Overview

overview

10

Static

static

10

683e9fd0a9...7c.exe

windows10-ltsc 2021-x64

3

Resubmissions

21-11-2024 22:38

241121-2ks9patjep 10

21-11-2024 22:37

241121-2j5akaymds 10

21-11-2024 22:37

241121-2jyssatjdp 10

21-11-2024 22:32

241121-2f4jvsylhy 10

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    21-11-2024 22:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    683e9fd0a92ef8ea415a4af9dcb8ed5ef8dc3a59a00c13da6594ac648675137c.exe

  • Size

    168KB

  • MD5

    9d943c82e494c1e85f06709d747a5f27

  • SHA1

    5bfd63104a22c3aabd71e09830268a96ed963c8c

  • SHA256

    683e9fd0a92ef8ea415a4af9dcb8ed5ef8dc3a59a00c13da6594ac648675137c

  • SHA512

    a6f854395b0481d2faddbf326944379190aa593bb27a94bd152b923083cf826ae00ce908199ed1c9b2842e81ddd7314dee51c48ec0d0de5097fb0cf925c1ebf1

  • SSDEEP

    3072:FAxpd12O6ZklHlMa5IXS8dwcG6TQW7axxcddVZSZDEMWT:FApYOFMa6i8dwz6T/7uxC/cZDM

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\683e9fd0a92ef8ea415a4af9dcb8ed5ef8dc3a59a00c13da6594ac648675137c.exe
    "C:\Users\Admin\AppData\Local\Temp\683e9fd0a92ef8ea415a4af9dcb8ed5ef8dc3a59a00c13da6594ac648675137c.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:1144
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4404
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39066d0b-4ea5-41a1-8a3f-c5aa1c5b59f1} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" gpu
        3⤵
          PID:1980
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2376 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99f3d619-085e-4312-a0a7-84c94d127666} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" socket
          3⤵
          • Checks processor information in registry
          PID:764
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1624 -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 2732 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f41480aa-ca47-43d3-9fec-9676c5e449bb} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
          3⤵
            PID:3028
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3792 -childID 2 -isForBrowser -prefsHandle 3784 -prefMapHandle 3780 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50c316b0-ef80-475c-9bdd-dd4a2e6832b1} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
            3⤵
              PID:3180
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4732 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4724 -prefMapHandle 4716 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80064eff-2186-4278-8633-a9f98975a4c5} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" utility
              3⤵
              • Checks processor information in registry
              PID:5232
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 3 -isForBrowser -prefsHandle 5408 -prefMapHandle 3668 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4451b67c-dab5-4460-b603-445e6e71d055} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
              3⤵
                PID:5624
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5632 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5556 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61d80991-3dc2-4851-a100-513894a4ea5f} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
                3⤵
                  PID:5640
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5748 -childID 5 -isForBrowser -prefsHandle 5828 -prefMapHandle 5824 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e81e1f24-0db3-4b2c-872f-ddc50710b1df} 2816 "\\.\pipe\gecko-crash-server-pipe.2816" tab
                  3⤵
                    PID:5656
              • C:\Windows\System32\rundll32.exe
                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                1⤵
                  PID:5632

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dly1kncb.default-release\activity-stream.discovery_stream.json
                  Filesize

                  22KB

                  MD5

                  267721c4f7560448e705ecec9b65c055

                  SHA1

                  e0d043657eaac8aa8403e6f8d65c9c26206a14c1

                  SHA256

                  b64b2d06c82657d682f4306bb230d16be5ed553b47eba9d94417d8669478e7c0

                  SHA512

                  3b06fa3d5ae7c42b95f3e3e0e62d4a0247f26868de296eec8326806312d9aacfd00ca0ac4840dce6bc8e9b1f12c6da8c1feb507a860f44b99c1eb6ef71f0f89b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  6KB

                  MD5

                  5d0e14752ff6b73f4d357c35ad8f9649

                  SHA1

                  1f44f40df38ea9a10e941164ca5c8afe4aeafe0a

                  SHA256

                  a17ab1cc8f0cfc6ee02043106f7db96e36b78928d2372156c0912b3fbb978509

                  SHA512

                  57282b057cc493e784bed17b8231aa5d101e9a3803ccf77cd2843a549305d8aa77acabc6256ff7a535d81ce1f8f8150e254e96dc28eeace7e9cc2bb4106bf3d6

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  5386f4fafb4a8b05600e8e783c42cd7c

                  SHA1

                  531aa6386e4e702854f7c36c97472a3c661d2341

                  SHA256

                  76b26cc1b190f2f96989168426f1fc7cf8761d29bddac252e3a20fba5fc6a881

                  SHA512

                  e27305971e8dc845b42d418b0c0236c7dec4dc3f7ea95204e0e570f8429799c0b95ff27567d4594f52782a142db91b96b582e6551b5187f1c43972e4a995c3b1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\3aad77a6-ec4d-49d2-873a-cb589500a27e
                  Filesize

                  24KB

                  MD5

                  6bc2c05561b1a49c1e8a4971d291eb06

                  SHA1

                  0f55ab6c6fb2ff13e11d99d66e9c7138ce53c559

                  SHA256

                  5233052444baffe1856ee69eaf50d3b5889f98dff57d5451d99593d773c2809c

                  SHA512

                  c1baa9005e2db7d8923c772b07fb1b270ae2be22c6c30a7fa773ec7608db97e98aa76a3cb5e21449affa989ecd8018e78f652c0a0d23d2ba34211dfe920108c0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\95c59fb3-22bc-4888-9559-17b85c4211b5
                  Filesize

                  671B

                  MD5

                  494e649752a186688e983d6f59a4b85b

                  SHA1

                  ccc478de17f18b6e1a29bccc2793a952c357e071

                  SHA256

                  91b0009481fb942b78da1e224a88c36390596fc849586aba74590d1199495960

                  SHA512

                  c79544212c42e299a2589b6c24405550fe0d2fc5ec6d396d738eb7e93bc656943ce05c569f845bb28aaaa03dacbd302b10efaf1c4d7bc84bb29fb6547e616024

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\datareporting\glean\pending_pings\fc4de24e-2c1f-4170-81a6-3a3a640a4a01
                  Filesize

                  982B

                  MD5

                  8353e61d3728473f8d0af80582c9fdc0

                  SHA1

                  eea2629ddb750a7fcd15c7f2a7633716a5586e03

                  SHA256

                  ad645ca898d478404c83e96a487af326950010c83cdf0b2d5aea7c1bb8b76447

                  SHA512

                  c128a749a937d747b71a842f9625c51afe188ed26548522fa883d57692478152fecc30a07eb0f1d5bf523456170360007106664bc6b4b78401169fd99393cb08

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dly1kncb.default-release\prefs-1.js
                  Filesize

                  10KB

                  MD5

                  b73e8add813284d2d3937e43534bbfc9

                  SHA1

                  c8884f7c40e2cb89330fd6d6d4a5cb274549bf42

                  SHA256

                  d3d5f884b62578437ea0726843813f1be1b0a3eba9039ec6aa70b456b54d48bc

                  SHA512

                  3a9628afee5fe32c16e013ef1fc87a958531eef12ffeaf03202accbd71636af97df0eb87645c6ff14bd3dd2c64ae8ec6b93ab6220062d3a90cedc0e5918bebc0

                  Download Submit

                • memory/1144-0-0x00000000015F0000-0x000000000193C000-memory.dmp

                  Filesize

                  3.3MB

                  Download