Overview

overview

7

Static

static

5

bca034c34a...e0.exe

windows7-x64

3

bca034c34a...e0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 01:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe

  • Size

    1.2MB

  • MD5

    41fcd50f34127bc0d16bff8f4a78a431

  • SHA1

    c1edd4a84647628fd2454f3aa007792355d8331a

  • SHA256

    bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0

  • SHA512

    fb5dfcf5a743dfa8c4f444c4ffb46995d7dc23427287db4e235092022414dd9f57bc8b649b979bb4e4ea9801c8cbb5ecc3da5100929ed7bd6059bffb72c8f584

  • SSDEEP

    24576:NqDEvCTbMWu7rQYlBQcBiT6rprG8arnAb7B/KCIGhFal8:NTvC/MTQYxsWR7arnAPphI

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe
    "C:\Users\Admin\AppData\Local\Temp\bca034c34a5686e1d7d79ff1978e4c904db5232c5d246cfda47e13a865d72ee0.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2484
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2720
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2720.0.832473211\325173394" -parentBuildID 20221007134813 -prefsHandle 1248 -prefMapHandle 1240 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ed1f107-0a4e-4a27-9b61-a817b68a640f} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" 1312 10ad9558 gpu
          4⤵
            PID:2612
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2720.1.872849343\2119322832" -parentBuildID 20221007134813 -prefsHandle 1516 -prefMapHandle 1512 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e4c72e2-e522-46c5-932a-2fa408f716fa} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" 1528 e74558 socket
            4⤵
              PID:2456
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2720.2.998814815\312253585" -childID 1 -isForBrowser -prefsHandle 2184 -prefMapHandle 2020 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c470f52-c45a-4a51-9407-3b5cada41969} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" 2176 1adbb058 tab
              4⤵
                PID:2052
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2720.3.2001586465\839216763" -childID 2 -isForBrowser -prefsHandle 2912 -prefMapHandle 2908 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdb12ae2-9e32-4c92-ab93-66d8f32dca71} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" 2924 e5ed58 tab
                4⤵
                  PID:2020
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2720.4.2018235515\1007530654" -childID 3 -isForBrowser -prefsHandle 3704 -prefMapHandle 3696 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8fa1e48-b899-41de-8892-3e11191f7dee} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" 3716 1c4f3958 tab
                  4⤵
                    PID:1904
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2720.5.2121101842\1984097885" -childID 4 -isForBrowser -prefsHandle 3824 -prefMapHandle 3828 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcc1611b-e188-447f-b7f1-d0b4911174bd} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" 3812 1f63d258 tab
                    4⤵
                      PID:2672
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2720.6.354330968\1671035428" -childID 5 -isForBrowser -prefsHandle 3988 -prefMapHandle 3992 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91918635-61f5-4b87-ba1b-98163ce2588a} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" 3976 1f63de58 tab
                      4⤵
                        PID:316

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  43KB

                  MD5

                  0521d0c7d13428672ee61490e34b7fd8

                  SHA1

                  9807445cf0ad0add2596f934b55f7b457440b123

                  SHA256

                  ba2a2887f351686c0a983dca070035a9ce38ae10f9d8ef2b7622c1909d0eea3f

                  SHA512

                  e8e2374dfc75f573a96e22a89e148daaf718acc8fb5296ce24b9a30083597c132a812284088a01cc80c7c75b7dbd56c4c6c2c95c329b8baad2c2a0ea61ffaa8d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F
                  Filesize

                  13KB

                  MD5

                  61d18d3121a56b226304bbab4eed1704

                  SHA1

                  1b67a98f70e24085c12cb4e2fce124b231073da7

                  SHA256

                  f715f4991b8009b43b8f18eaa44917dda88f19db47cc9365e510c1965c598322

                  SHA512

                  88522bb9d78a760901fc8baf90b2b33c49dcd73af71c81a9169b56c643401e0a46ec1d723f947c7b8b461e87d3c29d508336ab6e9b1e8bb5d9c0a4c47e398815

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
                  Filesize

                  9KB

                  MD5

                  bdd02d89506d9ce51f78a7d772510e3a

                  SHA1

                  9d7d70b25bbd4077d6455ee61d038aab7876853d

                  SHA256

                  486890d4396e61f1eb9996111028f341c71ff3346ec92994a071db686d68f7be

                  SHA512

                  6bf17c6c5a1e8d3d179b6ab5b8dcb49fec26749277a81ab3e8336eb6f454a523736ffcda10cb392a7b9d6fbe2af91a96442e531452111c7fe8b628f359d1cf62

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\db\data.safe.bin
                  Filesize

                  9KB

                  MD5

                  2234647cc9f4c8227445ab6a97bd238c

                  SHA1

                  53c66759f906117e49de5c1ac7dfa2853ba6b946

                  SHA256

                  b101e865b913a6e89af4fdb77a1a4ffddc128a59198bd1c559e7c288a7cbb2a9

                  SHA512

                  f90ca4f6125dc8ec34534480d6216836e3015c9a197e52250dfce81bd078a31d01e3b3b9fd2e142bed181e8b2c8b760d04e75a0c399c2e75138e299552230678

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\pending_pings\186144d3-3f4f-4a95-a8f1-0a8466fb08d5
                  Filesize

                  733B

                  MD5

                  be57c879d45b246ada2f3d20f7bdbf67

                  SHA1

                  48b55f52f4f48486efa5c50859d45e9832f3573a

                  SHA256

                  9fdeabceba813067cac55071c988cea4c8a05022608448fc357ae6d262072800

                  SHA512

                  7d981002ba2e56c9f17aadf0c7dfcd20ff9bcc6788b6c1e24a6a51c19015e0409f96078ccfcc190e53055b0a051870c0cbdd739e6fb14ce1623217df5e858bad

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js
                  Filesize

                  8KB

                  MD5

                  257a8dc4fee253bfca226cdd911d8cf2

                  SHA1

                  193e503d4d68fde9a5cb6ac5c6ae2b1f8895bbcf

                  SHA256

                  b78513fac333fa1c4f944ae2f962dfaf459b45256a400b4a0ff665b407c2dade

                  SHA512

                  e8d34fc5c4e0f3fc3662b608440ef6b0f234584ba3868561c784d582d2de051afe7289c6d65019d16c4b07436e592cb472a9aa4299a4f6e03a9a27b451f63616

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  eb716ac98f7d41bad40cf99625680101

                  SHA1

                  7896214419ef0bce4a25b914d6f9e19d92379acc

                  SHA256

                  4131b83aa4f5befe3bfe7e49d9cc51dc7b6a7d523ba71893c07783cdfec79eee

                  SHA512

                  3ac4a86939e0b142e775affbd797c83e2bc149cce477da48a42faff8dd72080668a00c56cdb458a7442fd20e784846173af02d5008cb38db0c1f3135b5669b66

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  2ecf3de3a19579c2b0a03b54edd04c9d

                  SHA1

                  7b85492dea245ef1b0c614b70dee60b9b9924660

                  SHA256

                  18edae5a5047fca12742fa99e642efbbb02a51705e7a31b3beb7ab1da3a54e7b

                  SHA512

                  a2e6c491b0e25a92600b44fc2b263c9430f1935a91d04f16269e2ae29c25e7726ee4f6c5a74a26493dc9c806e932e79d350ef86a613d216d3c036f671589fb84

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  c847afee40d7d46be7426472a8e5b14a

                  SHA1

                  aef6d639506a7914f3367b63cb448fd7c61eb971

                  SHA256

                  d1c3cdff33b86344dc4c1b8172ec8c38f768728c6442cd904df0c3e21bcaec96

                  SHA512

                  87e2d15661233111c44effdb7b0545c723a878cab77f28faf33568323c3af756cc85bbb212aadee0cb23b8c4a7a43fe6b4f565a4d6a98ebf33e1b39900add2f7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  ed648e098cc9b02e3130c15e292200c8

                  SHA1

                  03be9d91f222539aa0304a8f522ca4d4629e5070

                  SHA256

                  7ec138dd975db326e06437c3d623b0126df4671345fbb9f1ed9e288c9bf1a5a4

                  SHA512

                  a59595b66af6d3a38df313d0176f4954b7e8519b2e8719a6e2a1d6d610f5b28532a99b7951a4de728c9db727e15a2ee86b17ed5a1ff6cce1d1af3423e65edc81

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  936B

                  MD5

                  f03840105518a0b58fa38f312a2d5145

                  SHA1

                  74da8b7fbcc0c7bf033674f38505be84c3dbcc66

                  SHA256

                  d0183014e501dac2785224bf9f0d48edb4ec3fc2c00dc525291021e6611f5280

                  SHA512

                  31e7c55d6b94a6b392e6fc9fa63be00cbe3e2ebcb01e33b61c9c90382016babdd05d6572a517121f897dbde62f5b98cb43c0fe5b50d6eb99f1f8f028732f6934

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  7d5f855a7b8e99ecfe9d2b3c7f1992e6

                  SHA1

                  138562d8b6f87181cba87ec3b0e2c10be7169daa

                  SHA256

                  50ad3c39b8eac5f7fb5121feea02fa552af809e7b4cb2c5628c2c47bd6329bf3

                  SHA512

                  19bebacde294735d12aafacf8dfa3aad4984922b71d17658cf29d2cae90876d9da165cf133575b319ff811354177b29f1d320f22d33eb223e63a2ca8f8f318c8

                  Download Submit