Resubmissions
17-12-2024 03:12
241217-dqkmqsymes 10Analysis
-
max time kernel
104s -
max time network
103s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241211-en -
resource tags
-
submitted
17-12-2024 03:12
General
-
Target
241217-dmcsqazkem_pw_infected.zip
-
Size
76.4MB
-
MD5
3abb22dbe9f1a53ac0a71c60ff1abda6
-
SHA1
02081295414659034b3237113d6f4440870d0c42
-
SHA256
88a6a898b60f8ddb57ceba90fc392632e1b397a2be5c28b3da70d4809936cab7
-
SHA512
4b313ffdf3bf7ca581bd3d8a2b310e69d41004fda040149e4cf6163cb13e4d12913efe34e25452dc7ed8fb858a99033775847312433834cc318f80ba572e1d41
-
SSDEEP
1572864:77M2uLjxwWIerVRNoHMSazUyK/+JUiXmB18d/83:7Fw9IAR2sXDHJBX12
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 14 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\241217-dmcsqazkem_pw_infected.zip"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b18379bd-02c0-41e8-bc1b-e0f02ac4a34e} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f7512db-4dcd-4ab4-8d45-2ae3889f7d52} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3256 -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 3140 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef0cf171-d64b-40ca-aed2-7de91ef6b3b7} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3400 -childID 2 -isForBrowser -prefsHandle 3392 -prefMapHandle 3388 -prefsLen 24783 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {893dad6d-da17-4a0d-895a-d500435e7f5e} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1260 -childID 3 -isForBrowser -prefsHandle 3924 -prefMapHandle 2568 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05fac3cb-70ee-4baa-9a87-b3070481b01e} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5036 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5076 -prefMapHandle 5072 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {185d066f-8c08-44b1-8597-8b7ce89facd8} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 4 -isForBrowser -prefsHandle 5840 -prefMapHandle 5828 -prefsLen 27158 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4552dcdb-1d93-4844-91a3-4d14a0f5b1ed} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 5 -isForBrowser -prefsHandle 5852 -prefMapHandle 5848 -prefsLen 27158 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8506d71-b799-4e6b-a6a5-e002abfe939f} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 6 -isForBrowser -prefsHandle 6232 -prefMapHandle 6228 -prefsLen 27158 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61061641-5587-451b-8e6f-7949a2541f35} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6424 -childID 7 -isForBrowser -prefsHandle 6184 -prefMapHandle 6188 -prefsLen 27158 -prefMapSize 244658 -jsInitHandle 1152 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ef1481a-6ac9-4333-9548-519d9f5f985a} 2104 "\\.\pipe\gecko-crash-server-pipe.2104" tab3⤵
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD5ea4b6dde5e28f07e155f981529a27d0c
SHA1e1ea2dbb66af976adc8de30282b835448631a623
SHA2560e2bec03d711a7e9ae70209faebbbf09eb96de1ea562a4ca39dcb2201e73ff29
SHA51233753fdf631f5aaf4abf25193ac4110371967342899d354d403e6407108c1080c11a57d9d101898c1d9ca2458cb3cabb532c02019909ad6853dcac342358fba6
-
Filesize
19KB
MD5288aed032fb9ba8502c88029cb9f2bb2
SHA1f5c02ac3d50cd37604bc4efdee462587a0232ed6
SHA25698fe1fd7a7d36e1aa07404bc0d68e5a362f4a808bf52256bae66f19de0e28496
SHA51232adb68f2424bab34d1e7893b413afaa2613a1176f505d35833a30ef64f055108395d582b28514db7c2f15f7143e9ad7c1ba094ddd5547ebb03b118716f52314
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
8KB
MD5fb4666b4fe3827e43ce47c8fa617b825
SHA1c691c54ec67d7a6b5942926a166f9b5fc84a026c
SHA2569e921af6980bd1e018ed2e3c412f720f48dcc75b78a716bd7e9ca24c06b1e726
SHA51254da4a90659c4ad52c762446f28cc1fff33caa72d52f615b088bfb597a9e322a7d53179d4aefe0c37586006011a30b61a19f5dbddcae63b00b8a708bcfe3c814
-
Filesize
11KB
MD5cfe59ef8a0dc25c2d764fdbe7969e458
SHA162980ac83b88f51f7c4874fae0a20dac02dce4b7
SHA25691ddc925d7e93ed682f8fce69563dc46e8e4262f0fb7dc131ef3ac86240f3ebd
SHA512708c3635ec3fb6672443dcc90a9ba147051c83fc8727697da1204fb34f23981c1df53ed202b98f7b8d2201ab729dbcd9d8d1d9626a62ff42483c49a17173d472
-
Filesize
22KB
MD5332da64b6f83ae512af0c17c24be0b56
SHA1525d3ae2ede178718ed8f109485e25c951981740
SHA2561ed3528a754750d3c536fe4ccf4df4e944b0e1fdef9293e551c512ec47887c15
SHA512f27d54904e9919fa5fa5f3bfe998451e31c82f2b6e9dfffc52c743035db691a18a9316db04ec41be83ae733dd84a59d381a7c199e439e0065126a678045fe03a
-
Filesize
22KB
MD541c436558af1c18df619c999e3ccabc8
SHA186786c462e8c142054ca17573884a6141b5f9d41
SHA2568223e9bad8559401edab68658ca906d9cc8cefa9e2cd1eb96d62f5bf93781450
SHA512efdbe2fd6a8302ff53449b018862cf577f4f0b6346c5e6236b6607f5f2bf7914283d7d71a0203f1c795a1195c06bed318a48bedfa85c739f41aa02cd5ba4a39a
-
Filesize
21KB
MD523c30224268baa0a849d110dfde88873
SHA132674741953be5bdb362a259e8171451218af662
SHA256f8c8c9068c9b3df83ead0bc1cb79c93a4b55e4da7fdefe9c7f487f16375085d4
SHA5129481b8d21dcac98ead258cc05d0ad7f2a1bccf07c4e450068fc4ddc1a3c7b77bc19a7a4bcf1f0262ac74abf07adc68c993f17082f26a7e53db821ad1cedea695
-
Filesize
982B
MD533a5e09e99ec86ce1c5750ad2f2d6dca
SHA1ddc0eb3ac3d615671fb4400574ae1a6ffe538505
SHA256fd08bf526bac744aedf59661fc9e3a3ef3ca4973faffa4e4fe20c008a84ee90c
SHA5128d9d38daeacafcd34573ae72d16f4df81c2df169b324a99408bcd78f2597547bee330344f84225c5fffed619ea1ce4d45f013bd53e75fcf6f9cbbc2e1563f09b
-
Filesize
659B
MD504831a3a884ddc3180cc8a8092cb71a3
SHA11fafc905e38c3bf5f3eeb1425d29992e718e0659
SHA256e806ae021eef29d3c3b19bf78a9eb67ac8b428b1ebb23f741e8552ac6bde4154
SHA512879126025bdfdb57c21c6a406e2d60d5f28da793e9d65f87f9255595c5e3c3c6b2cb75dfbbceb89879d558169c9dde0f05160a396d4b7d51686c2395dba2ddb8
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
11KB
MD5c856f8ba04cb3e108c25c09c0dc63346
SHA12ac22b87471103d69bf4f50576f7b90f0d5ae93b
SHA2567e24087fba2e820de170052cd4cddd5c35348009a3334dfaff4f2995b59e32f3
SHA51200da7895dcca0bd50c997f8b7385d2487552163b1ab39d40a7dc87bf159a45a6d8651943f1f20ad2ccf56e9b9dd923c86f9759b8c415b389c559c12e8cdf4f48
-
Filesize
10KB
MD54f279163a868ab52324c67fe80a7c291
SHA12259a96714a2583ac91520df5b5bf33785f44558
SHA2567f330b52e16a4a604b84de470ce5e71d237be8db0658551f444864ab6c112378
SHA512ff7a265bc83584276772b8bf85e86c76ded8024b09bb58bc3706b3527b5be087e355858eef7e5c1f4a5393d992c2ff6558e0d9405350162d6f9100316b49b61d
-
Filesize
1KB
MD54bad7175e17001a6c96803360e2c85bd
SHA162bbf4cfed52006344f43f90a01b67189777a009
SHA2567776668ebce75bbd758d2465c656fc98d1f2f73c314f9f997c2f3f56f7467cae
SHA512a34eaac6b0344b215eca576e06fb752f558bcc1f3932d706593af86643d8619c75117bda9d0a36e5c5fe43bf4557d62cca14a8ca38cdcf93335c4ad0c1a5c77d
-
Filesize
3KB
MD57c4ae585335cd66340e83177b132fc9d
SHA1b57d8c176a61be755b653bdb95fa7825eec9a62f
SHA256216c87854f7edf1247785b941d49caf49c09e7df63762a78af945977011dc0de
SHA51200aa2d596f80837751cd0b12b0202950a161ee7a5e68276529669f8650d0e34eb719ad2f26b64d93f71494cd504626a1ee735cbaa2453e1f0f32fc86c0f1762c