Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
10-08-2024 20:07
General
-
Target
OpenSnap.zip
-
Size
22.9MB
-
MD5
6e78ceafcb98d694ba62fde82f5ad043
-
SHA1
bd306e12a50534c9cb623903a01ccb3a92b7fdda
-
SHA256
b263410b6d6f98e5798d11af7bc3f35315210e82c25ad01dc53211141bae36a9
-
SHA512
f28a34fdbf6ce4294bf16d98fad93587505bbf751b251ae0e1a754012f6bf634aa6e4c377620d14e7306d5caff592ea2b1e72d51e64f2aea1f8a31c6c6b9b410
-
SSDEEP
393216:A5xbF8wjYu9OpPmuV6jYadN5npHvzlvVeVvjlLQqRDPWI9pF7aJb/xtp:A3p8Pu92J6NN/HRv+RLF9+I9raJFj
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 14 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 33 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\OpenSnap.zip1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e7cadb5-2193-46cf-8201-64b2501f6825} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2388 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {256d3db4-fc04-489a-b62b-0289df04321c} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2816 -childID 1 -isForBrowser -prefsHandle 2808 -prefMapHandle 2824 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8a2134e-21e3-4b26-b86e-68d9b5e0c68d} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3044 -childID 2 -isForBrowser -prefsHandle 3868 -prefMapHandle 3864 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {160e7282-682e-4541-929a-9cd4097c8cff} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4780 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4696 -prefMapHandle 4756 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae8495af-1fde-49f6-a177-2fa30732a5c0} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5368 -childID 3 -isForBrowser -prefsHandle 5364 -prefMapHandle 4784 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f07426a-999e-4ad7-8ec9-7a77b0a9740b} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5360 -childID 4 -isForBrowser -prefsHandle 5500 -prefMapHandle 5504 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba767509-fdee-40ac-98e6-6aca83cccf98} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 5 -isForBrowser -prefsHandle 5784 -prefMapHandle 5780 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80a6075c-d5e7-48f5-8695-d93d82bc3dab} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5024 -childID 6 -isForBrowser -prefsHandle 6260 -prefMapHandle 6252 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4d5b4ac-64e9-4539-9674-7bd63551e021} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5000 -childID 7 -isForBrowser -prefsHandle 6428 -prefMapHandle 6432 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1088 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {949f4226-37b1-498e-aac4-b7a172e35fab} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6652 -parentBuildID 20240401114208 -prefsHandle 6440 -prefMapHandle 6644 -prefsLen 29276 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cedf1fc-3794-44f2-bbeb-41d5624ca396} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6472 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6708 -prefMapHandle 6704 -prefsLen 29276 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {130b8e0b-a0a8-4c33-99d1-d4382d58c302} 3112 "\\.\pipe\gecko-crash-server-pipe.3112" utility3⤵
- Checks processor information in registry
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42KB
MD57dbbe12181ad230cb64ae1a331979133
SHA1faf11aeb897962fe5eb0c9e8a12f80c09ecf6cf7
SHA256bc2fd97a1b92ebde23e3864fda66beb8f9668d59934f7d51e1cfcf746afd9ace
SHA51204cda62b0f514326758c3d72cdb68a8f138a64a7f5f460028e804f82ce4c56e64f8826f3c461e46d0721858a39f7f118709139983cf83ec5cef48689434b1bdd
-
Filesize
111KB
MD520ef1e910f98d0627ea2f26e106af4c0
SHA153f0439329b7cd2058cb1ba471ad26d40c681ef3
SHA256b61d3e3b227b6d94ff276184b5a24148649d55cba2376088f6af61f19e073f5e
SHA512986b7fd9fc1871bc8b46dfa24f939a51c8001f8c96463ef33ed8233f3c85ac1627d8f7413f1c197bad7683b917c2d9c7dae6c3ceb9c7faa595b90f417b316309
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
7KB
MD5ac3303310c734a78581776321fbe3be2
SHA10e4f14e3b119ce2be6311a8f6c05475492a51b38
SHA25642f1ecef89682fb2faef4660892eeaba68aafd40193dc3d9787d4425caf28ecc
SHA512d4b0aaeed4c8cba0b555fb0ae535880cf8a08df60f04353eedfffe9dd434c1f4cff05c2cbd2a390faca1cb659a656e874aad624c80fcb216f6807e76cb9cc1bb
-
Filesize
20KB
MD5262f3cd2946ebc8ff5eaf57a7e7f1a4e
SHA10593680bfd4d588c3fce9c94eaffed30ab8ba098
SHA256c577532e7d5edfc38f2b7028b5cfa823e8edb5b1c3376d121bee48564a1d8ae8
SHA512fc3c532172e19c6cb1f760662236bf8cfa7c955b3cd81edf49064e825a1467d63bc0b57b9781d50c8138a6a51ec2bf91024e58c1a3452aaa8cfc162e38eec26d
-
Filesize
7KB
MD567cf09250360d06d6120434659a920b3
SHA15a69370955aba6ce61f37865e38bc3544a6fd37a
SHA256f892914e752270eaa5b7c435d0975624bd5737cae8803f91b0a0e042de69eded
SHA51242728d61f0473309ad18cc00ed82e784a55f50a81f6064a7e882ad39cadae3eda74a58bd5e6e3221d18740cbd28a8ff33302932cb04e1417fecc1831dc2cf639
-
Filesize
5KB
MD51cddd2ecc9a8b153c669d50a808bc69c
SHA1179dbd69dd8ee499c41c2bf040d6c88a86e8f815
SHA256d06d56d69edc5105ab54884bc2d91a7d16109820d102d47cd47fe4a0a5df71d4
SHA5122e20aa50ce6668e8eb2e189cf99bd9bd5ed9364c1c18b6f59fd8e0ce3206c2315aebf1629953a0abd0bebef2d973836f2917593a6b78cf863fda6c64533702bd
-
Filesize
6KB
MD56dd3f56a2066ec665743f01aff3f0e45
SHA1876ad8184652ba7aba2980ac114a55f72ce0b822
SHA256de8a2975bd17e233c58ebd3849576cfb9364064cff2186622406a02be14d117f
SHA5124ea39fc046ec8380cd70217871564ce6a57617ef69d6693cb5705d74c6e3a902a5b3fe0b44b925baa62cff40e6f861761797a397455904dccdb78a7bafe812a5
-
Filesize
982B
MD520e4416bf2f8a578fc7829d48179c9e9
SHA1745faf1860afeedc26d454601e77de3eb829b42a
SHA256e67411c8ac55f42306ab70fbeacc8cb26925b08f736ed886180624d8af59a608
SHA512b84aa8be39a872e04004a5c80c3fde1eb34f071be40d5c7ecb5d1de842cb295a5c2294287b81533636da9a4e90bf0575a291f4549375cf2c129f5580a4f374df
-
Filesize
671B
MD5a3aa47724043d02b29335615c6f07e09
SHA1a52c69c8e48eaca47c2ebc549d58915527e0f8f2
SHA2569a0f879fa15d653195c52a3d7d8fec23f634ef61f141566f6c9a1085af1d2eac
SHA512b2cd76b8acf002aeb6751546f0e7e4d43e4d080d88cecdd27e40950ee94592c03f9cb375684a1ce1b29b0218a5cb05c9e4c8a4fd8edcfe1d0417b338772135dc
-
Filesize
23KB
MD5a1241d5bf064e9cef0bc6abe2ae267fb
SHA1fd1f3a4f039160c50c5717d615258fb57cf77adc
SHA256d553c65cebdbe1e5ec3ea076db6e245257277871414fe58aa8527d17b69f01b5
SHA512d529edc1182be54f18712a23f96e55bcf9e28cfca715a3a1ba17ecb9863ccae08c6d184bd62028c0ce6ff859aba492048e03487dbe836c685f17537caa18225b
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD563e5be5dd1ff770c06107adb435b9cd2
SHA11fd60b652f812317de194e84698f4064ff4371c3
SHA25697922f53391e6beeef03bbc05409e46741d44e48c3d8a8af3524c6159682196d
SHA51270f9a8261eeffdbd7e31d38137a0fb98864af612b3c8dbd9e0a81a09b2179306cf767466398b01e98948cf98493f7c64e472a79238e07ebdf63eabc4d21833e5
-
Filesize
12KB
MD5e6bb2188a153322e669a56c798e7a188
SHA11b14a992fbdda743ebd90fa354a7c32b7af1b8ae
SHA2569c5bba6e0c2d1a60bc32b45609155aff3d17912816cfb9ffccbcb463f264be25
SHA512e4c6fa0caf345b5007603e8374e00c99f6f1ef800bba8c019b7d6393681e7afc29d3a4faf81a8a056fbb967809347712f92b0d74868c92ce777a49b99c98762b
-
Filesize
10KB
MD588d39c16892c7e85dcd9818fe584bc43
SHA11557e0a157fc8e8569285a49b30c7f65fff74b92
SHA25677efb23de71bbb17677df7d6432c70a0be7855ca31e62d99ef009d26290d5a74
SHA51233f0988128b96472a6056637c2628e5c2b6e7726f4c0977d0d66e2c698d3d98a9d03302d1a4a96dc1ee463e4b0c28e5a48ed884ab337a5daca52fceea59e0627
-
Filesize
228B
MD5a0821bc1a142e3b5bca852e1090c9f2c
SHA1e51beb8731e990129d965ddb60530d198c73825f
SHA256db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2
SHA512997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be
-
Filesize
1KB
MD572d620d2d5d25dba334cf46f90a2068a
SHA14b464f48a6be44cdd474fc84a4190cf8dcfe972c
SHA2568b169a788c9eae67717b7a06bd22a4fa4164eac904c58adbcadf655df5c15b78
SHA512a45fcf9c1ba5938c07d2104c70623e94266da177ca26fd52d8e458b3af23f3fddc8e55a35499937c341bd44e22edc9cb5e42bb603f911e4aef06bb5ecbffdcb4
-
Filesize
48KB
MD5d13096010a731a865011d3fd16450708
SHA10ebc18f4372d0fb705c8bc9cd152c5bbb095395f
SHA2563b36533e0fcca427a1cf51b70e2af034d47a923fab0bf6b3da4f54757c93135c
SHA5120ded9ad85bc9832a8596868757bba94c9a18db9e6aa2cffb8d73a829f16e3b573fb01f518afb6830dbe24bfd644c80dd90706d2987c69419159308a2675b982b
-
Filesize
22.9MB
MD56e78ceafcb98d694ba62fde82f5ad043
SHA1bd306e12a50534c9cb623903a01ccb3a92b7fdda
SHA256b263410b6d6f98e5798d11af7bc3f35315210e82c25ad01dc53211141bae36a9
SHA512f28a34fdbf6ce4294bf16d98fad93587505bbf751b251ae0e1a754012f6bf634aa6e4c377620d14e7306d5caff592ea2b1e72d51e64f2aea1f8a31c6c6b9b410