Overview

overview

7

Static

static

7

vax.rar

windows7-x64

3

vax.rar

windows10-2004-x64

3

vax/hm whats this.exe

windows7-x64

1

vax/hm whats this.exe

windows10-2004-x64

1

vax/logs/l...29.txt

windows7-x64

1

vax/logs/l...29.txt

windows10-2004-x64

1

vax/scammer.exe

windows7-x64

1

vax/scammer.exe

windows10-2004-x64

1

vax/vax login.vax

windows7-x64

3

vax/vax login.vax

windows10-2004-x64

3

Analysis

  • max time kernel
    536s
  • max time network
    647s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 17:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vax/scammer.exe

  • Size

    11.0MB

  • MD5

    d395aef1389ea5a0b621a159803b43a7

  • SHA1

    8564f7619a2101949aad90f368df2f0ef14c16e2

  • SHA256

    2546d9f28d9c1d28056dd8f99a953e7e6e2aa016007d00dc59c3d3f9f31ca695

  • SHA512

    effa11e8cf10379c24295f0fd38486851f7e3cf5dc3b9b357c0811abf3259e0c968351a3270ae1df5562d8a73c1cddd6f61f4c9e7aa90bbe7fad7f2164136208

  • SSDEEP

    196608:2vdhw2Q3zNTjVD7b4TyVTjQve/Q2AivMqne2COhve3R2NMDaugcmsFHSQ5d:2yzNTV7bpTjQvWQ2AivMqe2COg2ODsNi

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\vax\scammer.exe
    "C:\Users\Admin\AppData\Local\Temp\vax\scammer.exe"
    1⤵
      PID:3668
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3076
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3272
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1948 -prefMapHandle 1636 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63943192-b43b-4636-9733-ddccbea98395} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" gpu
          3⤵
            PID:2740
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {762f4019-38a9-497f-a985-cf58cef0898f} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" socket
            3⤵
              PID:1020
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3100 -childID 1 -isForBrowser -prefsHandle 3280 -prefMapHandle 3092 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fb3738b-d98a-4f97-bc9e-95e82edfaa3c} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" tab
              3⤵
                PID:2352
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4044 -childID 2 -isForBrowser -prefsHandle 4036 -prefMapHandle 4032 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dbcdede-4616-4293-8f07-fd127dc9640a} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" tab
                3⤵
                  PID:4604
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1504 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 1436 -prefMapHandle 1500 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6213387-18d8-48f1-901e-bf97ee66366d} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" utility
                  3⤵
                  • Checks processor information in registry
                  PID:3444
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5192 -childID 3 -isForBrowser -prefsHandle 5188 -prefMapHandle 5180 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17aa7cc4-a2e3-47a2-8a9c-5ecf7095c517} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" tab
                  3⤵
                    PID:5668
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 4 -isForBrowser -prefsHandle 5344 -prefMapHandle 5348 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d757f8f-3095-48e7-a819-08ccd01ab171} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" tab
                    3⤵
                      PID:5680
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 5 -isForBrowser -prefsHandle 5536 -prefMapHandle 5540 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa558606-e945-47e9-a926-bf7e323cbcc2} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" tab
                      3⤵
                        PID:5692
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6316 -childID 6 -isForBrowser -prefsHandle 6284 -prefMapHandle 6248 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {684948b9-a819-4f1c-8c2a-2f4566efdf26} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" tab
                        3⤵
                          PID:2056

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\activity-stream.discovery_stream.json
                      Filesize

                      38KB

                      MD5

                      7b0c9cd5d75ff7f89271bc85571bf5be

                      SHA1

                      44deb67f6f58d9cb015827c96510b657eba232c8

                      SHA256

                      482f06316fa008ab7817618136677abf4fb6da7c8a6c646b957bb5220d28aa11

                      SHA512

                      17598741644d50bb696badb96296c400f7e629775592e2cc03635731343324474d6d10dbec034945f39cdf696822a430e060d74f6c53006dc1bb758db17e4e23

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                      Filesize

                      479KB

                      MD5

                      09372174e83dbbf696ee732fd2e875bb

                      SHA1

                      ba360186ba650a769f9303f48b7200fb5eaccee1

                      SHA256

                      c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                      SHA512

                      b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                      Filesize

                      13.8MB

                      MD5

                      0a8747a2ac9ac08ae9508f36c6d75692

                      SHA1

                      b287a96fd6cc12433adb42193dfe06111c38eaf0

                      SHA256

                      32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                      SHA512

                      59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4MTDEJLRLD13O8LN9JDY.temp
                      Filesize

                      7KB

                      MD5

                      f1b11ccaad4003de2c27f2e35f69ff7c

                      SHA1

                      2836c773155be407e5c594d372607fe695a8200b

                      SHA256

                      7f9fe148cb72d30a4ef97938b5cdf8d4881bd0866109ce23485572aa9935f1df

                      SHA512

                      7624562e57177b05be5d8d4f94e58e1799074119e1f85df5792621a41cca68e58aa800993e36b7679f611d931005f6f4f5249f7a0a56294cfc9c9a33d1e595d8

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin
                      Filesize

                      7KB

                      MD5

                      31cda56d9f63d182c620f6ecd9dff355

                      SHA1

                      0e753ad9f24e1dd13eae695b993331ece2eb51b6

                      SHA256

                      c057c3e9d1abcb24e7fcdeafaaed6c7c2eb2a237c62b77db8651b5b9a3567ed8

                      SHA512

                      bff529172010c4f7edc9ab64c83df0fa2f0a351a19a550fea73f1441be49df0466394fdfc0886e0240a40ae3ce4ba0b40e7adb14611a830e35fe4e2bf3963f45

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin
                      Filesize

                      12KB

                      MD5

                      9ddbafca49459bfd184ea6f8dece53ff

                      SHA1

                      eee368a44fa363532e8ebb0b059a130ddc908b02

                      SHA256

                      ba93e3a7a1c180899f672ceab1c13fa2ec10c7f328f70b6466c5035bb68f573d

                      SHA512

                      ff40cd252cafc57cc1f1bbc856ab7ec6ce2cbb036ac2a28333b0d8c76bf35c1f80010c29fcd4ce209d7218205b297df3904dd60f1439a03106c2e520f8d3919d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\bookmarkbackups\bookmarks-2024-08-19_11_2GxRujYiZcnlpEJcTnMLXA==.jsonlz4
                      Filesize

                      1007B

                      MD5

                      a48f6c92c707d501aabd41be38ac8155

                      SHA1

                      56c49e256ef8f9665a21bcf9c27afca0c89bb87f

                      SHA256

                      4a86885385ee3e074e484b0217520366a7d954c395d0cacd4ac0f03832f932e5

                      SHA512

                      0b321a7bcfc7da5fedd48692f66bca266f2d9ea4197b331b3492118fd355e6a8e58d9f7f9a7e2746c64bb443fc945fefd3c1517c27c23e65d1fde3cc813c77bf

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      5KB

                      MD5

                      4902b6880c10b1bc426ff4ff6e6475c8

                      SHA1

                      c91f2ce0039b139871868956d5df99fd1350bc3a

                      SHA256

                      581b262d350f97749c267bf4f22de1c597fce535567afcb4ca56662999ab307a

                      SHA512

                      7d69d0412d53a6c54371d30796bd634235152a3f02732f763e425bd907fe87230456fe1e761a6d42110b0e6e5c813329ab3b4628db7e00fcc5e31ee655185c3a

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      6KB

                      MD5

                      6e102f238a0afa5566367b12dd222398

                      SHA1

                      e757f3f7e35c020b6b6fe72669ce45c4f86819af

                      SHA256

                      0f16001fd0339f2b715edc043cf5e46b85ae38e4dce19d0698dabc3835d01f62

                      SHA512

                      ee1f69d34776c08ea77ca98712b4b4b5f2296f794494d1a024adfa8a2e317de5e3802ce7b03a60f52c9a766a5e6fa884e016ff6a0302a51f9092a9cc354f52e4

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\295353d2-ec7f-47f0-9b00-e80c7b4c9c95
                      Filesize

                      671B

                      MD5

                      0ee7646eae26bde754172703b1a4cf49

                      SHA1

                      62611a44f777050ca480e575b55b28f99fc989fd

                      SHA256

                      049f4209dabffec515e4c89414b1cd757e0c4144b10ad9451e66e82df2b58a86

                      SHA512

                      29b14167fbf06ccc186d130a5367584c0980f509e0fa2140b17042b11c0d0f0c4551b43f928763ee50cb1cc16ea39756fb093aaa79cdf5fc00075e5316399c04

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\4bb6a1ef-d82e-4c74-860a-aa2d9764492a
                      Filesize

                      26KB

                      MD5

                      10eae42ab793db8ce255b53cfab08810

                      SHA1

                      60e941487c72fcdee0eac931a68e6044d92cc159

                      SHA256

                      80c266ecc164c3df66a9532973017ed88ea5f03a07c882ef6f9732190d952908

                      SHA512

                      d20a292040434ea186b9ba138ee5101e34790ac3bc3633dc1cb1c36f01fc36d5e3153efb4b26b8581f959a2970304c4f2b40b7a309529718e1de97cc0e619e71

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\f681ff98-816b-45f4-aebd-613f75db9097
                      Filesize

                      982B

                      MD5

                      f19239a5978e44249808aaa004ee19de

                      SHA1

                      ff286e46446c80919bac8ba7203cefde12554104

                      SHA256

                      b87d7bd1be3d0ec336ca8891654aa7bae89cc92c3257d8e8623115a9bed17c86

                      SHA512

                      98efdc1a54d8582132f09a476a9bfc76bb82ae3205f813b6ef5ca3b6907f37c43d4de1903b80ce638cb3cacc3eca409cb54381b60fc4fcc78a9c5f92fe0e31df

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                      Filesize

                      1.1MB

                      MD5

                      842039753bf41fa5e11b3a1383061a87

                      SHA1

                      3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                      SHA256

                      d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                      SHA512

                      d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                      Filesize

                      116B

                      MD5

                      2a461e9eb87fd1955cea740a3444ee7a

                      SHA1

                      b10755914c713f5a4677494dbe8a686ed458c3c5

                      SHA256

                      4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                      SHA512

                      34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                      Filesize

                      372B

                      MD5

                      bf957ad58b55f64219ab3f793e374316

                      SHA1

                      a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                      SHA256

                      bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                      SHA512

                      79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                      Filesize

                      17.8MB

                      MD5

                      daf7ef3acccab478aaa7d6dc1c60f865

                      SHA1

                      f8246162b97ce4a945feced27b6ea114366ff2ad

                      SHA256

                      bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                      SHA512

                      5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js
                      Filesize

                      13KB

                      MD5

                      058a9a1ac6e7c044eb757fffb2a82218

                      SHA1

                      f5fcf3fe86a8714424bf6a2911c51c06cfae7f5d

                      SHA256

                      9eeaf0a2d4aa9fb9475b8dea7985aed6fd8fd39e71dc947e8e5a597ab1bcb6ce

                      SHA512

                      533f915ca77d2941cdeaa36a0611f576d9b71f5cf96179f221a14ae9848e828f621c89f3da98611c621fc0c2d0ec90d708aed5a37128d83a8821d3ff4418c648

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js
                      Filesize

                      11KB

                      MD5

                      4e8aeb2c994e1c0359209941439e0e46

                      SHA1

                      ad5ab599aad7d1e00fcbdcecb67c41c3232a8e44

                      SHA256

                      b1a35161b6ec1ff5944bcf9a1bb80943c85cfec4f6073eb9daab3cf80c4accdd

                      SHA512

                      00cc36ede4a232019304856fab46bdb60a0dd32b7aabb34cf22ba2f8a5dc8f099c677820eb5041a1c15a7e92a842182a532d1da6728e0145d00af1c54bf690d0

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js
                      Filesize

                      11KB

                      MD5

                      fa1440b03ada7132af5e33d24b6861be

                      SHA1

                      4a299c3e6601b45dc01a2e1889c576fa4ecdfd12

                      SHA256

                      9b3ba91b0189015e34b86fcab7d426980b77dbe2be5fbc13a9ebe5303c4a18db

                      SHA512

                      c627a7a1ad838cab2d76b4694717e2f581befcaecb0cb319b8ab0ec7472d0005126c221f3466d71e283ea3ff37f61a5e9ae026769e7e5fc7dba86c431b9e41e1

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionstore-backups\recovery.baklz4
                      Filesize

                      3KB

                      MD5

                      98b7d59b66e899cab63c2b82f1493476

                      SHA1

                      6fc5e2c0bd3a0d0479a5331ee27e5e2b5b82fc26

                      SHA256

                      3199bca04815116790e8dd98b1ddc45d4f50709146f2005121a3a499dfce8b2e

                      SHA512

                      5f0e2c0418e487cffa9d01b45a7d3d322ef6cf7f4dff921bdf528639a1a901cd7b917eea0b735c18ddaffe77ac2de5a5f4f75edace8665dd45f2c2ec0cf16927

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                      Filesize

                      584KB

                      MD5

                      b099d477f4cb1ad769c4245d3b0c62e4

                      SHA1

                      f65151ddc12d1690c1b806571688ff5ae09314f7

                      SHA256

                      242b9c2d6fdeeb4bf5267d56fb95c3f1b107a7b48670e2def5b64de5c1a336e6

                      SHA512

                      563bc0dde66dfc343caec6c6df16758c1babbba35b51ce553eb22600e88d5d2fc2adead3a9208f7f2cfe2523abb842f49f5ccd9a652858c6b183bf6571206083

                      Download Submit