Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
22/08/2024, 20:08
General
-
Target
SQLi_Dumper/ChilkatDotNet2.dll
-
Size
5.7MB
-
MD5
6990f5076eb51ee135492ba5ba619b72
-
SHA1
a8d4941d4ece23faafa231e53d2a1f34a6dc0302
-
SHA256
6733f1b7daf40076ffe88dc8a88e23181d1ba449d6e5bb36a5325b4353849460
-
SHA512
d1d3ab75a7be7e56116a0ff5d9b98f51ec3fc3ac1056f5ae6c526ef742bd5a209c587389a7ab857b882d656c7e812d684baf3b126b99161b0b8593f5f764c747
-
SSDEEP
98304:basYNDl+jj8ttP3WjOc630ASp/YMZP0Aqs:wZl+jItR3Wj60rqA
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 39 IoCs
-
Suspicious use of SendNotifyMessage 18 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SQLi_Dumper\ChilkatDotNet2.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SQLi_Dumper\ChilkatDotNet2.dll,#12⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f9df1a8-84ad-4a43-a43c-dc34f33ab51f} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da5c3dba-289b-4a6e-aaa2-58782e76d3cc} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1544 -childID 1 -isForBrowser -prefsHandle 1676 -prefMapHandle 3024 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73c090be-3ec9-4a33-bc5d-e6bad6657f47} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2968 -childID 2 -isForBrowser -prefsHandle 3304 -prefMapHandle 1536 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bbc420a-9779-42bd-96fc-d83ca8225497} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4736 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4716 -prefMapHandle 4720 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {478f78b4-4bb7-435b-bb95-c3e339ca8b0f} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 3 -isForBrowser -prefsHandle 5544 -prefMapHandle 5556 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cff94835-5438-43da-afde-5df3d7cf5ea8} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5728 -childID 4 -isForBrowser -prefsHandle 5412 -prefMapHandle 5408 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e64ecec-20c8-4468-9d9e-dd21038a4c1a} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 5 -isForBrowser -prefsHandle 5424 -prefMapHandle 5428 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc14e443-88c6-41d0-8c05-c230def981a0} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3144 -childID 6 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b9fc626-9929-4e8c-ac18-2d51e8a89b26} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 7 -isForBrowser -prefsHandle 5224 -prefMapHandle 4860 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ec9559d-b780-48d2-9e3c-837348a076ae} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4592 -childID 8 -isForBrowser -prefsHandle 6372 -prefMapHandle 5568 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2df7900-7641-41e8-9803-6fa78786883e} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 9 -isForBrowser -prefsHandle 5556 -prefMapHandle 5544 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aaf08fcf-438d-40f6-abe5-ebf34a9723e8} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -parentBuildID 20240401114208 -prefsHandle 5416 -prefMapHandle 5568 -prefsLen 30530 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1531e01f-886a-428c-ae5b-8ba6ea64fd0a} 4704 "\\.\pipe\gecko-crash-server-pipe.4704" rdd3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
30KB
MD5233d6898bdd83c669f8c478ec192e547
SHA14a5e87015d55c2ffd24460d96f31bc419f2f853f
SHA2562a035ce8b8e071dbf19798c6549547f558460acf1b7d71a6acce453d75f1dfd6
SHA512114d3c4a93b044fe24f285a1a7f6e4eb1f05311a53abc7531c256cbd22ecf64a5a55a72aac348db1fdf2dbffbb931f9143d520b96dfbd9060f467fb82af832f7
-
Filesize
221KB
MD567882e6f112f1067d417869549ff883c
SHA142827e8d7b5a8a47765f52a7d4ce3e82bdf154c6
SHA256c1a2dd874907c76d4ac24556ce800801f5300487c32e4563a483e508a02aacbb
SHA51251aa7578e9a20374ac8c8f68a08e92a45b929c0b3dd7ce9d4ab63d275a1e69b5bc0c05e68bfd7f8a48394be4d54692f18414ed363cd1b693c8dec8761bd99f76
-
Filesize
60KB
MD5a90220d880b63204be480e81914e58c5
SHA190938bbcf7d0aa244c2d0813e9e19e7d606069e4
SHA256b07587e30359a6ce0195e3fd0c6c2ac5740938ad7a0c0bc7e3dc19c9654a891f
SHA512fbe6617e5a153e3971c310100e33f9bbad9c3dd3c25ac82c4232e0d7820f497e23c31ae47312ec5d66950eadccdcffa5a291d7ec8e57c7de39d336132199e826
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
7KB
MD53c49fde7fdd11787d131c81956468b09
SHA18ebe1f4d807cf340b104ab41fcbf29658fc101b7
SHA2565c90935c13587f8293dc2e441d300275222dfd85d186a4a763800d3fabefa30d
SHA51265585434f9d45043682c2984f94abaa8f519ae29a6e3f4665f08abc433d9721a64188ceb7050789758c246d37192b6272493190b12b3231d450c3976921b21c3
-
Filesize
12KB
MD50e86f094e3be887ae29524f90c4eff9e
SHA12c184f3d7624d6fa97dbb3dcb88171bdde570d19
SHA2561241d0d14d21d9c42f3366d2a86dd3f1542bce8d7fde9642912bd47b23f1adb9
SHA512004b3d9c5137000ab5a1dba3c782bac9b676dafba654b65b7b0adfb07c3414a735390bf2f55fb69570018de4170220dec5fd21196b3f8076c44e82fc670e0987
-
Filesize
5KB
MD5094d610da345679b017766ae8fc7e222
SHA1ea0fe7e2d3fd6d5bffec6f31cdae93deb1d93a39
SHA256cf3c4f659de531c89f93fcb6519071df881f3468971e1b5f581b09bf4bdb14a8
SHA5123d113cdc1c70d804312100baadb0d527234cdd1196bae1af49f57b3789938dba311e2b4f77243c091dbc2fb011f49875db05246aa2d633cd532452077c1c433f
-
Filesize
6KB
MD54caec7161e872c982e0ad95e6603c2c4
SHA18c8f721d1542aac5dd8190325ec946cc68191849
SHA256bb748ca926ebc108fa9879f950995dbc3e80f3d96eb0e0ccde4aecbbe79723e6
SHA512900a0a5f0b29cedd2e89bb8b8a8a343a836da54e1810af9442811f6016598d551070f819020b48451716f22bb07361e23af0cc9aa747c5b694b62745aebf8a5d
-
Filesize
14KB
MD5fd573d4ec0f7b6c1931b69b787db0c08
SHA1e6b1fe94877cef5f362c7c5191413e543bb95428
SHA256b57ac106a70c3090c688e3f528bdb53edd72cb2fabbcb31dc5a970cbe0bc3770
SHA5126177d35162745d1beb0c355e4d7482c59b12dbd96bddea3f281f75235f691959a0df2df84b5771e9fa328a880b9231440d7f076e0e0255511bc533291399c5d8
-
Filesize
671B
MD5ccc93772bfb8ea3f893f9ec1ec3a6018
SHA103b8a65e2926f78d6a718182f72cb6f5b85f0313
SHA256b9206142abf3443ddb5981be9cd5b2ddad67a8d3419c991ce4c5f96fd94d9888
SHA5128543d40e30e06c2dc5a02ab273197c1bb16d07ae63d57a6f4101b7c374c1b758d3b7c8815212e5cc7294924f58df33eb3a6ddb864a177b0111f430a60a7fd074
-
Filesize
24KB
MD5d4373ca4015eb55976f406fddf7e66dc
SHA1745ae2737722a49629ed841d05017b6cac1d34cf
SHA2569de513034d0fb975e59c9ec773e79601b8b962feab0ce6fc7b3a07d06294472f
SHA512ed86e76be8e9674e0e5fec2f198ae58c6a6b4e612f85e201b14e97c1bb6d971d33703ffc1a99ad782799744fe4488428e13b7a362fe8b6d0ba47297f5146ce67
-
Filesize
982B
MD594862c50588cf362f1b08226ed38f172
SHA19157346fb8054f3dab6faceb11a6d701b6ed3931
SHA25651d14755c8c887400a50de5599dc75c9a3faac5f4c6d0cd724312b4cc2366118
SHA512879be4cd06e8f36e7fa00370bcc1d62ef1786324369e6756d92c09b16be536179f0b457ccd7576f84782be62347ffcaf4d250b693e5c05100705f36bce7f7638
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD5d705635df886ac875d7a5e181dd75f4c
SHA17b2964b33a60784c10d5b144085bb8021ec18126
SHA2563ac64d1623a85a3921a246eb9d5d7466119ea62e7efbbc7388115be60ef3ed0a
SHA5121a18d15b4c478827e9568cabb49b4c72e5661d2ef470b00eccc81398611306ca66b32b735a8fa1f59e815c72f9c01244f5afaaca8b30d9d7833cd3beade2eac7
-
Filesize
10KB
MD5463d5446ff9e81e3555043db51d8f6a7
SHA1289857f91b4c3d0a795353ddbe83c6770c5ba31c
SHA256ff255908ae1eb5e585416c84421e351aa2752d6fccf2288df3b0ceb0dfb5dca7
SHA512cf7be756ae89bd3bb03e04f392a9091a9c04399a51058ca654cd75d7b6cdc52cf4228741e1de77348e524109835170f9f03330cfa67d1b2fca9da2b41bb59daa
-
Filesize
10KB
MD56f4b2ec7b94e7a7b4f26604f1fbd0e24
SHA1d81ff23dc0e1010f2233d12882456702e55af52d
SHA256f58880f61c4de01e04225fc3a77f739c98ad89322c77bd7724bf931ebf02e54e
SHA51267b3b2867580f0b0f178424b69a3039ea0e548a0929d0132dfdba80482dfc7583a0e34da6e8a2351e05d6b0381f1d2f39767015ddcd9fb4d2dc18deba55e75ed
-
Filesize
4KB
MD526b0fde50c3573127fda501747a759d2
SHA162e8994a010bf27764944bdd3f195f5081229a36
SHA256b407589c4d0857c543ee9b1ded98882128d01de488c53207ede35e9fd3602f62
SHA5121ebd593219784069295febb06ae7bc7079e12573c6537b42f69de99a1ad672f82f1038feebb065fd1ad2a5d3b923b092c53b016ccde8887c8e0d910acf1dccee
-
Filesize
5KB
MD51250a0b2d4692d12c57ebbb49c398851
SHA103834b21b0eacd600f778eae8cea793a6f83e8fa
SHA2569dff2b4663fd13f8dfa1ce3cbe4a0e8e57056ff033b2b2b59bf9397691f7c020
SHA512c5a52de53dd03ee1b09e4dda2fef493e59bbf3f078e12f5b1f0de3e5936dfcc27f6eee13f10a9c3a6b10310c4322489ee74c170eddd28fd8ad95080c62c62108
-
Filesize
3KB
MD566d7dacc51de69e3d527c946b1a7cae2
SHA1bdf715210b6a2cbd95f16ed25b11c98ff363d304
SHA256ac62120cd96e951af023ccdad047babf03f14e38f679fc289427f121f5baff2f
SHA512ed96c75af5a8c1f2b8be7fca4e0e3e7be7b12ed46ebcbfc206c4f48cfd8d5dfd546c05fa40ada31bd84aa9e9876e2824a67d3ffa35f3d641466ad17e5a5546f3
-
Filesize
4KB
MD53245478d86ff97580116c7356fe5594a
SHA1b8e614a05e7f85f5be8121111df57253477f49e5
SHA25620508084e7c3a1ff643962573a45007055169b245ccd2054ee06e513f68f656d
SHA512f519f2c3c2e4f19c91764968788d5a7182b91a7cd299722373128970c5231bcb4afffb8886ad88396474066b21acf9e9765f83bae03b3f546cba9fdb7081595f