Overview

overview

1

Static

static

1

4d5d2779-6...py.gif

windows11-21h2-x64

1

Analysis

  • max time kernel
    23s
  • max time network
    24s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24/08/2024, 18:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d5d2779-6fb0-4fd0-9853-a06ccae06b0a_-_Copy_-_Copy_-_Copy_-_Copy_-_Copy_-_Copy_-_Copy_-_Copy.gif

  • Size

    363KB

  • MD5

    3f0c83a9d54c26aa9329cf891e4235ce

  • SHA1

    9eb619fe5a9127a87c3e1983a02886f3041f72cb

  • SHA256

    5a2d3b3f650caa9553d293c8069881df6c549e68b533e035aff1811f6aa785da

  • SHA512

    71ac080f2e8096786108463f3ca7384d7c3b6ecb03d94586d32df17f5de09bacbd7959b4fce3cf42f18f13707481eb15d3047ef7ce6e496b32e0f2eef88d9cae

  • SSDEEP

    6144:LNUI60favy9RF2Md0cTIbj1Fv0WIWSnVXVeA1Wbt59pEj5WHaOehG/TBHNtuzic8:3H/9v2i/Ibjb0xzx165PEl0aOeilNIOH

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\4d5d2779-6fb0-4fd0-9853-a06ccae06b0a_-_Copy_-_Copy_-_Copy_-_Copy_-_Copy_-_Copy_-_Copy_-_Copy.gif"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3292
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\4d5d2779-6fb0-4fd0-9853-a06ccae06b0a_-_Copy_-_Copy_-_Copy_-_Copy_-_Copy_-_Copy_-_Copy_-_Copy.gif
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2428
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1928 -parentBuildID 20240401114208 -prefsHandle 1856 -prefMapHandle 1852 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {167c5722-4fcb-4950-ae0e-1516e4dd78a7} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" gpu
        3⤵
          PID:3548
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2328 -prefMapHandle 2316 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {108d9a4e-6aa5-4a2a-97e2-9ac433ea46ca} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" socket
          3⤵
            PID:3084
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1328 -childID 1 -isForBrowser -prefsHandle 2548 -prefMapHandle 3036 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40644ff7-c118-4273-a014-834d2f5531c4} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" tab
            3⤵
              PID:1904
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3484 -childID 2 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21c4514d-9f0f-4d7c-9632-cd6491cc6c78} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" tab
              3⤵
                PID:1648
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4656 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4756 -prefMapHandle 4752 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70c94e1d-4805-4cb8-ad2e-4f807f86acad} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" utility
                3⤵
                • Checks processor information in registry
                PID:1916
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5360 -childID 3 -isForBrowser -prefsHandle 5352 -prefMapHandle 4304 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2297dbb-873e-46e5-8458-1b69fafafc4b} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" tab
                3⤵
                  PID:1812
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 4 -isForBrowser -prefsHandle 5508 -prefMapHandle 5512 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d21fff8f-6119-4710-af59-d138d7297bcd} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" tab
                  3⤵
                    PID:1384
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 5 -isForBrowser -prefsHandle 5696 -prefMapHandle 5700 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b98304b3-44ad-4f89-a7fb-a33ca1eba32a} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" tab
                    3⤵
                      PID:1296

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\activity-stream.discovery_stream.json
                  Filesize

                  44KB

                  MD5

                  4b80ca3a053dd402ec628ee5c95836ca

                  SHA1

                  9017cc31425a5b6b506c5487827459571f53227f

                  SHA256

                  ca7bc57b93decf682ba5ddf4cf29588a32f333a3f2fd3cc333011056e038510d

                  SHA512

                  b7c1089f0f6b51d2b2f205feb07da9bfa5161fd6c0599131434eeba5a458c7ba4e8fc7f4ffd905870078dda5c8f1b571e3c22808688540abc9a9df6633991e3a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  be64d8becec7b8b8464beb1e23d5127b

                  SHA1

                  c7791e52f3501829a69cc94ad161aa5d4bfa1ab7

                  SHA256

                  a310cd0319dd6e1fc0805c5fde6d45e57236fd9b8b997a49c438c6db99aeb6e6

                  SHA512

                  1132fde8b1752fb088096dbd50cfa9ec1f0a0083609d25b3b325ab11776d104b0638601454c14b9f388b9437a488a0abd4f9e385a6e30c41fa7b051fbd3681dc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  06aa6fa9dcc885dec36765cbc6a82e5a

                  SHA1

                  23fb871cdd610a0e27c8d8dcf6639fed5c28abba

                  SHA256

                  9cab17553405e98802ba04c45ecedf4b3e52aacb6221f1be621ee46ef6b0806f

                  SHA512

                  015ce8ba96272eb4ea8059eab52eed80e9afab968ce264cd3370b7ca5e4768c7787f62b94501338152b01e727b7cb602dd90ba565a228bf8b4d8b1b9e9945cd5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  13KB

                  MD5

                  6750390f0ccb439a7ce84c731118a107

                  SHA1

                  22e17d475a68079613771a4b09c24a4b756d5c39

                  SHA256

                  5f5222bbce54404fbab1fe116c5a963069aa461afc0d961d8662aa8e83a36b60

                  SHA512

                  2b0d26bcd47d4e601b179ed1ae7b71d2a47c851d360e0f857fc5a748ad5f0364a576361e9e05473b5776ea89a247de042ee0cc0bb9d3048a680db6cfd8e8a886

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\44acde4a-5fd3-4c8e-8cac-59a155608948
                  Filesize

                  24KB

                  MD5

                  06484656dea5d5d912cac58256ec0a0a

                  SHA1

                  6b34096ba6739470ca7ba5053040d38553e17d12

                  SHA256

                  b56df099f7620814d7dce08edea4dd185d11a53b0ebf3b4601fa602e34c714e9

                  SHA512

                  5dc24592cb6f02f3c36e5541367f92a910fb7e3212154cf6bfca53e24d56dc158eae83520f676b935415309265d74507a0c88881695c0a44fb14de2818720681

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\cbc7de21-e180-463c-a403-3b2186e48963
                  Filesize

                  671B

                  MD5

                  ceb78ae95d80c367f535876867f13f9f

                  SHA1

                  9d0e0a988341f2ecf7dd93e0082403611940f687

                  SHA256

                  53c23160508876981947a8de3be3137f47c8385c497ceef0929e6eac1311b057

                  SHA512

                  b431b56a9fa78781890e7f616b4f802f4c6edcd88e84849ba5e49d8c02abdcc3331b03bc6ebd1a8fba933e652b4304b2444d2ccd104e6270dfbe445f119d6a88

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\ee9f5574-cde4-41a7-b46e-5e2463b14762
                  Filesize

                  982B

                  MD5

                  5858fdacddfd6728341cddb123f234db

                  SHA1

                  a9776e384ed2bd3fe6078bbc4dc6b0a9fc3c14fe

                  SHA256

                  3fb55e5b86b3c900d232746cede6b11a4e0577d44cbd0a13edc0805db85b63c5

                  SHA512

                  f8720ad7626ef727ede22fa8bfadbb00e6aab08fae5cedb38fe68e00b85ad52ac49dcb758b60c793926b7191ba7fb6f0ace9a49d92c223347e4a4dc17f7caa82

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js
                  Filesize

                  11KB

                  MD5

                  330360cacfd6720ce24c52e23512a811

                  SHA1

                  1e2f6d22366c886057f40024a961faf9db9bb679

                  SHA256

                  de01fbb2f0a1d93cd0314781d4ad1b4448735779cb9e565dafe595cd598c55cf

                  SHA512

                  dc5a7ec8f1d68b161550b09ceafc831e2924dbbb4b788ed5ceb480eaaedcf312d84bc980bd48a05e832879de88729973379fa814034a83f5e737fea1950f9df7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs.js
                  Filesize

                  11KB

                  MD5

                  fcb6497eebd1881212f3ac45d7e28a57

                  SHA1

                  6fcaa5c656e413be2a930fdb5022daf7f85449c8

                  SHA256

                  2de10c6d9680179c0229f4a6c15502ae09237781465fbbc54703328549f00468

                  SHA512

                  8b82a6ec690fb617212066da11e040922774d0d9466cb383649428849ca49c08f83dce6abc746cceb1abf369583469c60f91d08f6d822d4b091119b0516daeb0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs.js
                  Filesize

                  10KB

                  MD5

                  da0fbb855cff65dbbc2b51b66b961fa7

                  SHA1

                  069a1a50e39e415b4f3f03e2b93a810ea113ffc5

                  SHA256

                  46f3ece108a788661f5d9badec63342e97505a25954eb0f1f62805760fd2f80c

                  SHA512

                  26a5f21f3f3b20cf93b9a6eabe1cb35951e49e8656a015a224f0f3c895704bd6bd037895a8876f350fdc1092610c89bc434f1aade3ada5db48379f179f853ed1

                  Download Submit