecf9c1b090f036cb40d2395717

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              4KB

                              MD5

                              496dcb8fcdd2ae29d86f4c50a5b93849

                              SHA1

                              0043fd44a2171371f59454ea39c332cbdf269ee0

                              SHA256

                              aa313365f9477809ebe603026e29a5d1fa795fccab8893b1e628f540c4eb6dec

                              SHA512

                              d9317581cb032efd62ed9ca250e714453ce1bda69fded598070e961495994434e0e269f637f6358dd9cc55ce0985ce544b9b9bd7e8a4a3d3f8d461960a88a528

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              4KB

                              MD5

                              184c6299fb565fc7b1f4d7dbdc38e0ef

                              SHA1

                              5bf8f03fb4564a330c598f9de921bc762f3471d3

                              SHA256

                              8911342ce59f10604486a0748036dec8d4a071b5141a10648011ec079e595f39

                              SHA512

                              ec0732cf087d46b3077dc1443e7ca586a8d255dbeda405be65df4b183863b32ebd94c2c4f2a920a84fa1e0ab1b254bace29faa650160ecd6ded52409ea551050

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              3KB

                              MD5

                              0adcc3cb7e897def0651969691b19636

                              SHA1

                              1e80c924608f3461aef22abd70bf5625acb648e1

                              SHA256

                              ddb1b5dec211069291dbd90f45fdc0cf6a8408ed2751d0114e84b502b25c8d18

                              SHA512

                              e3c9c645cb24ebea8dcf5c02f63975097c42d2bc6d437058025d6d387eca179a8556d5449fcd02e10dd27c2735811033f20b23bb61aced9cb39912cde7e2694f

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              4KB

                              MD5

                              9ecf58351821bf0986d8f34df1e6d5f7

                              SHA1

                              5c16b88fc9f8cde9086af8bde1bd72fa161a06d1

                              SHA256

                              c67c71e11bb2bea5c9eea534247cccbdefbcc79baabb3abf675c1107d4b5c971

                              SHA512

                              225937efefd705af5479d2bb0cb8926c25835c1805dc95bffbf12ac06354f04a5641acb6141cacbf7fc16e5b3be84b9613cec01f53b67ce2de46e78776bcd88a

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              4KB

                              MD5

                              3893817ba977b6a1867badeff36766cc

                              SHA1

                              0c6d935f657dc0191aca8da1505fbac0ebc02f8a

                              SHA256

                              3c23ef3894ff7e6b9d639a3a2929a62812693bca8f470a9d005e022f699cdbcc

                              SHA512

                              25e86ae6741c9c5c707b139e7713cca64aa5f672eb267a0bbede6e8d061c6845f7b0d3dbf11fd4bdbdeef74ed57825295867b56f0fd65f6d562338af7e77acf1

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                              Filesize

                              184KB

                              MD5

                              3018d1aad8385b734068dbad441e344e

                              SHA1

                              2a3925bc92ec843db64b6db2cd6fe18ccf084a86

                              SHA256

                              f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88

                              SHA512

                              7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0

                              Download Submit