Overview

overview

5

Static

static

1

Muse_Hub.exe

windows7-x64

Muse_Hub.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    57s
  • max time network
    58s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 16:15

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Muse_Hub.exe

  • Size

    38.2MB

  • MD5

    113b0b7cfcaf7b11d541d6860534ce2c

  • SHA1

    443a0f24974652fd2d081b952061a5e0f386e71a

  • SHA256

    0f9765f58fc4389dcd7541172a4454c0f646dbec174e828a64abc9aa19de4990

  • SHA512

    78f09c46d202d73194f7c648effd03c250a20dc280e07bddb9380128c6077ce86d78da1ce22be1fcc14024a09aa35bd23f9288f1a650d66233b21ddaaa93c9e4

  • SSDEEP

    786432:mt+ooIxXSZFxfPfRLtX630iml6R/YwsNnoPv7pAMVUZ4HG04Rgrk:mt+ooIJsxn1tq30iu6R/vsNnCVUZ4Hl4

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Muse_Hub.exe
    "C:\Users\Admin\AppData\Local\Temp\Muse_Hub.exe"
    1⤵
      PID:2712
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2840
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2868
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.0.244799543\1277518180" -parentBuildID 20221007134813 -prefsHandle 1204 -prefMapHandle 1112 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c00545ec-ac90-4b44-a68b-a798047842ac} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 1316 104e1858 gpu
          3⤵
            PID:2484
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.1.1613239947\1135040475" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {863a5c0d-65ad-46fe-8db8-1570026cb929} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 1500 f3ee558 socket
            3⤵
            • Checks processor information in registry
            PID:2632
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.2.1884990144\1831773090" -childID 1 -isForBrowser -prefsHandle 2032 -prefMapHandle 2028 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 708 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5ee2b04-ae29-4655-9be8-06bdd1984139} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 2052 19871d58 tab
            3⤵
              PID:1556
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.3.375259597\1876302974" -childID 2 -isForBrowser -prefsHandle 2428 -prefMapHandle 2420 -prefsLen 26151 -prefMapSize 233444 -jsInitHandle 708 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4e3e40e-1788-4367-88f7-0974f6e482ab} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 2440 1c4e6c58 tab
              3⤵
                PID:2228
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.4.728543382\1081318657" -childID 3 -isForBrowser -prefsHandle 3000 -prefMapHandle 2996 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 708 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f60c9ee4-e58f-4861-8f0c-23c8d7430a3b} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 3008 1cdf5258 tab
                3⤵
                  PID:1936
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.5.439305431\2009736908" -childID 4 -isForBrowser -prefsHandle 3916 -prefMapHandle 3912 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 708 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a33b7ac5-be79-4176-94cf-75a7746172c4} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 3928 1f2b0658 tab
                  3⤵
                    PID:1496
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.6.598613789\1891941396" -childID 5 -isForBrowser -prefsHandle 4036 -prefMapHandle 4040 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 708 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6feadc54-7036-4601-9ddb-67c6feabc2f4} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 4024 1f436658 tab
                    3⤵
                      PID:2836
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.7.344368340\1851688037" -childID 6 -isForBrowser -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 708 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa018572-7eea-4460-98a8-47f3d60c4182} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 4072 1f436358 tab
                      3⤵
                        PID:2800
                  • C:\Windows\system32\LogonUI.exe
                    "LogonUI.exe" /flags:0x0
                    1⤵
                      PID:808
                    • C:\Windows\system32\LogonUI.exe
                      "LogonUI.exe" /flags:0x1
                      1⤵
                        PID:1732

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\activity-stream.discovery_stream.json.tmp
                        Filesize

                        22KB

                        MD5

                        b0c4405e51c12016a140928880c22717

                        SHA1

                        3990b052e97f1f09cbbb534fe7b52da818443c62

                        SHA256

                        bf3bd18b7a4e195db3042aabec38cb349a4f79123ca036d65b9415c1a89e33de

                        SHA512

                        07c2593bdae901f0885ac27270767ba56b512e61232d374c8afe13f7081043430099adfb4f6c313e65885046a7cf5ec3cc6355838f95e1b7b29838a8cb763250

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin
                        Filesize

                        2KB

                        MD5

                        7e0bddc597e137f25c10ff64cd70e4bc

                        SHA1

                        481d651035115a2ef76bb32bb26fd7084a215bdd

                        SHA256

                        227b640119e62afba9fae2b737cb5883107e98008f77480bb15582ffd084243e

                        SHA512

                        2991bf45673683859d9f18e2b8d84228c57b571ff54b7467c78304220593601bb4a878a5ba3e61d7d478ffeb7824bb0c16df67e9e7d8a71906f40b406f3560bf

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\bdf048db-bb03-4290-a7a5-aadedec729f6
                        Filesize

                        745B

                        MD5

                        f7172b0ce1fce25261ea38d886a999cc

                        SHA1

                        33987848d498640a1987330cdf40d26e3bb8fc45

                        SHA256

                        9f0b4129aaf72aad713d21e7cb6934381aadeac3417e83d0943f0eaea71f8cf5

                        SHA512

                        8836071bd8cc58de9137a101fb833b3960ac1c320c00a7e22d823efb1f265436bfeef39b5121d75594c0b55817f75edb49038ea5c49d5db2c093f7e694049d12

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\ddf947a5-8c9d-474d-8371-513173f5d58a
                        Filesize

                        12KB

                        MD5

                        70ea39d930c0d1a5b0fda8aaf64ee60c

                        SHA1

                        d3b9fd625414b15bc8164a7fbe7d6b2610f4089b

                        SHA256

                        7cb10e328522885e149954e28ab830b6f31a6ea71260f0f17afee6adbd9ea48c

                        SHA512

                        d637931b505ce1bbecef78f094a51b36bc22c89a90b2522544f625783246e85e272506393e87ce141630161afcc0d4ff5ff5ee8a89651729f7287cb9b719bdcb

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
                        Filesize

                        6KB

                        MD5

                        d7c8f1852641571bc543a96126da397b

                        SHA1

                        24da2bf645cd6f455e20878ca785f94bf3dd5b91

                        SHA256

                        270a1b68f47a01763852744d14d1135adae9919385164eed504bddd3fdae65b1

                        SHA512

                        df39fe148a8731aaf224dcf00e208b9e3e36dd48f7483021171cce7542c8782e78c4c458cba7111572d713059c31aae00dd9ae17332ff707daaee795f9cd493e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore.jsonlz4
                        Filesize

                        830B

                        MD5

                        ee9e69f5ddc1b6bab783ecbc71fc238f

                        SHA1

                        49a2b8900535b09d587720ad7b2f9dc2efaefe8e

                        SHA256

                        bf226fc45cafaedbd10bb6e88645d3085dc2ca8eae5326d40dbdf501becbaff3

                        SHA512

                        2b3c23e02553bb8f713a990ab9c85317283b76d74f0e12e378d0dfaa4ab7c48d3e775a22a90c4c3074db698cb805fbb05fcbe2932e76c24a173c748ab34fb472

                        Download Submit

                      • memory/808-174-0x0000000002D90000-0x0000000002D91000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/1732-175-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

                        Filesize

                        4KB

                        Download