Overview

overview

3

Static

static

3

YimMenu.dll

windows7-x64

1

YimMenu.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    32s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 06:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    YimMenu.dll

  • Size

    10.9MB

  • MD5

    41d76421a9c20982899813245cff990a

  • SHA1

    418782c1785c250e1eb279b791534976e1168944

  • SHA256

    450d9950734137cca73b99b74ff3285ec8d47bf954d8497a0940f0b885cdb906

  • SHA512

    0334d4a0bdc45eae74a225ad907943dff677fe1ed8837f3f645bddce94cd17ea5d0618e1a99b690fadf91b82f485391a894478d94d074091a7b94e6bd933351f

  • SSDEEP

    98304:51TxBH4nHm4ux0dxwrrLKNAwuT3h596x3qE/k/P:51TxZ46xrLKeww596x3vs

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\YimMenu.dll,#1
    1⤵
      PID:2604
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2620
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:2864
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:1708
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.0.1648786348\1648811918" -parentBuildID 20221007134813 -prefsHandle 1264 -prefMapHandle 1240 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bfad6a9-d788-47f4-ba08-0efb6561106f} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 1348 42d4558 gpu
            3⤵
              PID:1196
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.1.1498123207\1564739946" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63a19f0d-0b9a-4ffd-9d05-e440ef97a9db} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 1532 420cc58 socket
              3⤵
              • Checks processor information in registry
              PID:1688
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.2.848143114\1662325019" -childID 1 -isForBrowser -prefsHandle 2016 -prefMapHandle 2012 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e428936-5247-4c76-abb0-43c8f878a8ee} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 2040 1942c458 tab
              3⤵
                PID:2580
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.3.916398742\613008845" -childID 2 -isForBrowser -prefsHandle 2416 -prefMapHandle 2420 -prefsLen 26151 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdcbeb92-5411-4317-84e3-5e01218fbd51} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 2436 1bb07658 tab
                3⤵
                  PID:1976
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.4.448660401\123498811" -childID 3 -isForBrowser -prefsHandle 2632 -prefMapHandle 2636 -prefsLen 26151 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d824c958-70e8-4d19-a7f1-a4cd5ce95e46} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 2716 1bb07958 tab
                  3⤵
                    PID:1896
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.5.1892737771\1444146111" -childID 4 -isForBrowser -prefsHandle 3800 -prefMapHandle 3796 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7389a21d-d9fd-475e-bb46-b34491a8ea7b} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 3812 1f61e958 tab
                    3⤵
                      PID:2500
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.6.331928132\1652968357" -childID 5 -isForBrowser -prefsHandle 3924 -prefMapHandle 3928 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0004a0d1-2cf0-463f-a875-d96ecc23c617} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 3916 1f61ce58 tab
                      3⤵
                        PID:2564
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.7.859103136\1486976032" -childID 6 -isForBrowser -prefsHandle 4104 -prefMapHandle 4108 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6d1bdc7-e876-4b12-b322-1f6531e740d4} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 4088 1f61e058 tab
                        3⤵
                          PID:1184
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.8.1044140477\2066743290" -childID 7 -isForBrowser -prefsHandle 4404 -prefMapHandle 4408 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7368586-bc86-4fe2-af14-870b2797e280} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 4400 22ddcd58 tab
                          3⤵
                            PID:2772

                      Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x07tfuqf.default-release\activity-stream.discovery_stream.json.tmp
                              Filesize

                              44KB

                              MD5

                              d108790ddec1ca6ab0e23f81246c8ad2

                              SHA1

                              e15f4c2682dde7428d720e96d80bb0e815a31098

                              SHA256

                              9a43b3d85dda7ee0d22f2116ede122741b0300b3603f286cee43b226d7ced006

                              SHA512

                              4dcf4b2820f8928188b568fc18f507f3c54c97f3f17988793390b9511de88b8343d18fbe718b3f54912f9deb7c13452c59af6d83494c1e1778ca4adfe3b52cc6

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\datareporting\glean\db\data.safe.bin
                              Filesize

                              2KB

                              MD5

                              b3f199ab92060fe4ff5fbfa06ccdf708

                              SHA1

                              b796c7ed2f6af2f57a9d73cd5ba59acf72fe0f3d

                              SHA256

                              be9952cbda490bd45ec8a7a65a1d86e028b64638462287753167b0f75eed012a

                              SHA512

                              452b3bc2b8bc61edb56a4460c3ea46d527f46478727cf1e29f5b03ea6b1365fe0612181b43e8f445252f50a7573989eda2ce0b70c79583f9b13669142c65f64c

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\datareporting\glean\pending_pings\038464c2-d9c2-433d-aeca-a17d36a20404
                              Filesize

                              10KB

                              MD5

                              8c0401d0cefe9c92807796383398996d

                              SHA1

                              4721e8e6fb0be0f3a70fa98437e3569b1cc70cee

                              SHA256

                              a7da72ff2a936ad7c53d4fb80cff9070233a90ed4bbdf724151dbe6e66bb2f27

                              SHA512

                              00f7f1127d84b5667af0229f11a08b541a2f839a30484b9e36d5004ed12f69564d62aee92aeb89a33d4a9c714b7400411fd7c8f111d123151bda27b4da5e0df1

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\datareporting\glean\pending_pings\8d512eb4-da0d-4623-beea-a3de5e83259a
                              Filesize

                              745B

                              MD5

                              88e70d77ccd9a5a68d90a3294ee0ca24

                              SHA1

                              2e138ebc97d4aa6b2021838c414a8184516b0f56

                              SHA256

                              a27b1ffce88a77b500d5c592738e412e3e2f32d4f992abbcec50249ce448faf5

                              SHA512

                              e36cd81b5d05d82e2c3bbae1ade3db684e479d6ed47f38e3b32cb592e68316c79b21f5a34e9da09376a0257dc7a908cc58281f3dacc04fd69b9f96e64f8b59e9

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              8e6611ebd41169b3d4442556b3e48edf

                              SHA1

                              980ccd407283ffc1d6503eb56500ea45b8fc10a2

                              SHA256

                              be2bff4390707d08bf06c6e362548c6fd18f72458bb48eb2915d5ddef8cc622e

                              SHA512

                              30c67a515e967e1de803c7f342e4db59c6bd24e28b5192a2b1bbf2ed8807f22602daf9a4da4e2af0214936211caab63603cae2dabc7827a073196507c5334468

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\prefs-1.js
                              Filesize

                              6KB

                              MD5

                              13bda2ef402312457d46cdb157f99afe

                              SHA1

                              36b42eb27942ffc1cfeaec0832aa84c03a4324ff

                              SHA256

                              3040d68b4237bbf08707259ffcb6e7d2733a6252edbcd532a913caad826d3663

                              SHA512

                              62270ff079beef42c8adb8a3760a81fa08b563ca3e03d9cd196720be5f585f669affaeff05acfaec682245acfa872574febf76189393147c0e97fc8ad9ee9d5c

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\sessionstore-backups\recovery.jsonlz4
                              Filesize

                              3KB

                              MD5

                              38147f710dbac07b71fce089d9863d30

                              SHA1

                              960dbd9c667c4df1598637ae0b73524e5bccd840

                              SHA256

                              9970d0182ec2de9496713c2a84771e6982084d66763ceea4c50b3e8b91b1ad65

                              SHA512

                              3583df4f80f5c94f4a0dceb5b13028609158063e0e132579c61554ec1aa827e68d5ba3746ca390e9f712264bf42c2068fb7f09dd7bdf3f68a8a057b693518b2a

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\sessionstore.jsonlz4
                              Filesize

                              4KB

                              MD5

                              ef901b02da908f328b21aeb16672c3d0

                              SHA1

                              716d835c00c13d2efc5e5945a96cc0c4d9cf4c24

                              SHA256

                              bd576927fe75be20c65f426d96401915f0e801db9dedb3e026d5a0b79a9d4901

                              SHA512

                              7ee2f003d4d0c89ca7b7b604fb086075a558f6d4f0c331a991f142680041107dd8b64c543ddd956a7f8486a34f4455517d6b8f721430aa513a0a760a7b03dbaa

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x07tfuqf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                              Filesize

                              184KB

                              MD5

                              0e543d89f272def2edd184d7e1efd8c2

                              SHA1

                              d6e5a31e08d86108531c8a0b71d5774631ccacd6

                              SHA256

                              3798651eb6edaabc1df92fabe1ae4c67ca4a93a034de89fdeee91566db455650

                              SHA512

                              d176112a029adbbf62f6a0fcfc8794bf2b555c41b926e8909998309840b0a393bf0e0759362ef3c6c002f4a0fd3703ecc1283b19336e9d643045657a0f0704a4

                              Download Submit