Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
09/08/2024, 10:34
General
-
Target
7016e51b381e388a9c40161b54de1a10cf649cd5fedd759f86c87c9df74be8f6.exe
-
Size
3.1MB
-
MD5
3fbf8e562fc9bd7e1aaee9cc8e0a46d6
-
SHA1
c905f30afdccc6d7a35ff94bc3312fd6aa699a86
-
SHA256
7016e51b381e388a9c40161b54de1a10cf649cd5fedd759f86c87c9df74be8f6
-
SHA512
799ee93198e9da8185b01bd9afbe75385212ea58ae4672fc3c7912af6db5d808c1866960ce900647ed0b72a7ad65cb408f00ccc163253d8304de4a5946cbd743
-
SSDEEP
98304:LHDgQwTph20Uef2xNfa7Xz7AeRspYup2:LsQwTph2xeONfSzDUYup
Malware Config
Signatures
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
AutoIT Executable 15 IoCs
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\7016e51b381e388a9c40161b54de1a10cf649cd5fedd759f86c87c9df74be8f6.exe"C:\Users\Admin\AppData\Local\Temp\7016e51b381e388a9c40161b54de1a10cf649cd5fedd759f86c87c9df74be8f6.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07a2f3c2-bdfa-41ac-823d-705cb059b832} 928 "\\.\pipe\gecko-crash-server-pipe.928" gpu4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {971cf9b9-8729-43c4-a492-3571ed313619} 928 "\\.\pipe\gecko-crash-server-pipe.928" socket4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3340 -childID 1 -isForBrowser -prefsHandle 3312 -prefMapHandle 2912 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c4caee1-5e90-4b9b-8c63-fc99ff841b7f} 928 "\\.\pipe\gecko-crash-server-pipe.928" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3640 -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d6aff5b-3a0f-44dc-a2d7-a9575d0d7abc} 928 "\\.\pipe\gecko-crash-server-pipe.928" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4052 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 1696 -prefMapHandle 1532 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91354c29-75df-4fdf-adaa-62275295aa8b} 928 "\\.\pipe\gecko-crash-server-pipe.928" utility4⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 3 -isForBrowser -prefsHandle 5536 -prefMapHandle 5552 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e76d5f6-9fae-46a8-9de8-738f65b41b63} 928 "\\.\pipe\gecko-crash-server-pipe.928" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5688 -childID 4 -isForBrowser -prefsHandle 5724 -prefMapHandle 5716 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bebb464f-3272-4f33-83ff-542155bc600d} 928 "\\.\pipe\gecko-crash-server-pipe.928" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 5 -isForBrowser -prefsHandle 5944 -prefMapHandle 5724 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8004fc6-9a1b-4d9b-bf17-fa1223d70559} 928 "\\.\pipe\gecko-crash-server-pipe.928" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 6 -isForBrowser -prefsHandle 6140 -prefMapHandle 6148 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de771f96-f5c0-460b-9edf-e812b81327fb} 928 "\\.\pipe\gecko-crash-server-pipe.928" tab4⤵
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD51574571f5d452918e903674fa177219b
SHA10006078735c8a328b6354009a0528d9e91507aea
SHA256381340243ab9f0ff9b1154685f21ec5c63ad6e6fd436168058cdf87ab6a26b45
SHA5124134ded8652871cd705e70cb1458975d6a28f30c4fc76b9b2ca08f870ca20b2c0111b8b46ec17b3c28556bab2b4f787ee9cc0dce96ef2f10c06adcaddc8dc808
-
Filesize
13KB
MD53a4e15c80a5c035998eecfe41e310253
SHA165ff953caf185f0a60c918f9734401acd5f4dc26
SHA256df5dbee1c1b9fbf8feef44821a22509e75adf7ec5c837407a98696fb45890d13
SHA5121409fa72035175f943a43ba02130a17008e07f1d822b0074c37cef8c380fa13185d06b56d6ee11d0885ba5455cdf11fe439a073de0e567e5544a3936aa388cf9
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
10KB
MD5f01f07236dff500bc67d54e6eadd7663
SHA18fea9dceca631faaf1c0255858b73df639bb0605
SHA2568c9fe5d563ab70b623a624e7b9d9540a865957392530ce7e65f64ae54432b14b
SHA512afb0f7bd0056b1990653ec47eeb7773c5ec567f246ff2cdd551e2e3ec87ba650cd4e993f58681b4c8a24a429437fb7fb723ae419d04c2230bf41877bdf666b6d
-
Filesize
31KB
MD5726df59225e27d250d4345b2fb6a7999
SHA1b082bb1df823a9c14a9d4e51c2e5967640ee1184
SHA256d7923e4f2d337b772ed439a8aa016eea645738630b31f547aa94001b11d5790b
SHA512359387320241154698f1cfd909549df986f3adb30a52cfcb1d792411ad8cd415518309a7e28c6782eb9c5de2a15636ae1f0c4aa64f80d7910df69c143d159a73
-
Filesize
6KB
MD596cf2efab0acd4ede712c17c94c2fed9
SHA1ec135dd48e13d07d6d6e4b72ec20fb1ad33f67dd
SHA2564e96ec8027ed708f89e45e6fbbd8cc57f55dde6f88d12ae3fdf92dde8c459cf2
SHA5129905bfd4c7caba420f862210ee0ee9f86da6a59b5c1b10b98d04a74b25f88b14463eb2f0274990a032ce2058028431b3622993a81f4a4ff2daddaf250d84c4ef
-
Filesize
32KB
MD5918faba31b4bef02e5f870cd8698ed95
SHA1a3feca2ddf0f4a001034f7e9f3f86103b33f0071
SHA2560c49979a530858956a12ee695aa2d0293cdcb3d40daaa9eab410bf42a28a46c8
SHA512dcb957576f68f12c27f2385c0f0c7a30966dceef60a3986cd69246d4b41fdeed82fbf97e72b98c25869344497bc78b812c7c95100fa8d6f7bb3820246f1e4025
-
Filesize
5KB
MD560f011a8906a4400470499156ae5e9a1
SHA1b2afc69fc0b2d9b741dc1684a035399bb03855c2
SHA256cd2a3fa405eee4a88ebdcc4496984ef30dc3ffe122727aaec44dbba21ec54ed5
SHA5124d750e9c3e83e3cb768258f5e4f700d7418f3b6ef67e89fbbaed6f4ce097dbae8f9c910234721c987a4d84d69e8d4459918382acd738411d30d3a9d2040f10c9
-
Filesize
671B
MD5b07f8979980220e8cfab04d483b2d826
SHA109b2aa9bc2e15fdc3b99c9aaf29f4b9d18f69ffe
SHA25618d0e59bbd3db4869e7e6c84f0bd87e09c540a01672f65b26719d0d60e3b22a4
SHA512888d6a99f0455c5c7e8deb4d42fd0fce98671b338a6d1e9275d71c35a27006ca27d0b699f07dea4ecfd1a6123c27c3fa1b2d425d7600cf7d947efd6f02cfe345
-
Filesize
24KB
MD50a5836bcd5d4a35320cc8f75301ea74b
SHA1ab726a1a844f9c0080e4c0dbcd076faad6a508d0
SHA256729602e0ac3805303b0cbb87ef326db88cb3554eb4b4324b0265faac686b288f
SHA512f1cc417f899e1f121be110649a7d0983c652e4b78d1011263849119a3f3dca60939fc7b2474cdf5c52021f048fd3a3bcf4d59d98bfee0906a32020f10759dcb6
-
Filesize
982B
MD5c5f0f36bedf8f16e09f5443dedbba668
SHA15fff5f77d7e71e7de670b5fe5b348e4741e31e61
SHA2564dedf4847ca66eb1a05a7db6222d1fc1da03f0d86c7d4ffd67f70b6b63c9b639
SHA5126013a779f7a2a49ab2851f8750d8c4f0fe8f4b5b288a8cbbcb7a80728cdd3c095c85e4ff03248dd226d53d15fbf395d018f3bc10e6c809434e3d51d88c6c89ac
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
13KB
MD57544e539c417caa273bad420923e9c44
SHA1348ccb45617ae39eb7e45ce8c951b63b975bf9b5
SHA256cefd6fd4a32ca9ddd7ca42e60c3d5fab0cca8cf09fa6f9046131dd4934c1c58f
SHA51239b40dd8feb99893ef4f20ee91579415481e394ccd08e4f67b9d8a1df107f64afac27d1fd7df24036077cc26c9dca6c765ed6805b45eca418041bc1d6eac5abf
-
Filesize
16KB
MD5aa617892e7f1fe33786390641fb9c5d4
SHA19a74d2569a0947b075183a2bdc3484f984ff662c
SHA2567caebb7cdc3debf25f752b628e67c6ba59ec89565bbf1fd865e4c5edf54e5228
SHA5125c338414ac342f743d5b6235cbc43544326592e949606fdf475c5515e3b3d19ca2f5ff60d137b6690bfe04c372237faa6ac5035c5316f0c46e6891ba2163706a
-
Filesize
10.9MB
-
Filesize
10.9MB
-
Filesize
3.8MB
-
Filesize
10.9MB
-
Filesize
10.9MB
-
Filesize
10.9MB
-
Filesize
3.8MB
-
Filesize
10.9MB
-
Filesize
10.9MB
-
Filesize
4KB
-
Filesize
10.9MB
-
Filesize
10.9MB
-
Filesize
10.9MB
-
Filesize
10.9MB
-
Filesize
10.9MB
-
Filesize
10.9MB
-
Filesize
10.9MB
-
Filesize
10.9MB
-
Filesize
10.9MB