Overview

overview

1

Static

static

1

playit-win...ed.exe

windows7-x64

playit-win...ed.exe

windows7-x64

playit-win...ed.exe

windows10-1703-x64

1

playit-win...ed.exe

windows10-2004-x64

1

playit-win...ed.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    195s
  • max time network
    302s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/08/2024, 05:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    playit-windows-x86_64-signed.exe

  • Size

    3.8MB

  • MD5

    ad52c8ea185fa0141ecd813c0638ad98

  • SHA1

    dfeaed6769395823f67b5dde6f324e2836c05863

  • SHA256

    9be57640f4d5f4943ee40f159ba2c6a947f0760e399f2b55f1f4dffe47ca97cf

  • SHA512

    699552d55a424bb84706b796d9f741487ba5d42ac3c74b58d4c97ed132e8e1dd33a16b4a14cb1f206c131997e6b1577b989c3f1ef8135b113396573027ff73cd

  • SSDEEP

    49152:0ZwY52DRAZBpGIuBusSfP1o0QlQ3wjWwpyZ//A7ma91EOhn9B7lYrKUYXfATZ:PZI5A+w/E4zx7UYYTZ

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\playit-windows-x86_64-signed.exe
    "C:\Users\Admin\AppData\Local\Temp\playit-windows-x86_64-signed.exe"
    1⤵
      PID:4692
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4340
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2832
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.0.1615133977\1368730766" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f1df0b4-7d80-4890-b92d-6a298507a4bf} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 1828 1ce770d9758 gpu
          3⤵
            PID:3932
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.1.1157885153\413268927" -parentBuildID 20221007134813 -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d32385fe-d78a-44cc-81b2-0cbd3c32195e} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 2184 1ce64c71f58 socket
            3⤵
            • Checks processor information in registry
            PID:1636
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.2.1369080036\1023439082" -childID 1 -isForBrowser -prefsHandle 2808 -prefMapHandle 2816 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1112aa6f-aa81-40bd-bd8e-6b8e5ddbb5dc} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 2880 1ce7b29d758 tab
            3⤵
              PID:4172
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.3.1007708663\836225911" -childID 2 -isForBrowser -prefsHandle 3396 -prefMapHandle 3392 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9bb8b0f-b244-4916-95a0-24e3467c4461} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 3416 1ce7b8d4e58 tab
              3⤵
                PID:8
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.4.822573330\2057268957" -childID 3 -isForBrowser -prefsHandle 4392 -prefMapHandle 4404 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a88757d1-26d8-4d4c-a150-34668fa7d2d2} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 4432 1ce7cedbf58 tab
                3⤵
                  PID:1436
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.5.1414146978\807838126" -childID 4 -isForBrowser -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {49c57078-20de-4f8a-abf5-6c75d0ea8bf1} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 4852 1ce7d5eeb58 tab
                  3⤵
                    PID:4412
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.6.1521254232\1683359458" -childID 5 -isForBrowser -prefsHandle 4996 -prefMapHandle 5000 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {939920be-8740-4f1f-ad82-ab72c7f3367a} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 4988 1ce7de2b258 tab
                    3⤵
                      PID:2308
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2832.7.1927775994\1372189955" -childID 6 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1368 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {49e32304-53d1-44ca-90c0-356a39272767} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" 5180 1ce7de2eb58 tab
                      3⤵
                        PID:3016

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    041c69b690b88d38c08eeb7e134c876c

                    SHA1

                    8e055de8cd72c590f85efc4878859a3d4ea0f4a4

                    SHA256

                    9d949a9f5fb65adef49ed1c818e0a7512cf7250369bf0ce478625800a2ba0bb1

                    SHA512

                    6b3d0a5de2649d52a688cbb2ed2d96bb9f4536be10d1f0363996b7f5bcdadb9a192785be399d67d7a40f654f514a6311bf3f327b4d81f1d75361b3989cdb41bf

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\972bb9b2-aa38-4ebd-870e-4ebcecfaf3b9
                    Filesize

                    10KB

                    MD5

                    fb5d63429769ed1e857f1a3278cba35f

                    SHA1

                    818951cb117b50d7a32b62152a89b3e6c77abd0d

                    SHA256

                    85925a55203681f46061aa38e7fba022982d3ab48f05d7409f80bbbecf6710b9

                    SHA512

                    851da16f25ffe3646c749e5c4ce0951d77293935bb4367369fec691ef78de6ee1150de68521c5bf305f48e01a05e81e359e636005e76a9b28c53710459f1b466

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\dc7de032-12de-4700-a0ed-238ed4be5870
                    Filesize

                    746B

                    MD5

                    2614ec3978e2b577e147df80b114f60f

                    SHA1

                    0ed9ab1c5b29b2b41d88fc7eebdc17211224e4e1

                    SHA256

                    32745768c957ded5a75bab8733863c2d0def55d5a94b0f4ce56fe44f4729745d

                    SHA512

                    4fbf88a147a6ac91d4d8eaec8862d737b73c7a9d889f516937a9d6c5f1ed8d362a1dba0ea33a8593e80a75bbce0f70af09e100f56ac5e7a4c0209c0cff8a76a2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    5eb04932278217859f9f5577af47fb06

                    SHA1

                    1a726d52c4c5fbf5faf9d7ac350d1b1145e45fcc

                    SHA256

                    9416853a519733070a6a3e4f52f9c7f991fd6cb7c77d85a4e8bb201ee63e2fcf

                    SHA512

                    08ebcf40ef6efaaf70327f54ae02077bb2aaf3716031f11dba628c269557ef5cc0ec8cc2ded790c4ee227f557fb1aac2a87cc372dafcc3f641101dbbc834fe4c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    989B

                    MD5

                    bc735fa94d2eeb576546aa7bce5f5dfc

                    SHA1

                    3d50f963ec592f6e45f1e8e588b2ad369f8f688d

                    SHA256

                    0b4171629557def32a712c0f95d54a2be13292d8f9d1113dc0a0f67489c97dba

                    SHA512

                    e9ca6a1a4fde5e7e361f0d6057e2823ed24a56f96a03845bc7effe58b757545e1a368ce1de6dc8620a8f012fc7002c612d13fa2448cfebca7c9dcbd7fe2e4760

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
                    Filesize

                    915B

                    MD5

                    fd2d723403fa58752b5af4d80b31e07e

                    SHA1

                    37eaf4a563bc6d170698e305387bc8ea5a68ecaa

                    SHA256

                    b5f8afb4f42039e7e60ffc844ce266bfdce18ada5f1ec32cf21a5df42c078536

                    SHA512

                    b55a92ec3b6faf23d461157f40b8654de786dad8d54a7f46384d77c94eab4c815a7a1efcae48e2335ed8b248db7acaf6f7ca2af4e702f93d0f530471f1728e7b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    184KB

                    MD5

                    7f868e557b098795d645df9ea302427f

                    SHA1

                    001f3306144559b4049a8ab139b4139f51e59c0e

                    SHA256

                    b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5

                    SHA512

                    56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a

                    Download Submit