Overview

overview

10

Static

static

10

1/0178b79b...bd.exe

windows7-x64

10

1/0280cde4...60.exe

windows7-x64

10

1/08b76206...65.exe

windows7-x64

10

1/0e4fc438...91.exe

windows7-x64

3

1/0fb86a8b...05.exe

windows7-x64

10

1/25898c73...8f.exe

windows7-x64

10

1/2c2e9491...3c.exe

windows7-x64

3

1/2ef0f582...2e.exe

windows7-x64

3

1/39884fc0...82.exe

windows7-x64

10

1/3a72ecec...8a.exe

windows7-x64

10

1/3bfcb4f7...71.exe

windows7-x64

10

1/4103411f...f5.exe

windows7-x64

10

1/4e0fdb84...95.exe

windows7-x64

9

1/5297372f...33.exe

windows7-x64

5

1/68292f38...e4.exe

windows7-x64

3

1/6da4696b...e5.exe

windows7-x64

7

1/7021c9cb...78.exe

windows7-x64

10

1/752f5cc5...60.exe

windows7-x64

10

1/7c7cded8...0c.exe

windows7-x64

10

1/97d29ffc...84.exe

windows7-x64

10

1/a306cc84...03.exe

windows7-x64

3

1/ae1a168f...74.exe

windows7-x64

7

1/b13f2364...d6.exe

windows7-x64

8

1/b2a1d168...9d.bat

windows7-x64

8

1/bb29aeb6...bd.exe

windows7-x64

8

1/c8e5a24a...f5.bat

windows7-x64

8

1/c9736cdc...97.exe

windows7-x64

8

1/d58780d1...a0.exe

windows7-x64

10

1/de19e016...d0.exe

windows7-x64

3

1/e886016e...51.exe

windows7-x64

3

1/f0f496ec...f4.bat

windows7-x64

8

1/f28599b0...23.exe

windows7-x64

10

Resubmissions

11-12-2024 15:32

241211-sy44nssrdm 10

09-08-2024 21:57

240809-1t1vfs1cpm 10

06-08-2024 13:01

240806-p9f97szdlm 10

06-08-2024 12:52

240806-p3672stdkg 10

06-08-2024 12:29

240806-ppa8fsygqr 10

06-08-2024 12:26

240806-pmc92ashlh 10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06-08-2024 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1/a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe

  • Size

    1.2MB

  • MD5

    81d3df03a7bfb9112626bdcedae6df90

  • SHA1

    ba206887aa11de8e1b405e5a18bd04568e2b5693

  • SHA256

    a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03

  • SHA512

    7580b5dd5452afba147417685bf9d42816c7f32af9496e4f8dec519c0abbb9578206a5e432c1b884abaa0b9870c198b8d0c7d109b43590d95ea855bff6a59a13

  • SSDEEP

    24576:EqDEvCTbMWu7rQYlBQcBiT6rprG8aLS2Sbly7TWEPje:ETvC/MTQYxsWR7aLS2dW

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\1\a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
    "C:\Users\Admin\AppData\Local\Temp\1\a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2548
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2580
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2580.0.283364585\149256230" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1112 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9504475c-a9da-4ad3-8afb-b3ee97246d12} 2580 "\\.\pipe\gecko-crash-server-pipe.2580" 1312 85e5d58 gpu
          4⤵
            PID:2848
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2580.1.179822482\114018045" -parentBuildID 20221007134813 -prefsHandle 1528 -prefMapHandle 1524 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bc0fcb4-2b8e-4f14-935d-bbd782fab411} 2580 "\\.\pipe\gecko-crash-server-pipe.2580" 1540 d6f858 socket
            4⤵
              PID:600
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2580.2.51610419\1100274002" -childID 1 -isForBrowser -prefsHandle 2180 -prefMapHandle 2176 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 636 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffd881ee-f0c9-4366-bf20-54a5c9055f69} 2580 "\\.\pipe\gecko-crash-server-pipe.2580" 2192 19a80d58 tab
              4⤵
                PID:1492
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2580.3.144404157\811775447" -childID 2 -isForBrowser -prefsHandle 2576 -prefMapHandle 2572 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 636 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d8f2663-39bc-452d-b258-41073ee6e918} 2580 "\\.\pipe\gecko-crash-server-pipe.2580" 2588 d61f58 tab
                4⤵
                  PID:1752
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2580.4.210157548\2093025261" -childID 3 -isForBrowser -prefsHandle 3880 -prefMapHandle 3604 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 636 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba399955-340d-492c-b647-ecdd470e65d6} 2580 "\\.\pipe\gecko-crash-server-pipe.2580" 3892 20bdc158 tab
                  4⤵
                    PID:2376
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2580.5.2020134921\1153148497" -childID 4 -isForBrowser -prefsHandle 4020 -prefMapHandle 4024 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 636 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9efe6c3d-7083-4ac6-a841-4b6b023575ae} 2580 "\\.\pipe\gecko-crash-server-pipe.2580" 4008 20bdb558 tab
                    4⤵
                      PID:1656
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2580.6.375453108\1464695439" -childID 5 -isForBrowser -prefsHandle 4140 -prefMapHandle 4144 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 636 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f688ed58-b61b-40d1-8685-573a191b276b} 2580 "\\.\pipe\gecko-crash-server-pipe.2580" 4128 20bdc758 tab
                      4⤵
                        PID:1708

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  38b8c7b3cc5d1fea48ed2e0a0633bc58

                  SHA1

                  ed7ce76c4b38dd0f96086ad69ee9d15ff3a15863

                  SHA256

                  f1f38e24ca26dbbe6411ceeefb4a8c5407407e2d5ab39626eba9e1ccc440d564

                  SHA512

                  11ab791d98a6679af4878bb053cc7feea3bc8a44abf356b3cc19d1859ff3618260a05bff1dc085865341c807448301b4488c4c7212e072449c01e154befe8f55

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  d6c38af22f9b27264c6e2944b2a82799

                  SHA1

                  a23e1ffdb9cbd0256d6d9ea79cdb2797b8ca5d0a

                  SHA256

                  c3a848b8aab3db6905a01fad9c31e5616ac1583c39b1d672111988c323b57a0b

                  SHA512

                  dbba5039c28e78199c545d08b49c1c0f617862302afe408d7e4cd7c2697efb436900e3739b5d6081074a015e257c761b32812cf2df2207e197b23788426c5c6c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\4da35d57-aeba-4977-9c0b-66bac38c9c39
                  Filesize

                  10KB

                  MD5

                  97c32e3e133b46299e95221b1cdfbd2e

                  SHA1

                  67657d1f0e19d27083a4c4e1d3590380b91e676c

                  SHA256

                  da568bd99c542b0ecc04e50dabbab44553c0908a1ea9a957a184a2398272f6ed

                  SHA512

                  297f267417efc117039235a9f30c55782e42f92a20fa0f4dbe4d2c939b1ce9a95049932fbb38dafdc71d3d65d505ff9d6571306263e128a39d9fa9362098fa3d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\dc4a0487-38df-4a70-b32f-bed3d4fa7449
                  Filesize

                  745B

                  MD5

                  56a55aba849ca8e19b556b166f1cf08f

                  SHA1

                  7297875b89d1b98674d66ceb26a7de6d1de69c97

                  SHA256

                  d51b3a82653cd1e9e2455166c6dd151651906f954a141187a89251882c2148ce

                  SHA512

                  869c87f64f4280fbd9210dd3f8f36ea9c06ce36ff35effe27dd51faa219accefcc8c61572f319d294a8bea508d6b47acbb46d21f187a65732083869d8d646e5e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  aa5e4ef546c3631b7e2b3a980ae71cf8

                  SHA1

                  1054a37b5290b30a357a20677ba799bed98eeffe

                  SHA256

                  23ee3242e6d390fb80f4cd39511703e8c82b4d7646121fd380b5cfe68027631e

                  SHA512

                  a2dabdf09f187a96c1cf24d946307a0febc73352bfa3d1f4c2f920b9bc9d38395f75f7517596b5fa98c58de0c8f70fcbddd4927dceae2b469dc4ad5c2308d187

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
                  Filesize

                  7KB

                  MD5

                  0a864bc9b9867e1103c778c6cbab5389

                  SHA1

                  2b6379246d3abb904dae455009476ea408f8bed0

                  SHA256

                  73a377303c48826ce7e3f392a811ced4e87774f2c048cbfddd06f7f0b4dc5732

                  SHA512

                  03008fdd869f05a683a4ea56e1ba41d2915a299e0b86e3dbe51c91c06077e4993ea4a9f750f22b102448696b61fc0a0e028b76c0f3ebe0a4874cc1e8ba5152ac

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  4KB

                  MD5

                  0232702d20cfdf52a789ef60c3d6943c

                  SHA1

                  9dd513cc0c34d100bc2b9a2d14d5e4388e317306

                  SHA256

                  c25a56053de83ab929d7caa0fb092cc5f8f9c9561c6a23a88a3eac77ef0a714e

                  SHA512

                  6d09b22d86ce7a780e36ada593c2cb5f0ab719727f7c47ec6616cd88856fec6505007207d46def557f66dde2c67dbdcb29769786451f2b7cd7dca5bff87015b2

                  Download Submit