Overview

overview

1

Static

static

1

42.zip

windows10-1703-x64

1

Resubmissions

02-08-2024 21:31

240802-1c217a1cqm 6

02-08-2024 21:28

240802-1a99sa1ckr 1

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02-08-2024 21:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42.zip

  • Size

    41KB

  • MD5

    1df9a18b18332f153918030b7b516615

  • SHA1

    6c42c62696616b72bbfc88a4be4ead57aa7bc503

  • SHA256

    bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

  • SHA512

    6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80

  • SSDEEP

    768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 14 IoCs
  • Suspicious use of SendNotifyMessage 13 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42.zip
    1⤵
      PID:4500
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2352
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:5052
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1636
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.0.12207390\1695709594" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20767 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fb60e54-f031-481a-97a4-8d1a8189c91a} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 1780 2777f7d7158 gpu
            3⤵
              PID:4480
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.1.1638032771\1498271170" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20848 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6179516e-7ade-4452-884b-6e45d900063b} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 2136 2777f70c058 socket
              3⤵
                PID:1840
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.2.1299546445\1364699922" -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 2912 -prefsLen 20951 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae881d1e-0a5f-46f3-ad8a-67b2bc40ebe6} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 2896 27705fa8758 tab
                3⤵
                  PID:196
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.3.543076813\2009636458" -childID 2 -isForBrowser -prefsHandle 3524 -prefMapHandle 3516 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {573836f1-53bd-4334-8f40-fa202550a7f0} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 3536 2770546e058 tab
                  3⤵
                    PID:2384
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.4.1831992094\13768642" -childID 3 -isForBrowser -prefsHandle 4392 -prefMapHandle 3948 -prefsLen 26271 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de00ef44-07fa-4e76-905c-d80294f7a8e9} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 4396 277079bfb58 tab
                    3⤵
                      PID:1332
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.5.800125078\2097718065" -childID 4 -isForBrowser -prefsHandle 4604 -prefMapHandle 4596 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa006046-44b2-464f-a52b-56d1340b0c08} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 5108 2770908cb58 tab
                      3⤵
                        PID:4628
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.6.1032795227\1940733972" -childID 5 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d65cedf-0bb7-4d18-b4f3-97b6e131df80} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 5192 2770908e058 tab
                        3⤵
                          PID:4296
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.7.1250494025\1628451310" -childID 6 -isForBrowser -prefsHandle 5472 -prefMapHandle 5468 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47e39838-a567-49cb-b1e4-acb551361d0d} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 5480 2770908e958 tab
                          3⤵
                            PID:4124
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.8.1353333704\962445868" -childID 7 -isForBrowser -prefsHandle 5412 -prefMapHandle 4604 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df8640ff-9a19-4c0b-b60c-e5c5c6e38daa} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 5480 27704695858 tab
                            3⤵
                              PID:520
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.9.392463383\1473025917" -childID 8 -isForBrowser -prefsHandle 4672 -prefMapHandle 4536 -prefsLen 26714 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09ab9cfc-34d3-4553-b2bc-5cb823d3e7b3} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 4784 277081fc358 tab
                              3⤵
                                PID:3876

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp
                            Filesize

                            25KB

                            MD5

                            6263634670dcd378b1b5c63aad72360d

                            SHA1

                            aed2ee25cf2abae00da8440bd3d654d9ef30f509

                            SHA256

                            40ef5a078de7ad66366bb672d41c3112a82d430da26170e89f38ff9a2762c65f

                            SHA512

                            d4e832173845a374eac41c5af3855cc45fd78c6ff221234255bb72439fda2dbd7f950803038187634b18edbc2c0c20b2a58da59436d1c6afaed66f69d07e915e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\68BC2ADA259BF925235C7E6BF89FCA3B60EECD19
                            Filesize

                            60KB

                            MD5

                            0acbf8a64f00a0221769b279b4e1bee9

                            SHA1

                            7956b293bf96630120a418d31cfffcdb7fb4a3e0

                            SHA256

                            ededf97954c7b7a7e57c0dcb8d63a36c292c02bf8962b8cb0ce873b550d3fbf6

                            SHA512

                            ba1a4a118e600f447589146ec21496dd48fd787cc43675ca66f2a63612f253f1faf6cfa0c4bf53e18dc2ab1ecc5c3be4400baf95bde9b873f1419057aa44649c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\C45EB0179CFFFC7B4CA1E522C371AA6043DFB334
                            Filesize

                            218KB

                            MD5

                            5d228669a66a46124cd7a8b0a0ce4443

                            SHA1

                            04c4fb8d1d0c4ea18050b858725ba66671192ba0

                            SHA256

                            d9ee4dd0b0da7e675a360b18c2c894bdb648594f016c36e3ecd1ed762ba04a20

                            SHA512

                            1a4c67428fe43212073de15e9f6c5779bd5d4e33ca9a927ebe963d7459fd61ec7879bffbe8646d6dac484644fe48da0356baf687d6620bec5115301ef07433cb

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                            Filesize

                            7KB

                            MD5

                            c460716b62456449360b23cf5663f275

                            SHA1

                            06573a83d88286153066bae7062cc9300e567d92

                            SHA256

                            0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

                            SHA512

                            476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
                            Filesize

                            2KB

                            MD5

                            25102016b1c14166744bd19f8a874830

                            SHA1

                            a3e2a4e29b16ca92cf5f5fbc61122161922eb5d1

                            SHA256

                            f16702ea2514ed948f1b745b3108b4902f55016a885e1804cfd1fe89de73b085

                            SHA512

                            e8374782d54e7230e033646ce687933d98a43630593509941baa3c2baabcfc88aab0c026f74c408b34baa52e9d13a0678c0b570d4479a1970cf04e442c27311d

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\61250c52-0445-4be2-860d-f76c6ea9585a
                            Filesize

                            10KB

                            MD5

                            7e432b7a52b586d504634a10e9698c58

                            SHA1

                            88b492a9cc25e1aeb2c037e62d0811710e9a4df3

                            SHA256

                            90bc962884c84cb54ca0473f08e3b00af785abacd3d2bc6ac108146dd2995475

                            SHA512

                            daadfe6f5a21e0b22d4337349691e95252aa544cc805701574976c161f72bf5f384ecb646f718208c13de85e663e736006e7397ae073d1468e338d69cc34c0bd

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\d697da2c-adc9-4b7f-aff1-40fea5df79f8
                            Filesize

                            746B

                            MD5

                            39e7c503806a8bb324afe55b6d39cc9f

                            SHA1

                            82a9c764ca98ba71de25a8f591223835a97029f1

                            SHA256

                            7a8d36e0fe0d54c4d919b88aca849ba4a443c532704c0d8bd041c49d32b0f29a

                            SHA512

                            5329e1a9d62256e0b5e34e0802f92538af9683c658ac0726546a4eb69bcf66539c7640cb705e0d872a0d53b29fa20334bb68d84a02452b7173440f2ff473fcb4

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            cbb4519bfda501b04dbb061c803cd1c3

                            SHA1

                            4cc5fb596295c67879e64d6c7e9e2b83080cc109

                            SHA256

                            500f778f4a133231225e82f6aba63e78dd8366e2618e8a314a1ab152da9edd0d

                            SHA512

                            8fbe898f58311841e7be5e4e0d28aceb1925061d8979c0743eea51809d74d1f0006b6d79d231f8d2a4cc3e7f0a87102d0f5d4fb2dcc05d26549b42bac6609de3

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            58fc192acde07e4c7710f3e39549f885

                            SHA1

                            484874753f0320a53e2656ba0f794bb639af25a6

                            SHA256

                            8700a582de8abe74c9db570c3495a658031b24c01f532def1ad0723c68e1a921

                            SHA512

                            a4587ff5b65d5aa44f803c0e2a67e0c6ad2a0efbcb4b3c3e6c52b0509515981e967ca3e269dd8f151d286aa2e9a6569223b45003bd872618d837c0e14d9ce06c

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            71ace9db32f24421dddfc63e31577023

                            SHA1

                            52ea709078d94c4dd956d5c849a4debc2c58430d

                            SHA256

                            73ef5ad889197b45d584ab146825a35c255a20a9415ba7393a81b9163a438a41

                            SHA512

                            dff36a7473504fbc985bcb648c7cbf0ae673dd4294be3d211eb44d22f0ce4ab94cb79ca7cbcf45da717fae1dd4b9044cd49cd99e84d67d4289a3655c8821aa19

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            5KB

                            MD5

                            d65d46db49ab9dfb23af8176abdd1c3d

                            SHA1

                            c7936061e71c6141d332c4edf9239bb0edc6f324

                            SHA256

                            b43ad27de29a180b4e5bc100e9f794f83d74f78a71761f1191aff9690569c6a9

                            SHA512

                            617eb71f96936532da528f574273946920505a9aa8af0e263bc0f8c432124cbc29e4d2ce469cd80bb09b7e179727751a62f06ef7f2e75a95aecb09dcfe47a8f6

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            156f372b2e2ff309f414df9d96bfc9c9

                            SHA1

                            3061519b1b5fcd8e6913c56a592a09becee7d08a

                            SHA256

                            15ece92493ceec6e1f3487631e7da9f8bc40a2398c40bec10be38d69a96f00db

                            SHA512

                            4a38b997e5d9fd7600d2e3606b3bb5e9e5c5dcbe6d1308063da124d6421b1850b0078f40c8370f8fce19fe44b579c67afa2bfd20dbb086142b92dde454ef4aef

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            3KB

                            MD5

                            4cd03f54bd6ffd346b2f3eec524ddd4a

                            SHA1

                            935bb25e2f73bbe7fe3b24d1e912c7c257f5d4d6

                            SHA256

                            abf735fe98ccbc306e101f3c3a7ddd6d3b137c5c6e0c7a009c5883d66b8cd64e

                            SHA512

                            f7ef9b1bbbcb2dd94ea38c379d2aec0df22890a0482c30177663547febeda943b995542eec3ed46ebe3e48f187acea9119445781df18d9950c7eae2112f27ff1

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            4e2b580a59ed0cb1aa73dfc5878d51aa

                            SHA1

                            255952cbe2e1c8f498b85a93d84b305742593cc4

                            SHA256

                            97ce6f4d5ab1bef8940cd2e9ed11dbe6301d6ba2f5a47bc3f0e42d1f6c86a0d9

                            SHA512

                            33109432aac6e5247a3175afdc7bb606391bb2f74e0567daa4202e09ef749b9c308d3fc774fa3e440aabf235287ec279b71520384c13c47f3e2488de9e06559c

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            42030420c912eacbf82b0951b77cef10

                            SHA1

                            1e5ba7de4ca0b965f2948c44e5e61921867abab5

                            SHA256

                            62215e4b8ce5e3bc3c7359fa01501b90c0acf69bc97301924f4f15101b99d5c1

                            SHA512

                            3570c3b1740ca0cfa64c3ca7b2046b0d4aea4e0bea4f07e6257e28d0a0b334be09ce28a87194cc49ba35e0090453363e66baa321582f85465ac158e3505d98e8

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            4KB

                            MD5

                            91c02ddd00b7870abe13820c42e138cf

                            SHA1

                            db8dc6b91d55fe4138f281e104b514f65618a506

                            SHA256

                            a99c403e6fffba6f0334bbaa035fb2489bd37eb2622deef9c9a9d8db1f06486e

                            SHA512

                            fec8486418e1c28f6dd9f68906f3ea49b6d36d0b047dce1673617d80b9c93f4da845b93a438aa4249b3f8fb12eb0e5756311786f5ca10a030dfe46743cb837c4

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                            Filesize

                            184KB

                            MD5

                            6fb529a6040edced72255baf206751b3

                            SHA1

                            d86a9e27b28d30d06bf0134fc1f1dbe1c8eddde2

                            SHA256

                            0854a410ae1d03645fb10f650df8a76657332b00ebb80a86b3a2167e305fa970

                            SHA512

                            b62f30ad4cd0801c044258e0c16ffce4a945f4f94b1352caa03aa5639c0d7efc971e6b32bdac81eeb79d02715dfa4deec490f2e385f00b40008edaa6addc4020

                            Download Submit