Overview

overview

1

Static

static

1

http45.151...xe.txt

windows10-1703-x64

1

Resubmissions

24-08-2024 19:10

240824-xvmgnsvarc 10

24-08-2024 18:56

240824-xlh3wstfpb 4

23-08-2024 11:21

240823-nf4mza1bqc 4

23-08-2024 11:13

240823-nbkz3azhrc 10

23-08-2024 11:10

240823-m9qsjashrq 4

22-08-2024 07:12

240822-h1kgyaxfpj 1

22-08-2024 07:06

240822-hxesaaxenm 10

22-08-2024 07:00

240822-hs54nsxdln 10

22-08-2024 06:36

240822-hc93patara 8

22-08-2024 06:32

240822-ha293awfnl 1

Analysis

  • max time kernel
    163s
  • max time network
    161s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22-08-2024 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http45.151.62.96setup.exe.txt

  • Size

    29B

  • MD5

    688fe12c2f39d3d739a04e6c89b1b22f

  • SHA1

    e2ea25ad47861e77b912026839666d3a99f5c90b

  • SHA256

    35e4cca77e38bd9beaf4a33c97a6f2464ca5ff63bbcf59831bd829b4683fda3c

  • SHA512

    f56694118d4adee2e0c65fb28c3ef86bc5db032656e2306e02e0f5b19706e260f0505ee97f5068d07ae5149a410a15eccd3ebc758d216a5549d7dc0de52834ac

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\http45.151.62.96setup.exe.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:4268
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:872
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3996
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3996.0.2096159257\1709983842" -parentBuildID 20221007134813 -prefsHandle 1660 -prefMapHandle 1608 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a63e1b9-a7b9-40a0-8b17-4d31a72e259c} 3996 "\\.\pipe\gecko-crash-server-pipe.3996" 1780 26176cefe58 gpu
        3⤵
          PID:4156
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3996.1.1594929175\1450284070" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {291d75cd-779c-48dd-82ac-18794ce0f2d7} 3996 "\\.\pipe\gecko-crash-server-pipe.3996" 2136 26164772258 socket
          3⤵
            PID:3192
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3996.2.661812669\251537008" -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 2704 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdabb7a6-e30b-42f4-a842-f3a5ad92ebb7} 3996 "\\.\pipe\gecko-crash-server-pipe.3996" 3068 2617addd258 tab
            3⤵
              PID:2308
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3996.3.796156188\1948201787" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ba17a96-79b5-4991-9c73-205053beaa08} 3996 "\\.\pipe\gecko-crash-server-pipe.3996" 3532 261795b9e58 tab
              3⤵
                PID:5112
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3996.4.485723784\1035440219" -childID 3 -isForBrowser -prefsHandle 4308 -prefMapHandle 4300 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c92022bf-b996-44b1-b467-be34448ae2ea} 3996 "\\.\pipe\gecko-crash-server-pipe.3996" 4320 2617d051e58 tab
                3⤵
                  PID:4276
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3996.5.1603556108\719845781" -childID 4 -isForBrowser -prefsHandle 1524 -prefMapHandle 1496 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf0b52bb-f302-4d04-80f0-aeab978624ef} 3996 "\\.\pipe\gecko-crash-server-pipe.3996" 4912 2617d1f1358 tab
                  3⤵
                    PID:3792
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3996.6.410845911\383053360" -childID 5 -isForBrowser -prefsHandle 5092 -prefMapHandle 5096 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c871252a-a8fa-4f23-bec0-1082eea25da0} 3996 "\\.\pipe\gecko-crash-server-pipe.3996" 5080 2617d1f1f58 tab
                    3⤵
                      PID:4420
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3996.7.795855376\848055594" -childID 6 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50ebecb8-3581-4cdf-a587-f98ac5302c31} 3996 "\\.\pipe\gecko-crash-server-pipe.3996" 5272 2617df51258 tab
                      3⤵
                        PID:2684
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3996.8.1316352098\518543852" -childID 7 -isForBrowser -prefsHandle 5696 -prefMapHandle 5692 -prefsLen 26593 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f4484e4-77aa-4141-be9f-6561123f9a42} 3996 "\\.\pipe\gecko-crash-server-pipe.3996" 5704 2617f203258 tab
                        3⤵
                          PID:4032

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      158ed3fcec63186c59cd7c91384db84b

                      SHA1

                      e6a1927290e917449f67a177fef3366e4279d5f1

                      SHA256

                      069e3b8b399f07a470ca215c219d55319468004ca1267156cf3792b97f549ffd

                      SHA512

                      3cb70b51e044482ab45e5cd259185cca702a1fad71fafab32e2a158420d3a954c29a503306cce8f7c76ef53432e6b367f6b12363e828df354e3a3e034e2ab5d9

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\876f4449-51e3-4105-835d-d1bfc541cad5
                      Filesize

                      10KB

                      MD5

                      783b86bfd1f1f6171fbe688671817c83

                      SHA1

                      8670f973cc0bd39706d559780dea76813110fa35

                      SHA256

                      ed534a067bc0c441550b60f32da3d8c53df99939aa164822f0b2e17db252e109

                      SHA512

                      bfc52bf723436b3402757b791aa0176cb09db1187f8fcf383e765039a71a7bc912a7f4e73f62944cde55cc058017788628f06884e8d4b9bb465dfc58fdc13e83

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\9638bcb2-09d3-4e57-b443-c556f1169c39
                      Filesize

                      746B

                      MD5

                      6dc01f25d4748875cc60ba652dbe3d3f

                      SHA1

                      9cd88c8d0e5a85cb8a853fdab30011dd48058603

                      SHA256

                      461d78962a693d8fe55396b15fcb5f3fb9df2a3c55176bb1b2462e6e8db988d1

                      SHA512

                      3a0a37609a148c30cbe5831d1044fd157e913778a888700a19696fd055ef1cd8b6eba35934ae1c7552ef2b61f7d5b1f27a3960a3c7ecb41c84ec284713413db8

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      d8499ac2d843416528b5ae1515c22764

                      SHA1

                      052a8d8cae9ec563d1fe17f0f0029e6f67f91923

                      SHA256

                      03d3d6f3c9077c1468c062156f859ac765f3ac91e917d5f9dd6b25579b7d17df

                      SHA512

                      8ad177b05930e8efc043527dfb5052c39b1eb932626dbf108eb099dddb5d178db955f2755299625bd3e5d61eaad9ced85e0c55207e335584a7fd5055140a7a8d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      1367648c25feae20b0995fd87da1ab59

                      SHA1

                      13771f2180421fbe9a5e7d69ea925e4a608b4baa

                      SHA256

                      055b86dbe7d9f6297ce178b20232ede0c83984db7792206b4c12abc9b03ece2c

                      SHA512

                      bc8689be477962b196f9763e824fe206e201a9d436973809aec147d7e48aa8320dc253361672b53a2d170083d87631322ccb5c9605b2579b033475dbd93579ab

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      74151f1ee6dd8d4b3a94492fbdee6777

                      SHA1

                      551aeef8c04511fc4a140a50674bdf53dc49be06

                      SHA256

                      c4953ec162bb532dd9140260119deb9c7986dbf7dd8856a3083c18127ae351bc

                      SHA512

                      94d6b9950ad0bb2acb8f6fb044840b4e430489723e49f762a788ea926b2ca7d85a037987582c118bfb1a5d833d335e6c0c7ac3e73a2473e93b61a07b0fc755c4

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      4KB

                      MD5

                      77f207056d6736fab5bf89731ef2719e

                      SHA1

                      1216b564affc57e6915ce5629123c37c864d1a20

                      SHA256

                      86463d3ef0e075863a281e1a0c641fc0965b548a45af99b738ed87b7b9fea632

                      SHA512

                      0d781daf6e11600ab1f794515faec93a1901db5838d8c59396e39a22fb2a64d6953d992fe76ed3b0b72c5bf47096d6cbcc640ed6c25962dd8501315fbf5ec27d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      3KB

                      MD5

                      cc136984a287e0e55203cdc5ea2f327c

                      SHA1

                      59f2b9c2e871359fe56da1ad919e2b77290ec1a0

                      SHA256

                      6ef0bbae258f5563cf4197a946f8cd185474241a0c4a9fc13f55ffeb3473f38d

                      SHA512

                      f89f772429f6ccb30684c8644ad5a7769d3fca84d93c400eb85f1e480e9e62c4105e683acf511b401a062a620baf747cac404bc6d2bd67589b799339d7a05bb3

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      4KB

                      MD5

                      cb2be33963d5aba0436b55f2fd4f89a6

                      SHA1

                      8087872153ddee7c8bd7c834bff43de506ed9a70

                      SHA256

                      d066461ae40a1d5c3f905a512f738538b1d41362e44ba303698e90f7a813eb4b

                      SHA512

                      3337bb105b3f643d97bc59a4730ee94145f5dd92c3d7319512ac06486b4ff5cf032d357c414452ad11ed364262520aef21f8e8f84d314dbe5751f3a9c47bb6bf

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                      Filesize

                      184KB

                      MD5

                      e7d901ad03d22078f4c42ecc83c3bd45

                      SHA1

                      13ffe2ced2026e6b99c39a96d006c7832a72ba17

                      SHA256

                      fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

                      SHA512

                      8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

                      Download Submit