Overview

overview

3

Static

static

1

New Text Document.txt

windows11-21h2-x64

3

Analysis

  • max time kernel
    49s
  • max time network
    143s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19/09/2024, 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New Text Document.txt

  • Size

    98B

  • MD5

    86e47fbf1389d7bb19be387a77e77a3e

  • SHA1

    8bed0c5c299a0c5006ea7434a6628963048ddee6

  • SHA256

    f67a01e57e8f8e8bb324992e93f5bc1b76a617e8405703971a7c352bcc3ed63f

  • SHA512

    8371292125db29349df81d51fa4af6c3c2597820cd9fd904291e58bd42f03cd20bb4dad8c83cf4368e921656cef5c51abf71c9a5ca844fb8c0563b3753beac82

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\New Text Document.txt
      2⤵
        PID:4208
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3188
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4928
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1856 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca88ec8c-7a86-4b08-8212-7ec89c656812} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" gpu
          3⤵
            PID:2328
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2348 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f881e80-80ea-40ab-8dea-46f731c7263e} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" socket
            3⤵
            • Checks processor information in registry
            PID:3616
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2692 -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3016 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6cef312-1717-410f-8072-27a8425b91ae} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" tab
            3⤵
              PID:2824
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3392 -childID 2 -isForBrowser -prefsHandle 3460 -prefMapHandle 2804 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63e7f5ce-2112-4d79-8943-7b2bef4e85f9} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" tab
              3⤵
                PID:4052
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4588 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4580 -prefMapHandle 4576 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4845537-e399-437b-b9ca-d961877ff974} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" utility
                3⤵
                • Checks processor information in registry
                PID:4752
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 3 -isForBrowser -prefsHandle 5640 -prefMapHandle 5624 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a2592d7-83b7-4c3d-8bbe-25ad975e3427} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" tab
                3⤵
                  PID:4692
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 4 -isForBrowser -prefsHandle 5684 -prefMapHandle 5688 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be7e98e7-d419-43e3-a250-e5126a401765} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" tab
                  3⤵
                    PID:4132
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 5 -isForBrowser -prefsHandle 5672 -prefMapHandle 5676 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ccf93d2-0341-44ba-9db9-ab8721935eba} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" tab
                    3⤵
                      PID:2708
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6032 -childID 6 -isForBrowser -prefsHandle 6100 -prefMapHandle 5624 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e59facc-e7dd-4ceb-a789-60e46924dfaf} 4928 "\\.\pipe\gecko-crash-server-pipe.4928" tab
                      3⤵
                        PID:1496

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    479KB

                    MD5

                    09372174e83dbbf696ee732fd2e875bb

                    SHA1

                    ba360186ba650a769f9303f48b7200fb5eaccee1

                    SHA256

                    c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                    SHA512

                    b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin
                    Filesize

                    8KB

                    MD5

                    bdd8e39f5c0d2e29eff599c81c06f269

                    SHA1

                    69b6c0cea1ad34cfc43074cee0a2796c146abb99

                    SHA256

                    af45516c0f3737d91b18a266781dcdce3f99cadb430b90993091a62221268a30

                    SHA512

                    5b56c7b17cc2058f9d132b93d6d592dcef345d6ce3d8b299bc305a9798219464e1b6738eb5f599ab9eae6565803682ae36c5297cddb77355d231db60d595b7c9

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin
                    Filesize

                    11KB

                    MD5

                    2bcc6fb589edf70747766cc04dd16df7

                    SHA1

                    fc57ba3c214514754b7ad566dbc58016fca56b71

                    SHA256

                    5cef9ffa708178a3268c30a79d1bd95a1547e92c0342df113c87449041ec2fa0

                    SHA512

                    527c0439bc3f14b778ded596d774e24fe01086d901e0fe99f867032216111a0a267224f46963b93c5e54d03437195d24a49a6192b2b45955efb2fc18e9c8123c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    bce802aea5c293ac66e8a8db3f1d151e

                    SHA1

                    c0bd3ce594422044127756065650fda7ea400418

                    SHA256

                    d67686325979a03fc7206c2090eeab29b56f71e8a84a9cb1827bd2a51e968d75

                    SHA512

                    a5781eef56f44eea434aad506652bf3111a5328d6f92990d8cc4164037cc7dbd5ea8693a0b7ce3963b03e975c6f8e117e55976de315d110a0ff2a0bb748ecbeb

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    30KB

                    MD5

                    a25632a37e08fc59b205a1c9802becc5

                    SHA1

                    52ae43c7263a1079d1d7c9a26d234b8aa9b832a1

                    SHA256

                    e7b1f4b68b1c37a7da81d9fb141699f4d545e2f19511b28ea7bbb57084dfb8d9

                    SHA512

                    f813ec7e57e07ca2a11fb6f0e95bfea5f42c4967fccd3e66856de3a789626689a052e41009fc72f523d7f59047281e49196602056a3ed02fff22a058094c5bb7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\74498b9f-f167-4b93-aaba-b8e3cab7bd30
                    Filesize

                    982B

                    MD5

                    928079205d479f1c2d920402d35cf982

                    SHA1

                    14fcca290948b7ea5a53377c300523ee72f5e6cf

                    SHA256

                    3629d9e354a80f72ca2406c6dcca9a0cdd697856a80dc569e207a8c15858308d

                    SHA512

                    db67295bd2a60306cae1129eeaa4b627309278000edccd1c6e4eca6b75f2e1f84a07822519c56ae785887805b6268c24b3754a9b9093df1bb78088b79df4e35b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\b660c523-e970-48e2-a99e-2708cd27d24a
                    Filesize

                    671B

                    MD5

                    84b7d66288788a06d0b3fb970866ae88

                    SHA1

                    3a61a92100aa74421a8250d11a19ae615c388caa

                    SHA256

                    073cfd4211bc85013818ceac43638881ffc966476362a4a58871e42d11f2217d

                    SHA512

                    ace19834c573639d2417dc10ec78de25095fbdd92adf267c409a9a60c0d96744ab41c12478153e3eb3251e49a1650fe9dad97b4c56791766fb5c19d6df705b9e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\e7d197c3-1852-4d36-ae6b-3eb54d93a66b
                    Filesize

                    28KB

                    MD5

                    326066a6983ce8b02a5191c3827cd708

                    SHA1

                    8795cd729f5f3e15a8531fd9dee174583a2bafe9

                    SHA256

                    a2862a3ed017f7242fd230eadacc10f566bfd8f8ae1e681ef9fbfd788c7d670e

                    SHA512

                    5867f2256443ee9878ddd43bb2a5dd405e98594e592a4ac099c45f7f6eae33f6f9ab05ac9335db2f1ca3849d3d0b51e7bd924f6e61830018b30f66fa247255b9

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                    Filesize

                    1.1MB

                    MD5

                    842039753bf41fa5e11b3a1383061a87

                    SHA1

                    3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                    SHA256

                    d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                    SHA512

                    d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    2a461e9eb87fd1955cea740a3444ee7a

                    SHA1

                    b10755914c713f5a4677494dbe8a686ed458c3c5

                    SHA256

                    4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                    SHA512

                    34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs-1.js
                    Filesize

                    11KB

                    MD5

                    d69712a1043c75118ed27ef96c846ea9

                    SHA1

                    10b71279ba6c07b36cefdfe87f920ff22b31c895

                    SHA256

                    d0cacc6dd31bac0be509c87d11e7646222fa4e2cc2998e9de90e826abb82213b

                    SHA512

                    4d9576eb5b7af7fa79f9e02467765345aec252113776f2bf48be8feef54c3a66e85942e7325267024c4232c6ab775b807e6dc11141da6328c4c36a43f04fecb9

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs-1.js
                    Filesize

                    11KB

                    MD5

                    ca4d8bed8e9f90bbe875c075354d3fde

                    SHA1

                    42fe40dde1f9ee8e8cd5cb8884b3533dd6905e97

                    SHA256

                    c54e425b9df4603c2effb352308d27663af71d059629963d1c5418b38a7f9783

                    SHA512

                    e8f93723b32ebc14598b429b421c1bb47c392b618d37d22d51458b938d78119f38b9c982c5a334463d4725fec6d36224b943217bdbe7c9c3267f0b2b35112b84

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs.js
                    Filesize

                    10KB

                    MD5

                    a1fbfda78f0b3e9af187486e0bda4337

                    SHA1

                    901302dec7346739c12bb415fc03d7db1f1e3c00

                    SHA256

                    0936f76d0259c24c107556d05209aae6931b7d914b990db9b527dc2c0d5a39e4

                    SHA512

                    0dfbeb3ef3f40bafedea3c77af058d8b5a03bebaa966776f949aaeab2375cbc2dacba461626b63de50e3ed67e6e48ded34508cc1b58bb4af086ccc0c30b673d2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\sessionstore-backups\recovery.baklz4
                    Filesize

                    3KB

                    MD5

                    9a83e7759c28d1f236fdc0ab42066b18

                    SHA1

                    7ab34ac2d84df8e4feba174404e610827c6c0a37

                    SHA256

                    0cdc3ac3563830d5b96278ea502d7ad6d5fe5098298b99b962a46db2b0316c5b

                    SHA512

                    a004bb357787246b2e860c750f62fb21c73515467e77c93e06df32693a0222ec7233cb4e3c9c55037b6a8eb66777ab0de446f1c83cf5ec7717e57db4a879b273

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    368KB

                    MD5

                    89f57808e16dbb6ac520d1b7e5f8d7c3

                    SHA1

                    b1a85eeefda42b9347e841b0a0642bbfc9b669aa

                    SHA256

                    035fb45365a1154067c3f90c98f4dbca8af79b03264e3e0c61c2a91f6166dc39

                    SHA512

                    1df693e70d06e63618c406e1c1a94b6f2c45007c395627e9e5fda295a185ad1d5ce44076e5689cd3b39f4a9e12843bce750007688fc79cf5f6e7fd7a1c562029

                    Download Submit