Overview

overview

3

Static

static

3

Bootstrapper.exe

windows10-1703-x64

3

Resubmissions

03/08/2024, 04:56

240803-fkvxmatfrn 3

03/08/2024, 04:46

240803-feadqstekl 7

03/08/2024, 04:43

240803-fcr6rstdqn 7

03/08/2024, 04:38

240803-e9w1jstdjq 7

Analysis

  • max time kernel
    129s
  • max time network
    136s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/08/2024, 04:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bootstrapper.exe

  • Size

    795KB

  • MD5

    365971e549352a15e150b60294ec2e57

  • SHA1

    2932242b427e81b1b4ac8c11fb17793eae0939f7

  • SHA256

    faad2bc8e61b75e595a80ff2b6d150ff8b27187a8ba426cc1e5e38e193ab6d42

  • SHA512

    f7ba1353e880213a6bdf5bd1dfdfd42a0acf4066a540a502e8df8fec8eac7fb80b75aa52e68eca98be3f7701da48eb90758e5b94d72013d3dff05e0aaf27e938

  • SSDEEP

    12288:GYa9sBhIBdCdbX1USoeQDj/VNpA+dZIznBpGTEy:Pa98hIBdjSoeQDj/VNpZdZIznBpg

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe
    "C:\Users\Admin\AppData\Local\Temp\Bootstrapper.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:2868
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 996
      2⤵
      • Program crash
      PID:5108
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:220
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3604
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.0.1996237238\1873558051" -parentBuildID 20221007134813 -prefsHandle 1672 -prefMapHandle 1660 -prefsLen 20845 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {382c986f-a627-481b-9959-62b6d4868582} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 1764 1cac0feb858 gpu
        3⤵
          PID:1792
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.1.85022378\1256095268" -parentBuildID 20221007134813 -prefsHandle 2084 -prefMapHandle 2080 -prefsLen 20926 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3101b933-86af-434a-83b7-d13fd2e543a4} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 2120 1cac0b43558 socket
          3⤵
          • Checks processor information in registry
          PID:4308
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.2.1879553563\1459356699" -childID 1 -isForBrowser -prefsHandle 2760 -prefMapHandle 2928 -prefsLen 20964 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c32cbe13-f958-45a5-9e59-cb093b95f9e0} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 3064 1cac52b8b58 tab
          3⤵
            PID:2276
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.3.1002107645\340011841" -childID 2 -isForBrowser -prefsHandle 3344 -prefMapHandle 2756 -prefsLen 26214 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e2900b8-7794-415e-a382-edbc7870a2ea} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 3384 1cac6030e58 tab
            3⤵
              PID:2788
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.4.666262234\255861961" -childID 3 -isForBrowser -prefsHandle 4696 -prefMapHandle 4628 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b91ce8d4-74bd-47ce-b74e-b3970a6cfaf4} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 4708 1cac77a9e58 tab
              3⤵
                PID:3500
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.5.1590524660\1390510008" -childID 4 -isForBrowser -prefsHandle 4872 -prefMapHandle 4940 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5701982-3187-459a-9684-dae92cd6621d} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 4880 1cac77a9858 tab
                3⤵
                  PID:2780
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.6.1143347828\1789111961" -childID 5 -isForBrowser -prefsHandle 5040 -prefMapHandle 5044 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9488a7e-fe58-4303-b692-40c5f2cfe77d} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 5028 1cac59b8258 tab
                  3⤵
                    PID:4212
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.7.1077397308\1735147458" -childID 6 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60b2a169-6f1f-4bd6-a30c-e34c728ee516} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 5224 1cac59bbb58 tab
                    3⤵
                      PID:3000
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3604.8.895648181\1262317242" -childID 7 -isForBrowser -prefsHandle 5528 -prefMapHandle 2964 -prefsLen 26433 -prefMapSize 233444 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff3e132e-3e28-4ab3-9a0c-ced43fb2eb59} 3604 "\\.\pipe\gecko-crash-server-pipe.3604" 5532 1cac849f458 tab
                      3⤵
                        PID:3460

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    24KB

                    MD5

                    0db151a2f07f793ba33b7c24c3fb1fb3

                    SHA1

                    ab4b35d1a44372db0fb745fc00c829f747c55f83

                    SHA256

                    c4d25ac9fbe4a7401957dee55527a6b90008c411962234bf4c4a4ae6bbc91190

                    SHA512

                    4b7849131af6d4518f192d4c275b9d1f1bd5bdae1294e2b9d78f24eb3f8c2239990b5aea7430975ca54ae879eb902393c601c33d6e0e63b558858b693ea1d637

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                    Filesize

                    7KB

                    MD5

                    c460716b62456449360b23cf5663f275

                    SHA1

                    06573a83d88286153066bae7062cc9300e567d92

                    SHA256

                    0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

                    SHA512

                    476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    455b12755ed69c2716aa148beaa2cc2c

                    SHA1

                    b009378caf77888a0f27ddc1969804177a3349eb

                    SHA256

                    75dcca3182a16c38b275c33b33c4e86138b203fc4a484cf6e13d3109f0e89f68

                    SHA512

                    458988a0006e433b9c05e73aed5fc9353e6efc1e17427be8ae77b84ef769b5f3206347f206d164f20f921adb2cec9b627bdb9b8d3e407e20d042f9470b250dfb

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    4bf925ca1ce57c1e6f7acbe7abb63478

                    SHA1

                    0073afbb8693d80287f5c05486302a879a82279f

                    SHA256

                    f04d79063fd1a6f18a37655961f4f618e6c6e7c6b171f7c17f7c2400a8076825

                    SHA512

                    323edba1f5e286135ec48be87ab34f4198146ba2921a9820216c3ed39319c2295f73fa2ecfec855f74df1665b60c243145e5ba998a181385600676569f37476b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\3d412992-0ed6-4f5c-96e3-9fe0ab6e3d0a
                    Filesize

                    11KB

                    MD5

                    24ae5987d2bacc7866ca390db54b010a

                    SHA1

                    920a22df929d1798246df932139030d179e017df

                    SHA256

                    88ca5a5a8ac96b84b277baade3c1be5dc60f6f6163d57774f81bcebde4f71983

                    SHA512

                    bf37fafbb4cd3e0b6fe5cfcc0159374f0f02fed2414cfef365423f490522c1ca28a34f0aa64afef0fc6d1c127b02fba90b73b52b1e9a8734b7a80c87f64511c3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\94c916d3-05e1-4fe1-8de5-ef1cd26c8dd9
                    Filesize

                    746B

                    MD5

                    8a881e382fd6eef5fc974c4075d6a9af

                    SHA1

                    542b4dfdcc7628fe27699d07d48e417fa63e55c3

                    SHA256

                    49842ac479b70099ae623f9161abff51e12050a9ef882520f2e9bf74ed953e8c

                    SHA512

                    556f58fed2821cca0b3270acfc593b2e6c12dde9d84b03332dbc2a2175de4906f81cb01548c9af2c0723e2a7c246336aabf52e22054064bea25a543d1976bc34

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    16c1fda467ddf82030dca3eb486d7095

                    SHA1

                    2c71e781e6f16d7bb0b0619562ce8f3369af599f

                    SHA256

                    3cf1e1277f386864995630a4474246ac8283a49c302f337f56ff99fbc71ee601

                    SHA512

                    d7ae2dae8e3d7603e32a0d40c90275bac91c373a8e1cf39f8280b0586c297d8e726310cc419ab259bc7c4a5f02a8ba6ef4ceed5854da490a476149b00cbfeed6

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    9c9510c62c4202951d077ef7ef7efa8c

                    SHA1

                    1f3b122ad6b60abdc48fd2a0406f55272382a325

                    SHA256

                    cf7f8e6bef7eff3c9082d4e6f5895f918652ccbb3b2f3a46198403b22321e7be

                    SHA512

                    2b1583c3549e36e7e215e41d4497e5f92f51e54ccb013bee0f94efcebfcecc617acb85eafd083bcd4c29ef0f25a1320d9f6b556f173857279f09915bb5bfda76

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    5c05065b8c25f2bafd438d2524b540b7

                    SHA1

                    d0ced1598e670451a62debd0acce63f6dc5c787d

                    SHA256

                    a0f2a222eb9362006817b95f2ac7cbd945ff48a257d741df82bf65f63c65c7a5

                    SHA512

                    add6d4a437ad6a1408f07e5150fa0ed0f4718d3a9a5f596c4ea65936231bfba818149c8de8a2d32e422ab1b6228b32e8e3dec2c56a7a1e05097142184554a923

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore.jsonlz4
                    Filesize

                    1KB

                    MD5

                    7755d76f00ba9b896e20f7e6ca4f64e5

                    SHA1

                    52154f3621b99e345109e647302469fbb409ddb1

                    SHA256

                    ef5a2a05e4379a78322474897811418677daf67aede488d6e23eb8dc36d99cad

                    SHA512

                    4c958859abc0366786bb4ccbb793dd47a2762b18d28423509da5a44b888a6588f030d3a7af78e840047e8a7bbe89cb9f8e12c4e89d38b12e9dc7e3951ec07ac9

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    184KB

                    MD5

                    6fb529a6040edced72255baf206751b3

                    SHA1

                    d86a9e27b28d30d06bf0134fc1f1dbe1c8eddde2

                    SHA256

                    0854a410ae1d03645fb10f650df8a76657332b00ebb80a86b3a2167e305fa970

                    SHA512

                    b62f30ad4cd0801c044258e0c16ffce4a945f4f94b1352caa03aa5639c0d7efc971e6b32bdac81eeb79d02715dfa4deec490f2e385f00b40008edaa6addc4020

                    Download Submit

                  • memory/2868-0-0x0000000073B4E000-0x0000000073B4F000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2868-2-0x0000000073B40000-0x000000007422E000-memory.dmp

                    Filesize

                    6.9MB

                    Download

                  • memory/2868-1-0x00000000004B0000-0x000000000057E000-memory.dmp

                    Filesize

                    824KB

                    Download

                  • memory/2868-125-0x0000000073B40000-0x000000007422E000-memory.dmp

                    Filesize

                    6.9MB

                    Download