Overview

overview

10

Static

static

10

8a400be3f9...03.apk

windows11-21h2-x64

3

Resubmissions

03-12-2024 22:03

241203-1yllbsskfj 10

03-12-2024 22:00

241203-1wm2dasjfj 10

Analysis

  • max time kernel
    23s
  • max time network
    22s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-12-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a400be3f934b4a66b516a909215b2bbc0fde5925e41f3a7e8d58afdc8f3cb03.apk

  • Size

    2.7MB

  • MD5

    3de4e1386c4ec3bdc7d69ad7e32aba26

  • SHA1

    e9c0f7404c12f86f03cc11553e7613a3f1acc63b

  • SHA256

    8a400be3f934b4a66b516a909215b2bbc0fde5925e41f3a7e8d58afdc8f3cb03

  • SHA512

    919ff8a544527c33e8a8c8e5a2699e84642c7cc0f87704810eae0fb650d30f6ec7e73f7e7d719da68207eff4a5c3123c41748f828bb21bb4b7f7fb259668a378

  • SSDEEP

    49152:eGd6Kjcf1ObPyI4trAm8a8KLGBHzFOTkCMmn6U9BrVT9mDl8r601sS8IQo:e4FjEI4iZaUzYH99yIH

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 18 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 11 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 28 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\8a400be3f934b4a66b516a909215b2bbc0fde5925e41f3a7e8d58afdc8f3cb03.apk
    1⤵
    • Modifies registry class
    PID:2384
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:720
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\8a400be3f934b4a66b516a909215b2bbc0fde5925e41f3a7e8d58afdc8f3cb03.apk"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1452
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\8a400be3f934b4a66b516a909215b2bbc0fde5925e41f3a7e8d58afdc8f3cb03.apk
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:396
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1860 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35149a0a-7ec4-4adf-8729-3bf6dd036db9} 396 "\\.\pipe\gecko-crash-server-pipe.396" gpu
          4⤵
            PID:2400
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e52d4e8-6bf6-4c3a-b9bd-80f4fd9b851d} 396 "\\.\pipe\gecko-crash-server-pipe.396" socket
            4⤵
            • Checks processor information in registry
            PID:1216
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3260 -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 3248 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1112 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7134379-bc47-4085-98e6-40b683eca09c} 396 "\\.\pipe\gecko-crash-server-pipe.396" tab
            4⤵
              PID:1724
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3504 -childID 2 -isForBrowser -prefsHandle 2972 -prefMapHandle 2728 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1112 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bebc3499-52d6-4375-8cd7-e047f44aa70b} 396 "\\.\pipe\gecko-crash-server-pipe.396" tab
              4⤵
                PID:1776
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4136 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4216 -prefMapHandle 4204 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76a2f191-49aa-4ad4-90c6-e3c06baa78d0} 396 "\\.\pipe\gecko-crash-server-pipe.396" utility
                4⤵
                • Checks processor information in registry
                PID:3888
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 3 -isForBrowser -prefsHandle 5768 -prefMapHandle 5760 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1112 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25d025bc-6c94-4c06-b1b9-dd982144b821} 396 "\\.\pipe\gecko-crash-server-pipe.396" tab
                4⤵
                  PID:2800
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5932 -childID 4 -isForBrowser -prefsHandle 6008 -prefMapHandle 6004 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1112 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f92d133b-5eae-4df8-984c-c68f5a257b1c} 396 "\\.\pipe\gecko-crash-server-pipe.396" tab
                  4⤵
                    PID:1836
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 5 -isForBrowser -prefsHandle 6140 -prefMapHandle 5916 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1112 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7da22a11-1c31-4736-b458-0bf78fe68256} 396 "\\.\pipe\gecko-crash-server-pipe.396" tab
                    4⤵
                      PID:2468
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\8a400be3f934b4a66b516a909215b2bbc0fde5925e41f3a7e8d58afdc8f3cb03.apk"
                1⤵
                  PID:1244
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\8a400be3f934b4a66b516a909215b2bbc0fde5925e41f3a7e8d58afdc8f3cb03.apk
                    2⤵
                    • Checks processor information in registry
                    PID:1164
                • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                  1⤵
                  • Modifies registry class
                  • Suspicious use of SetWindowsHookEx
                  PID:3556

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vo8scey3.default-release\activity-stream.discovery_stream.json
                  Filesize

                  19KB

                  MD5

                  197b9c922afc92b55e05269c4372e2e6

                  SHA1

                  a3a5c91ab271cd92f33fce6097404d647e83ec77

                  SHA256

                  eb7501dfcce2f985483ad7ac92dd17b561370cfbddbfd6949bbfb43f64214f13

                  SHA512

                  a446431da97f60feb2f97c4dd4cb5256d7b0e7e064fa1985d4d702919e556eef18d9284e07fe904b5dc123c8f44e1fe0beddc38a469eeb787def30a456777a32

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vo8scey3.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                  Filesize

                  15KB

                  MD5

                  96c542dec016d9ec1ecc4dddfcbaac66

                  SHA1

                  6199f7648bb744efa58acf7b96fee85d938389e4

                  SHA256

                  7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                  SHA512

                  cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                  Download Submit

                • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                  Filesize

                  10KB

                  MD5

                  71a6b59e08e25451e52675c842fae23c

                  SHA1

                  565a97673954a9209c7a05fba20b89d10b88025f

                  SHA256

                  5b96212d3d1347b76c8c1c64b2f7ef981242bedd3b84b766b543d56dbbf8dbd6

                  SHA512

                  5cc98eb2aa02e2e69165170451d89dd880893e6b07440bb84fbab6cf92cb558bd58c2235d8d64ff43d380c5e9869827800d310ee67950bb21b498d89fbb5aab3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\AlternateServices.bin
                  Filesize

                  6KB

                  MD5

                  b9112b89a207aba72210bc10f5e62a24

                  SHA1

                  2a524ff1d5377e90a0c780aecd21ec0cbd34e6ec

                  SHA256

                  360cfc8d37dbed4bd6dff10621b54850b10d1bfd0aa1742ff8e714d451953374

                  SHA512

                  208c031650c104504eb40c17a50007caef67056f3747eb89e1fa963c511e5e3b8108a7cf15a1d57f65b4cb3338700c69f5b874a665d2b17871bcbe900f39633a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  4f651d63297592f24a027cc523c4c39a

                  SHA1

                  df93b51148356b7a5aff81d1b8d05ba99c04a288

                  SHA256

                  5df6f29ffe230f20911598f3d81b4c405572a41c7348932874ec1a4f30983b27

                  SHA512

                  5c70d733797341b0c17421aa0cfa9d938ea00d8d6a80417524cd12862fcffcf7e51f6c3d1455730e88a779fc20c4c213f3f9d4ae9065229e3bbef5711e10045b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  3ef88b47724870e1ca30163f2666c3bd

                  SHA1

                  6606a6d03eb3976b0591284d52f9543bf854c510

                  SHA256

                  e355b41e59333cfd3f00edcce1c42ce9d9557db050c1f796848e7c88a46433ff

                  SHA512

                  ec8db3bd9ee157feaaf8e581ec2d6aebc2dc97c1e6285152fff25523893e4ab0034a33a7c476a0901dafd7365f371c2df7fa0da6d711be7614c2b5d230eef419

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  6KB

                  MD5

                  629a0f2854c9d2cc6fc3b0c787908ca8

                  SHA1

                  2af1dc940dcdb0cf4dda9139a0b1214796e20f38

                  SHA256

                  d03ac961e044cb75f12324b167b2184b418650346a8b69e90e5b21272d3d75d9

                  SHA512

                  979e80754a8a7b0d4ab4e4c3ae61ed1c94817a4f49c7aa35229be092a5579b204a06dc2a182f740a73c69577e4c742a29d88c56c15bb08b54da9a53857f9b5c3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\pending_pings\43c06017-8176-48c9-8297-eed420cfbbe6
                  Filesize

                  25KB

                  MD5

                  8536c6ac7505162b1f93b137104a371a

                  SHA1

                  bcaaa3e3e94376c8bed1ecef2454d9fff23670ca

                  SHA256

                  637f483f4d5a0b32a7ec86b07b099370dd6e988901f22464691266696618d01a

                  SHA512

                  304207ac88867e0ca0d063dc8d519008167ef3c48a5fd12d1d2f0db85ce839ff3eec156149038a17ca4678be1bdb5128fa3858c427b8f0b7f9c2cd0f6484c10e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\pending_pings\5ab7756c-4e01-439b-82f9-46e023d59781
                  Filesize

                  671B

                  MD5

                  774fdcdefb319ba6de57b2429dfc97a7

                  SHA1

                  af548d3be82c152799dab470775ac969fa23b709

                  SHA256

                  765de012e0e1e24839878455b884bdf284fe70fc99ddf7968167f17736d7120d

                  SHA512

                  532b392a602dbbadb61a1d9ef1b2f953ef881de028daa2135b51465e1424fdfb805353c5eaf818cc7ac2574b622f89fab0fade0ad2c8466b115f7ee1944ad892

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\pending_pings\faac8d10-eccb-441c-a5ba-3d0c7e3dd51b
                  Filesize

                  982B

                  MD5

                  676930eedbbb0e6578f0afe15dc5e34d

                  SHA1

                  c4ecb6c73f1ab2581c067b32104eab4aa53ae23d

                  SHA256

                  ef31320e6f9b5c9d7b266617cbbcd39606d94693ecdc6caadddd5128e6283129

                  SHA512

                  e482a3d2b420c8c0d5cdd28f7746e8215c1622ecd1f27f52c9e2d9a36ff7e36484467fd78fbddd356e6781e5d54e3f723478f85cb6d7ad7f1fd6a55e00f25eeb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\prefs-1.js
                  Filesize

                  10KB

                  MD5

                  70731990705c9e764509da9a55d08f8d

                  SHA1

                  2cace3d08c29e8a2fd7f9bf536f77ca43261d04e

                  SHA256

                  935e376717e1f824157232142399e4aed380b56b3c52dbe60534b72e4a1a4d4f

                  SHA512

                  c51c228e8bec8cd674fe3889df4f38795ff2e5041c5fbb1e9ba8661e91a3cc2663b99c0fe709c430a790584f05dae994a64c7c840f25d5bb185ac8ef77e491dd

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\prefs.js
                  Filesize

                  10KB

                  MD5

                  7efde2a3aecbfb09294afdc2b5540090

                  SHA1

                  5dc4154384158b238e7010dff25c7458555a846e

                  SHA256

                  be22ea843b06f4e54f590188c749eab118ef4d4e06a9d25e7eb8c3d4c0b06db7

                  SHA512

                  f1b761240ee027744a6701ae18239201ca2e6e9e9603a36953972d6cbb8057100dfb9fa0f440ed0404196021ffb3f90d8cad68cc5a0d6bf63fa3e799edc381f7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\prefs.js
                  Filesize

                  10KB

                  MD5

                  0876fb8d190093ec671be9ab70ed59b1

                  SHA1

                  3de151ec79913da4b31513c12d636c397dd817a5

                  SHA256

                  7ffc5d8c12c6ecdf9479b8e3dbbaaea79c36ab2e87d71b1e61e43b43979a975b

                  SHA512

                  ac93e4152bef908859f087106cce5299d5a0f8907e8b2f1df573f79f601a5b408c1034d46bc691483be299f5b33327ae62526aed95ccc3fdc4c30d761926326d

                  Download Submit

                • C:\Users\Admin\Downloads\LnYWyrPa.apk.part
                  Filesize

                  2.7MB

                  MD5

                  3de4e1386c4ec3bdc7d69ad7e32aba26

                  SHA1

                  e9c0f7404c12f86f03cc11553e7613a3f1acc63b

                  SHA256

                  8a400be3f934b4a66b516a909215b2bbc0fde5925e41f3a7e8d58afdc8f3cb03

                  SHA512

                  919ff8a544527c33e8a8c8e5a2699e84642c7cc0f87704810eae0fb650d30f6ec7e73f7e7d719da68207eff4a5c3123c41748f828bb21bb4b7f7fb259668a378

                  Download Submit