Overview

overview

10

Static

static

3

1_email.zip

windows11-21h2-x64

1

32b4f238-3...18.eml

windows11-21h2-x64

3

email-html-2.html

windows11-21h2-x64

1

email-plain-1.txt

windows11-21h2-x64

3

image006.jpg

windows11-21h2-x64

3

pago 4094.rar

windows11-21h2-x64

1

pago 4094.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    128s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-es
  • resource tags

    arch:x64arch:x86image:win11-20241023-eslocale:es-esos:windows11-21h2-x64systemwindows
  • submitted
    14-12-2024 15:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    email-html-2.html

  • Size

    19KB

  • MD5

    64999a3d3bf119171122cded4c5a2880

  • SHA1

    9c106f98e512b34c5f8027a7b8a33fe176b55cdb

  • SHA256

    c106566f838b9353aabc9c4ac711925a5113be84b1a8a35a9a31a8cbdd4d3d46

  • SHA512

    106b3eff1f26eafb51e1ffe693b39c1d192fa8151a4e7c1a90daffbb5cf326371c2b32878f4b3b2ded05c66ae3ef1d54aeea666b322ffbeef506c4a12ef85b35

  • SSDEEP

    384:IoP0Ehux5Ox5RxEsx5Nx5Rx5MJx5sxcx5ox5REGnxTf:I3EhAg8GFRM5HKR55

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\email-html-2.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1512
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\email-html-2.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1348
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1932 -parentBuildID 20240401114208 -prefsHandle 1860 -prefMapHandle 1856 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2396050d-49bb-40cd-9245-b34067d167ab} 1348 "\\.\pipe\gecko-crash-server-pipe.1348" gpu
        3⤵
          PID:4452
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e806cbd4-2476-4dd3-8de0-483f46819ae0} 1348 "\\.\pipe\gecko-crash-server-pipe.1348" socket
          3⤵
            PID:4928
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3276 -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1080 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cfe61d5-b81e-45d1-a7b8-61615635fe25} 1348 "\\.\pipe\gecko-crash-server-pipe.1348" tab
            3⤵
              PID:728
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3720 -childID 2 -isForBrowser -prefsHandle 2700 -prefMapHandle 2936 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1080 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5188e98e-4f5b-4644-923e-73fea05b9555} 1348 "\\.\pipe\gecko-crash-server-pipe.1348" tab
              3⤵
                PID:3420
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4236 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4244 -prefMapHandle 4252 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c46593fc-b7a0-4b09-8f33-db19bfc0d9cb} 1348 "\\.\pipe\gecko-crash-server-pipe.1348" utility
                3⤵
                • Checks processor information in registry
                PID:1416
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 3 -isForBrowser -prefsHandle 5524 -prefMapHandle 5520 -prefsLen 27139 -prefMapSize 244658 -jsInitHandle 1080 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8ea1d0c-437c-434a-ab02-a5b7fd9bef4d} 1348 "\\.\pipe\gecko-crash-server-pipe.1348" tab
                3⤵
                  PID:3612
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5844 -childID 4 -isForBrowser -prefsHandle 5856 -prefMapHandle 5852 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1080 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83b8625f-5285-4334-921f-b409ed6dfc2e} 1348 "\\.\pipe\gecko-crash-server-pipe.1348" tab
                  3⤵
                    PID:4792
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5948 -childID 5 -isForBrowser -prefsHandle 6024 -prefMapHandle 6020 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1080 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ebb324e-35c0-4bf7-92b6-019be7ec5013} 1348 "\\.\pipe\gecko-crash-server-pipe.1348" tab
                    3⤵
                      PID:1412
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5928 -childID 6 -isForBrowser -prefsHandle 5920 -prefMapHandle 5912 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1080 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48750cbe-65b8-4a35-977c-ccded02c050a} 1348 "\\.\pipe\gecko-crash-server-pipe.1348" tab
                      3⤵
                        PID:2172

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\activity-stream.discovery_stream.json
                    Filesize

                    20KB

                    MD5

                    4c875f2a1d53173f6eee51ab2fbf39d6

                    SHA1

                    cfd8e2a522428a2661d2f9fea64b6dc5368d27b6

                    SHA256

                    7012376c9bedde3b56544b1b68b1057f8d2bac1986049d81f0a9cd424c0c9df3

                    SHA512

                    3254e27b13b7fd1ef792a81238734f10d70cfdf66b891ccfa69ca89d0ec34720212d04ab7af19c9bde78df246cb595ece4df7a6f52dba74d3d243c4ac77a0d07

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984
                    Filesize

                    13KB

                    MD5

                    d69d0ee6a1f1f3cd8f3539571f894129

                    SHA1

                    d9ebb3bfdaa79d2a6806048c5f91af51195fdafe

                    SHA256

                    b9a6ed249ad1a58c3dfd5a0651027af685ba3889e95a5cc8a424cc66c7b58359

                    SHA512

                    2217ed0a5125165f233f6ee14966b9e4b1fd76728d5361567cc4a45cafd2c128af316f0f590410edc4a8e9c79e39d3748baf7ff3bf48aa01c8141ac632b115dc

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
                    Filesize

                    9KB

                    MD5

                    7b0cf1ab48bdc245301bb1ec192d0c68

                    SHA1

                    b23f289924c37bb736b633861533e6c3dc7477c8

                    SHA256

                    4fe14b0e16ebc4c2ed3a8a6fc2759dfd076c4dc70c2ddcf996666345e4c06c20

                    SHA512

                    1af4af4395a04484f0dba0687285d9fad94839abcd5b54a3c2f60f814dde7eef7a9cd3baefeba8ee9930589f18d7db7b61d5d771917bcd6ac428534b018647e8

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                    Filesize

                    15KB

                    MD5

                    96c542dec016d9ec1ecc4dddfcbaac66

                    SHA1

                    6199f7648bb744efa58acf7b96fee85d938389e4

                    SHA256

                    7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                    SHA512

                    cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    479KB

                    MD5

                    09372174e83dbbf696ee732fd2e875bb

                    SHA1

                    ba360186ba650a769f9303f48b7200fb5eaccee1

                    SHA256

                    c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                    SHA512

                    b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    13.8MB

                    MD5

                    0a8747a2ac9ac08ae9508f36c6d75692

                    SHA1

                    b287a96fd6cc12433adb42193dfe06111c38eaf0

                    SHA256

                    32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                    SHA512

                    59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\AlternateServices.bin
                    Filesize

                    6KB

                    MD5

                    2b594f29ad04971a772a96ec8d0e49ae

                    SHA1

                    13c5a442495031e1b2225897b538e895d441bb06

                    SHA256

                    2286fc1fc1e6007a236a02a87aa1553d6a147f73c2df3ab9b696fe53d8341438

                    SHA512

                    cd79ae278fc4365b811593b7e25553e1c143853ce7bb4506fa48087f6632e86ed3001e10542c840100dc50ceac5252be6cda812a7773db4ade234ab39623504d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    6f4a0ee8f4a6e2dc922d93101a5d5955

                    SHA1

                    9214b98338f28006fd63b6825d5f9c7e60af3235

                    SHA256

                    4f86c94b4408009052cb9b1f49c2522c1fd0980ba6255b79647c637760a94581

                    SHA512

                    d65bb886730a5698acb082acc33d8caabf3d3f87c863e6734889bfc536b660f2a50c41fb456fbfd5d8dccce81ebe3f121253cb2ab9609895bf8492613ceb9df9

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    e80ec356d6e4b03d43f98f4e589a2e01

                    SHA1

                    ede86c81ed45f565d0f63a540e6590c932937774

                    SHA256

                    9a199c152430705c9a5f82d0fcee8abdd36fe0a348806c4eedd0f9eb8b9a610e

                    SHA512

                    3702f35cb0ffc675709776f91c0b5b38457aec840dc70c4732fb037b4e584115307b2a85f9362f0ae518419912bca862b96c3aab2c66456bfcfc834f0899461c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    14KB

                    MD5

                    8b69cfb0d922b02e7adf394874dbc635

                    SHA1

                    69a122823793be4b1b7e3892d1c4694ae182a910

                    SHA256

                    01117b81f7213e8e4df4833998fdacdbd66f044bd230f9a954bb16ca17258338

                    SHA512

                    dca534ca5bdd790556376d10e192895a0a5953812cf8e846b00742dee6b0bfac332e19eeaecf277af4e5f7842fe98747056aaa0ea1fc144e7bb0c43b6f2eb6db

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    14KB

                    MD5

                    055422a03706687f6a42b6c19e849f11

                    SHA1

                    44dfcd7dd1cfdd81eff2b9441582497c38e5f9a2

                    SHA256

                    9a060607e108fc2760e8e619a29f75a0d5836442b8c2b65637512842b4f282b1

                    SHA512

                    4205199ed3d5dab502fe331c311e29c4ecb4450b387d49a86415a6cb0ee497fa67d44e38f9a4a18c45c29264c37585738a4b9fe39698aff34c904e11e72bb271

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\1c565b85-4707-4b33-931b-f824b6eac75d
                    Filesize

                    982B

                    MD5

                    b2ad1749f2f8635d6438b2acb4908959

                    SHA1

                    ce3ee2b98e082d271d03ffc43c690d0ffaee064c

                    SHA256

                    ba1c73a300d3a783fc2b9a2661dcdf9d50bd4c0e168419f0ed05ff0596487e69

                    SHA512

                    d58e3e94a37302b14c7c76c2a4a8d04dc5ef65e09cedbed38abf8c5468b18af528a0c9863c76311c6a738c0acc7aa8215eb0759908b01035d3385412392ada92

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\55f8afcd-5d9b-48ee-be2c-0fcac0a0b09b
                    Filesize

                    671B

                    MD5

                    0c7113fab508da2137c60fc89c137bf6

                    SHA1

                    800e17ddc6b519cc76c64192637b866d10789300

                    SHA256

                    d526c374f5bd05dbf84be98c4a1966bab7e49e1d1035a48d66dc9c5310003210

                    SHA512

                    c9c9ed6ef4abc145f161199a0f78a75e44dc0453139424ce931c6a25955c03125c33364e57e5f11690eb09b393cde856b294585874ee52fe01fb17f85ec9169a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\6a3620eb-8177-4f89-89eb-3f0a7063501b
                    Filesize

                    25KB

                    MD5

                    98f564e40ddc1a6e463616d4e541fa5e

                    SHA1

                    e91589908b1de0ff36bcc2092ba163dbbc764d3d

                    SHA256

                    f2acd6de1d8e956c6f400b8bd31c2cbd9624ccb8f45b4ea94236e38bb2671e93

                    SHA512

                    2cf790e4fb68af116d7fe4d1d9fa605344babcbcc933056f00f7fe55ee84e14e750623fcf32309b336f7649f6ddb328c51253f018372ec3744393d5e0409aefe

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                    Filesize

                    1.1MB

                    MD5

                    842039753bf41fa5e11b3a1383061a87

                    SHA1

                    3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                    SHA256

                    d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                    SHA512

                    d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    2a461e9eb87fd1955cea740a3444ee7a

                    SHA1

                    b10755914c713f5a4677494dbe8a686ed458c3c5

                    SHA256

                    4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                    SHA512

                    34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                    Filesize

                    372B

                    MD5

                    bf957ad58b55f64219ab3f793e374316

                    SHA1

                    a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                    SHA256

                    bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                    SHA512

                    79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                    Filesize

                    17.8MB

                    MD5

                    daf7ef3acccab478aaa7d6dc1c60f865

                    SHA1

                    f8246162b97ce4a945feced27b6ea114366ff2ad

                    SHA256

                    bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                    SHA512

                    5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs-1.js
                    Filesize

                    11KB

                    MD5

                    e3d1e1cf0024dff99adac3cf926d935b

                    SHA1

                    cb06ca59d1ea0b92ee561e76b407ddd7cb87ecc8

                    SHA256

                    d035140fa25c631cfc4d6a2b5b7d7570fbeb7b49cdd2a7a32d645bb28ffaf210

                    SHA512

                    8aafa87be65b6eb584da82b9094bf3941aedf48eb2f3c103460448e7244544765c564dd7399fb0b2eeb9d82ffd1901ef6b46305f5506b81b0dda86f928a567b1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs-1.js
                    Filesize

                    15KB

                    MD5

                    799649bb047750f62201d63680c2d62d

                    SHA1

                    30418e048ee6d8cbfef0f40912bb6b4633e9bda2

                    SHA256

                    6cacb42546501e20db65787db38fa28051ea69b6ea1fccab44047b507f940709

                    SHA512

                    a6701d5d9297918934ad5f8afc28728e237d467380f01de2eeed5d32ae237c16fe3722e43ed656614690193c5ec4db4f797710c8121446982619f1a23764fdfe

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs.js
                    Filesize

                    10KB

                    MD5

                    534f9a819c11d837b32519ee2e0d9bd7

                    SHA1

                    6d1ed4ec442411d848084849bb0eacd86463dbc1

                    SHA256

                    6dafff357277c7478debe91517d3ba51bd52ecb5fef1e321d4649d32fd21d031

                    SHA512

                    5805a34ba59d07342a3525795b1930b3550fe3478ebc90bcd63c6eca6958b5c6e2bb9163878500a696ee8df110fab766476cb671e28f47aac4f608fe1c275ad5

                    Download Submit