Analysis
-
max time kernel
300s -
max time network
301s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
07-08-2024 16:11
General
-
Target
sus/PlutoniumSpoofer.exe
-
Size
708KB
-
MD5
09d28477e145e9f96f2e87bc588f4093
-
SHA1
c9a21e758dd4005c10d7573559528fec628afb6f
-
SHA256
a299e09ffab3dda1df1be4338beaa501f0d4f0d58275dad9fc83d8b971a9b1b2
-
SHA512
951363162b385f09945a8cb5e9ec81fa922fd0cdbb2f84bc41262b3d3dfac855cbb7683f3f10c59be0f411440b1da6725b039102b90e71dd4729086ccc969cad
-
SSDEEP
12288:dUj3JSpmaxIephPrYDKGCgfdcqvCoRts:drNZeDKGCgfdt6ow
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\sus\PlutoniumSpoofer.exe"C:\Users\Admin\AppData\Local\Temp\sus\PlutoniumSpoofer.exe"1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f0ffd55-5c2c-4fce-90dd-d14091f43425} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2376 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a6c9a56-05f2-4683-ae3f-9c11944e47aa} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3204 -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 3148 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63e9ee09-b2fb-4595-bcf4-fb302324ed75} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3768 -childID 2 -isForBrowser -prefsHandle 3760 -prefMapHandle 3756 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3db82556-f6fa-415d-a65e-79a158eec892} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4652 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4664 -prefMapHandle 4660 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dad8d87-81e7-45b6-947c-d6c6e833d67d} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -childID 3 -isForBrowser -prefsHandle 5300 -prefMapHandle 5288 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb4c21f0-2b90-42b9-aeab-2126f6f84929} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5284 -childID 4 -isForBrowser -prefsHandle 5460 -prefMapHandle 5464 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f94717f2-c7d6-4c79-8880-b21dbd8ee372} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5652 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5724 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e210384f-23ba-4cc9-9c1d-0f078c3781a5} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6128 -childID 6 -isForBrowser -prefsHandle 6120 -prefMapHandle 6112 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {355d5a69-8c28-49c8-9245-f6d56d8f1d14} 4488 "\\.\pipe\gecko-crash-server-pipe.4488" tab3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\sus\PlutoniumSpoofer.exe"C:\Users\Admin\AppData\Local\Temp\sus\PlutoniumSpoofer.exe"1⤵
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD528df963c88836df10a200a7f3ddcdaf2
SHA112c9058ad17a0a186021a145aad09fd32bb8fa2c
SHA256d61f44cb34af871284be7ca4dec205a1bf8ca747b2efbdb84a14e7df0ae3e85f
SHA5126c55ee17008aad1bec0abfd8ad48d5d86b3d371b62eed0418a1351ac1c747a1226fdb3edb46480d6da4bab9c7dab3a05bc8958cc7e83cfe00419afb7531cefff
-
Filesize
21KB
MD5f6449b1467c1d31a35982bc2c6d7e074
SHA1e61d88c67db3d328d2af447e469b4db4555be517
SHA25670fe6dd0670c0ae4bbd6fe3b0849175c1c60a3e0dfdff2548ad803fc8d2c2f72
SHA5129b78345f978012307e058a4641a45974dd3a1c4f2e6159367537494107fd8164983ecb0e0898b161fee3b40ad234a9368fc3f89a549adacefd84a5203d0c6dec
-
Filesize
21KB
MD5c2f08eb6df317ce4fac167413443453e
SHA1fbe43cbe53d13cc2bec285bc066216819951838e
SHA2560762dd2fe6053eba0b236a44c82f05a087bb40d24c31a8e94d915c2e6782c2e7
SHA512b8f606739e08ebae458c4087a842142a2b5fd65679c92dadeaefbdf38372905d727f31a1679e8766a1ebe639bbb618dc9a8a5735f9d730696c96d5a5a259dc2b
-
Filesize
10.7MB
MD545c2438e7beb4538dc1232e0f01d38a0
SHA13a2f45eca88203eab1479ca81df44d3fdee6ba6e
SHA25647a2695a9d8e80bda9513338b7e5f2ab398080cef1cbe91e3bf9d52ce1a79556
SHA5120bc9be7462d76d23abbd7e3c5ce47426c7931980a5cea7928a8c95fd72e0e4b6d2f4c0f65d7d0572f2817b63fb0d6a43f18fa92d36f7386369d4956cb50513b5
-
Filesize
5KB
MD542d36375592d5b2a1ad225020bb2a4ae
SHA197b166b3b584566fc00f26b3434559e1b373b95a
SHA25678935e5607d82114095c01e502341943d9fc19407851ae4ba2efda698b48d328
SHA512ae6e3697b19703b650a5b5c462958089e0d9aa1a9e6565f7a607d0329771a2cd28b1fe5b0b1290ba25e9d18804dd32b89928d5cfddbe50233817182a11082ae3
-
Filesize
5KB
MD5854c47ced968d242bd34567ce0e467c1
SHA15bd09db64b6ba2c996becce09484c2f93eb844cb
SHA256f392b8c17ebfa011558e9ba21ef5de3c04797e11e8f861e67c61a6f5302d224a
SHA51217a9c6545c09c4896b78e50e230ea84d5c375800bb8409f6750407c50ec6672cf28ff1e186a6feb5a1a2cad0fe60f34054cfa456910192a7a859f49988902cdf
-
Filesize
16KB
MD5b941011a89886a74b59568c742364f95
SHA12c70436658e9ba88761a9c01c3b3e5aeda822586
SHA256724ae2a53b6c368c928b65716649ec30c3929e05fce56cbeb05cc102d82517a3
SHA512e464c72d5b81746d9e4a0e093cfca6cf089009b1bda35b8b1e2f5d13b28bb0d46f8efba3d393b86336eaffd682df5b30d7e927101e1db62b72f7dd5162861687
-
Filesize
25KB
MD52271bfdc7abf65f309b2c319f9223f0a
SHA1a9f2fe25e6118edcd638d60feb614f24f40feef6
SHA25663e65f7a788a4444825a95c4c9de59cc914ce3490ce51949f9b6e4fde91a0957
SHA512936fe39c41e4c39176a9cdc9f8a9e69ad42e8665fd8684db37720c3266ca438934281d3cf6b45fbeac23527dff4768d6cd21edfe12ed01ec5d3ef5142de19d5e
-
Filesize
671B
MD5be9be6e5f9e5c38bf18ffb0378dbafde
SHA1302df40671dd65c8ed53e0536324c1214c34e711
SHA2560d05a7bbefe6535b30ee987a7e8b468f763a299aecf47951c7288f397af7c6b0
SHA51268b2b65dc32fe0403d6b8b391efea263ec1ebe03ed67c3d43d3a641449de5caa2c6906b3988e9844f6d1dbf04b9e0b927bdc53170e48a13a8179f2224035209b
-
Filesize
982B
MD5b4b0d4ae9c0ba97c5b9f472cf33dc36d
SHA1a1b06268c5d1eff46a5e7fd24bbaf451aad5117c
SHA2564163f2b168f519b6e8e1682353e3109bf06d193e12a57833a0b85b255a0dec52
SHA5125e6a0093aafbd46bb0fdc782d9e31d4e08a95004ca44ec43433379360fab5782d9c346f8531d4694eaec94b2d98133e0ae8f62fb599e077be624d3b9267f73b1
-
Filesize
11KB
MD55cf9fcf9e7badedd073ac60590e64866
SHA173eb3e7b91636ba324da654760fc05f85b2db258
SHA2569049ec5a7028c586b45817a369b62ced1ddab870fdab7c1eb0baa0019be2d88e
SHA5125ea4ef25d5849fb61a2e937adacbbd0fb7b49dab9766d654506de470da5c91387c091df05eca3d1e8c073f5f014f23d6ddbee5ee9a81c9fdb5e5b6ee76fc7ab7
-
Filesize
288B
MD5948a7403e323297c6bb8a5c791b42866
SHA188a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA2562fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA51217e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
472KB
-
Filesize
728KB
-
Filesize
584KB
-
Filesize
5.6MB
-
Filesize
344KB
-
Filesize
624KB
-
Filesize
4KB
-
Filesize
40KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
4KB
-
Filesize
7.7MB
-
Filesize
7.7MB