Overview

overview

3

Static

static

1

.profile

windows7-x64

3

.profile

windows10-2004-x64

3

Analysis

  • max time kernel
    55s
  • max time network
    61s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01-09-2024 18:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .profile

  • Size

    807B

  • MD5

    f4e81ade7d6f9fb342541152d08e7a97

  • SHA1

    2b9ee6d446f8f9ffccaab42b6df5649f749a9a07

  • SHA256

    28b4a453b68dde64f814e94bab14ee651f4f162e15dd9920490aa1d49f05d2a4

  • SHA512

    26544e0b85ca6d7cca3b8ace7d01f712e24020f07b6a6ad54a6942909040221f09bf922a4d0da555ce64ceebb4934b28719a23a0e6401337a69d4a0170bd8e4c

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\.profile
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2680
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\.profile
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2704
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\.profile"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2388
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\.profile
          4⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2724
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2724.0.1013017496\1516165109" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59657fa7-84fa-4741-9354-cfaa4500a824} 2724 "\\.\pipe\gecko-crash-server-pipe.2724" 1296 11ef6558 gpu
            5⤵
              PID:652
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2724.1.451030112\1523890302" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d45a02f1-f0a9-4090-bf4b-bb493c6a980b} 2724 "\\.\pipe\gecko-crash-server-pipe.2724" 1500 d6fb58 socket
              5⤵
                PID:2444
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2724.2.1526495699\252711987" -childID 1 -isForBrowser -prefsHandle 2232 -prefMapHandle 2228 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35dcdb89-3db1-4e5e-bb26-5ec94a8abd2d} 2724 "\\.\pipe\gecko-crash-server-pipe.2724" 2256 19ae5258 tab
                5⤵
                  PID:1168
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2724.3.1628250502\2105247119" -childID 2 -isForBrowser -prefsHandle 2776 -prefMapHandle 2772 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0286ace0-af0c-456a-82a7-0be7ca83db85} 2724 "\\.\pipe\gecko-crash-server-pipe.2724" 2788 d62258 tab
                  5⤵
                    PID:2420
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2724.4.524889698\494118046" -childID 3 -isForBrowser -prefsHandle 3732 -prefMapHandle 3768 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9f294a7-7337-4e59-bf8c-b1e9f3ac01bb} 2724 "\\.\pipe\gecko-crash-server-pipe.2724" 3820 1e53a658 tab
                    5⤵
                      PID:2656
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2724.5.1625945518\1187961948" -childID 4 -isForBrowser -prefsHandle 3948 -prefMapHandle 3952 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0f29442-69d5-4d18-91db-1279975bdbda} 2724 "\\.\pipe\gecko-crash-server-pipe.2724" 3940 1ec69b58 tab
                      5⤵
                        PID:836
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2724.6.1529010016\1347887593" -childID 5 -isForBrowser -prefsHandle 4104 -prefMapHandle 4108 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 840 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2710b1f-9137-4626-81fd-029dedf3d172} 2724 "\\.\pipe\gecko-crash-server-pipe.2724" 4020 1ec66e58 tab
                        5⤵
                          PID:2616

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sexvjvzg.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  34KB

                  MD5

                  62c6a3fc5bd086a4ae2488ed4dee1187

                  SHA1

                  45d90a0901c6f06917bedb5434aff889705923a8

                  SHA256

                  cb9b13c8ddce19be6a682e2baf1648e360fe6da065b483d1a1b907cffdcc9327

                  SHA512

                  bb96c57649b958a7c8be07c13a0558f140770edaf973cedf135b37e535db1bda1afbe23bc9483ce6d68aa77a8c7edcd6a9c9ff6149f259f114048ba6bb5322a5

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sexvjvzg.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F
                  Filesize

                  13KB

                  MD5

                  4b85d3259a24253f57ceb211f2293398

                  SHA1

                  6eb135050ec533b2e326af5ff9d122148db761d1

                  SHA256

                  80f1f95c2038e1b13752bc9bd1c8bf7dfcc545dddab25f9bb4b3f13532fdaba5

                  SHA512

                  00c13db49def754129c75cd72bee6fb5189237191e40a8d9db06fb814b4165d877973b7afb1bd5fe1f93597603ecad09d4083682ae067d0bcb4a07357be32426

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sexvjvzg.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
                  Filesize

                  9KB

                  MD5

                  83133cff47d0c2e043dfda33c006a390

                  SHA1

                  1e05128ecd5f4c472e11b104bd1225541bf374ce

                  SHA256

                  f47b2d8a4b3f1bedc6fe249f0f176a7801958fadd094f50d5b64aa21f8667039

                  SHA512

                  f2522fab0994937891a6cc8a12a4591e80484b0ae89d9cd22158b0867335995e3ed46cfeeb6b5153ce49b97ed2434a767f09a579d3110f3626200691b3cc3d2b

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  442KB

                  MD5

                  85430baed3398695717b0263807cf97c

                  SHA1

                  fffbee923cea216f50fce5d54219a188a5100f41

                  SHA256

                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                  SHA512

                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  8.0MB

                  MD5

                  a01c5ecd6108350ae23d2cddf0e77c17

                  SHA1

                  c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                  SHA256

                  345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                  SHA512

                  b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  2KB

                  MD5

                  0c24f9032c9a79ebe2e9f503beba17c9

                  SHA1

                  8d0d671aafa66a96f783a1c437822b6c6d05ece4

                  SHA256

                  e43245102d58c6ba1450d6b630a04307f6c0155eb67ad45f23663063149b3e81

                  SHA512

                  99991ca4ff370447739ed849b70a007c80d6591e2032eb7c297b951256ee714d742929c6722173ba0ebded737b7bc529d04b9409a9a16ad7625025ed29f69979

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\datareporting\glean\pending_pings\3f8e80c2-4939-410a-aab3-32bef06bf955
                  Filesize

                  11KB

                  MD5

                  71759ed9f91d8bfd34cf3b409e25a0f9

                  SHA1

                  2b8d989e0c60302cb82a6c948ff23a4122ac6abf

                  SHA256

                  c3a554eb04c9a2e60aea0b1c7a47b3c0cf034d6eab43c3a2750607159a64f876

                  SHA512

                  2bb7d468750f4651bc6c36f649befee26f69eaf7e3a7a27f53a3361005cd31f8e54cdbad8eaa01cb2179a58de052f50b51b95c2ff75f7d0102c870e41450b3bd

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\datareporting\glean\pending_pings\d189361e-0fca-4442-a53e-ae0f21f831af
                  Filesize

                  745B

                  MD5

                  91d52ccbc4f77792bc21e84571cb3f61

                  SHA1

                  e390802111459491a6cc8e0f7959474e505b073c

                  SHA256

                  c95f8dff7f0a2b8d9e5d36c739fef415ba9fc1ff414049d87b1509c49b5ad6be

                  SHA512

                  adbe9174632a1363cea851688939464b50ba55c82a99fd53ab755c574d6acfad6ca0b60281f404dbc39e5c08c05ad5d0998d19c1d077035acf72a0df4f4ffcbc

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                  Filesize

                  997KB

                  MD5

                  fe3355639648c417e8307c6d051e3e37

                  SHA1

                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                  SHA256

                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                  SHA512

                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  3d33cdc0b3d281e67dd52e14435dd04f

                  SHA1

                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                  SHA256

                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                  SHA512

                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                  Filesize

                  479B

                  MD5

                  49ddb419d96dceb9069018535fb2e2fc

                  SHA1

                  62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                  SHA256

                  2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                  SHA512

                  48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                  Filesize

                  372B

                  MD5

                  8be33af717bb1b67fbd61c3f4b807e9e

                  SHA1

                  7cf17656d174d951957ff36810e874a134dd49e0

                  SHA256

                  e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                  SHA512

                  6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                  Filesize

                  11.8MB

                  MD5

                  33bf7b0439480effb9fb212efce87b13

                  SHA1

                  cee50f2745edc6dc291887b6075ca64d716f495a

                  SHA256

                  8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                  SHA512

                  d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                  Filesize

                  1KB

                  MD5

                  688bed3676d2104e7f17ae1cd2c59404

                  SHA1

                  952b2cdf783ac72fcb98338723e9afd38d47ad8e

                  SHA256

                  33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                  SHA512

                  7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                  Filesize

                  1KB

                  MD5

                  937326fead5fd401f6cca9118bd9ade9

                  SHA1

                  4526a57d4ae14ed29b37632c72aef3c408189d91

                  SHA256

                  68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                  SHA512

                  b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  bdff062e1283a88bfffb5d7109ddbc5e

                  SHA1

                  7c3d479c01304648f94f9f4442a76dec5087b1cf

                  SHA256

                  60346ce32aa8ae118df04259351283fea0b725e435812a786e333b80a297bcbf

                  SHA512

                  c3cb1a6b25a65a8f03f0f8e98fde341cc05a2fee4ca0dcbeddb1bb9699e7e34b4f3bccbda333f7d450738a0550a164d8b3329eb27118a706b68a68c7c4e74ea0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\prefs-1.js
                  Filesize

                  10KB

                  MD5

                  4bc9f9084e1ca3d72dad54a5abb73cb7

                  SHA1

                  ebbb088002ab9203c1d34b439725bc9a540a357b

                  SHA256

                  ef5096f148a1ace572a72a0d04d1ce4649f9ac4b9617228b554baa89a323008f

                  SHA512

                  cae2705cd6581ccfbb47bc984e0359ab0ed52530ecd750e39d5ba71c675bd3b87649e789bf0f071df7c77b1630d7069ff240d04f0c05975f2c9c53e3cf217ee7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sexvjvzg.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  ec27326fc816852e535bfdda353a22a2

                  SHA1

                  f9eda6d57d530b6b7dffdc54bde78cb29101940f

                  SHA256

                  684d7774eab30fc6126588354d344daa0c12e1852c2f8b06ca1792c98c7f59c8

                  SHA512

                  dec86bb02e139da1252b38698c0ec0b38a090f6fb88d50450ab2ee3183e1ec33f8a231528301100f8abc30c2c2be128b41542812fcf639dcad1d11b889eaeecf

                  Download Submit