Overview

overview

10

Static

static

3

maple.rar

windows11-21h2-x64

3

maple/Maple.exe

windows11-21h2-x64

10

main.pyc

windows11-21h2-x64

3

maple/asse...ge.png

windows11-21h2-x64

3

maple/asse...g.json

windows11-21h2-x64

3

maple/crack.dll

windows11-21h2-x64

9

maple/loader.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    211s
  • max time network
    285s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23-07-2024 10:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    maple.rar

  • Size

    83.6MB

  • MD5

    5496bbda0f232739693181b75449651d

  • SHA1

    6ead70b12fbe4531997c3ea926c7b063d3774993

  • SHA256

    45a32a4a46e916adfb5017ef80f07b7410f04879cd75193fedce951ba1751ced

  • SHA512

    e11145b8b3ffcfc43cde8b8f002c5607275ab80bd502126ceee4b616915b1f887a33536b9d1a6ffea82b37e696a23acaa829b7cf58b16d81b1e9236c8a750d72

  • SSDEEP

    1572864:juAoNPdn4+nKVQDd75zrPu5IdW6fZoNTLjqCJNekAKSO4OTLgpjK8SAsUja3J8/d:iFznKurPohjqCakQvWgpeThUu3JAtZ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 18 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\maple.rar
    1⤵
    • Modifies registry class
    PID:5540
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4912
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\maple.rar"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1376
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\maple.rar
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:3528
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 25749 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5243925b-1a6f-4b7f-9145-e68c90a6f0ca} 3528 "\\.\pipe\gecko-crash-server-pipe.3528" gpu
          4⤵
            PID:1236
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 26669 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e6dfdd1-aec5-4d77-a9a1-1ba7da60a301} 3528 "\\.\pipe\gecko-crash-server-pipe.3528" socket
            4⤵
            • Checks processor information in registry
            PID:5360
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3152 -childID 1 -isForBrowser -prefsHandle 3144 -prefMapHandle 3140 -prefsLen 26810 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ec6ae77-910f-4bb6-aa25-e0cbd76eecee} 3528 "\\.\pipe\gecko-crash-server-pipe.3528" tab
            4⤵
              PID:3740
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3128 -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 1436 -prefsLen 31159 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bc4b85f-a40a-4fe2-958d-ff2885a3aa5f} 3528 "\\.\pipe\gecko-crash-server-pipe.3528" tab
              4⤵
                PID:4412
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4072 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4232 -prefMapHandle 4268 -prefsLen 31159 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f07fedb-b2e3-4bee-9243-73100c50eebd} 3528 "\\.\pipe\gecko-crash-server-pipe.3528" utility
                4⤵
                • Checks processor information in registry
                PID:5972
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 3 -isForBrowser -prefsHandle 5552 -prefMapHandle 5540 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c710c78-c6d8-4c75-be81-6771df0cfece} 3528 "\\.\pipe\gecko-crash-server-pipe.3528" tab
                4⤵
                  PID:4152
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5756 -childID 4 -isForBrowser -prefsHandle 5680 -prefMapHandle 5748 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21fbc213-078f-4910-bb2b-d94b1d07d8ee} 3528 "\\.\pipe\gecko-crash-server-pipe.3528" tab
                  4⤵
                    PID:560
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5908 -childID 5 -isForBrowser -prefsHandle 4644 -prefMapHandle 5576 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {215fd620-18ca-4e8b-903e-678a15e51d4d} 3528 "\\.\pipe\gecko-crash-server-pipe.3528" tab
                    4⤵
                      PID:3424
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\maple.rar"
                1⤵
                  PID:4624
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\maple.rar
                    2⤵
                    • Checks processor information in registry
                    PID:4844
                • C:\Windows\System32\rundll32.exe
                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                  1⤵
                    PID:2444
                  • C:\Windows\system32\OpenWith.exe
                    C:\Windows\system32\OpenWith.exe -Embedding
                    1⤵
                    • Modifies registry class
                    PID:4972

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4i9bphnb.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    18KB

                    MD5

                    b30301f307b87f4e8f987c86c90c972a

                    SHA1

                    af81a9ba52a26071cc8719fd6890e4d92a5bb8b1

                    SHA256

                    f51787c583cdea6423988a375ad644d1b51bef62b6fea3a624a9d5458e6bfd14

                    SHA512

                    68932d3c982431dc49a380f6621366cbebf79602b48792425b92efbe097997c89b33aaace178e8e015f1713ccc14010bb11ea7e5e904717e1de5e76451e64720

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    a0d02abf499e66af36695c410bed150f

                    SHA1

                    db0a43cc6aaeda32f5c3999f2d36aafb835be4a3

                    SHA256

                    ac8eeaa0846b1a386f0014ea14282f0925a84864f5e992b3ea9756c3a6ec4cef

                    SHA512

                    7dc92cbe1ee1a7e58585c0ccdcc3af40f17fb929be085aaab2e52eb83d0b7e8ce74c2023ff1d08810a29aad21d7f8bb3094c9375a56a4ceac259fe1577c35cd7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\datareporting\glean\pending_pings\3b062256-399e-42c0-b2ac-4c8a1e4397e4
                    Filesize

                    27KB

                    MD5

                    88ff33b34dcc5b650e16a9812782c607

                    SHA1

                    2e0aecd29dcd3c30db2735acd2ecd126f29cc7c6

                    SHA256

                    8fb1d2ba324fa7e8be3bf74a5123590a1de55fa91caca51f1d3d3f86a9f9d49b

                    SHA512

                    06bea25da93d4f2637eb06da5cc350155f5726bde213cdf01054d26d70aa86dc9ec8fd19b46bfd605300d8106f150bf023d8fe29ec8795072a4717384eb4b481

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\datareporting\glean\pending_pings\3b581618-6415-48fc-85d5-21e99513ba6c
                    Filesize

                    671B

                    MD5

                    cc9860abd4b76e0fc7e9bb424d65c1df

                    SHA1

                    4bbcb592c91691697d3498dd5f9e6b10cae99834

                    SHA256

                    72ec445b923a3a73678ccef995e81c1d0c868d786f711dac8d20188d2b1b1ce5

                    SHA512

                    4ff288227dc95bd90714e8372bc30e7cbb40d1c596f672ecbd6abbd81f3f5b6715732b7fd8c7e4af6c7c8da25641ca43950928eb8177d88ec24846603d748444

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\datareporting\glean\pending_pings\b8bd7d42-c612-4882-a4c2-0019f5da5f83
                    Filesize

                    982B

                    MD5

                    02f8c58bfce9cb1ef8d1845c5384dce4

                    SHA1

                    cca8d3bab75edfeddafe191d0b2090a74be91fe1

                    SHA256

                    2934d2138e61f0a23eea3609d1fa5753598564f526abc46a881cb7076fb58835

                    SHA512

                    e7edcec50522bbbb79aea2847dd5f1c2a2acf0850fb5f7f6d16072de41a8406d37a27dfdc8b283276d0f211a8feed7e3d52070592ce14fc97ba277f05511ec29

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\prefs-1.js
                    Filesize

                    11KB

                    MD5

                    c6edabeafee74bc8254e130079b1461a

                    SHA1

                    6fb93d38cd388dd9cd7e82c626fff22e1e1ff800

                    SHA256

                    a3ae7a813dcc533691996b1842bb4944dba03064b10acaf340af9d2fe1fda227

                    SHA512

                    3d18d70b1bbfd8b04d5c023beb50497907590e0014ab5505551e2ab5d09b7aa879f0aff69ef845854cc2744172c65d94a0b68a83ab4c3640b2e85a3ce9065442

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\prefs-1.js
                    Filesize

                    11KB

                    MD5

                    d8f45741173b20c8a9e4d3e95a53fe0b

                    SHA1

                    20321760d829c59c89cb287b1dbdc314279c1ea3

                    SHA256

                    da27321b20b1e7282652ab2362c3dd9d3ef9ceba4dbd7db5f6691a4384f094dc

                    SHA512

                    3df6486d03b1fcef68987882b9ce4475f19e4387927faef7ee03592e378d800d788f979236911d46086a0996c94d0e171b231704b503dc857af4467a62b704c2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4i9bphnb.default-release\prefs.js
                    Filesize

                    8KB

                    MD5

                    8f8b1a135c82767a15e7ee8b4e555d85

                    SHA1

                    f6b1dd5f0397a97cba694d0789063e65ffd8c15d

                    SHA256

                    640063afd3a515c3de86da7bc6c47691debf38c24b08d5657a2421807821afe6

                    SHA512

                    7ef9aec06e86929bc540b406d1b3b97dcde69085a3aec1e1dc701d972eaf73ea6e1787489abd766abba780ea9f2a43d20338de5c42f14f7da5d7462a0a119954

                    Download Submit