Overview

overview

3

Static

static

3

ADM_audioParser6.dll

windows10-2004-x64

1

Resubmissions

21-12-2024 14:40

241221-r1w1ea1nbw 3

Analysis

  • max time kernel
    37s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-12-2024 14:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ADM_audioParser6.dll

  • Size

    67KB

  • MD5

    1d2738bd627e2db69b2943d7a7be5dca

  • SHA1

    a81c523af8c113c99f9b6e9db946ce04df5f8d3d

  • SHA256

    1fb19ed61f6d0c46c5c66b859c90c5188896c75bba5c47bb6027e0d2facb435a

  • SHA512

    d3feeb13fbc81b6024d03835aae31772843e9d4cbb04a9ee70e7aee33a32babc80189432e515b8344efbd3b3bb8604e197f70274739b30afead91c4ed049e67d

  • SSDEEP

    768:Yj/czaIFc5TwvimvrIlmo4Pn5NAlIju0Ytz:MkzaF5kviWrIEo4Pn5NJOz

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ADM_audioParser6.dll,#1
    1⤵
      PID:4248
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:608
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1584
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1948 -prefMapHandle 1940 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {270e2735-68fd-4828-969e-19f09ba470d3} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" gpu
          3⤵
            PID:4048
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96cd6661-647e-4f92-8c18-3ec0e714a309} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" socket
            3⤵
            • Checks processor information in registry
            PID:3764
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3276 -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95500f68-fe4d-4393-a4d0-dc500f5e445e} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" tab
            3⤵
              PID:3616
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3804 -childID 2 -isForBrowser -prefsHandle 3712 -prefMapHandle 2872 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f4b444c-a698-435d-a3a0-b241cebab39c} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" tab
              3⤵
                PID:4652
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4752 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4724 -prefMapHandle 4760 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {159d725c-a613-4555-b365-31bd6c8a92e7} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" utility
                3⤵
                • Checks processor information in registry
                PID:868
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5232 -childID 3 -isForBrowser -prefsHandle 2804 -prefMapHandle 5200 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c3aef2a-991b-45ae-a664-1dab408c2a4c} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" tab
                3⤵
                  PID:2292
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5360 -childID 4 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a892ab5f-611a-4aea-b380-e2cf78515911} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" tab
                  3⤵
                    PID:3040
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 5 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1168 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ba6db80-aed8-4fc9-be61-28b25383743a} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" tab
                    3⤵
                      PID:3180
                • C:\Windows\system32\cmd.exe
                  "C:\Windows\system32\cmd.exe"
                  1⤵
                    PID:4276

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\activity-stream.discovery_stream.json
                    Filesize

                    18KB

                    MD5

                    c8d33991383c5a9430d802a17c8926b4

                    SHA1

                    ce82ad138ebaf3150bb8f9d1162d142c4b545f1d

                    SHA256

                    c98ef5093d61404310e60831de18f0b0400fcc6df4389b42ee13b7ed053eec00

                    SHA512

                    07f7b6405738f78c5f674e0c23d1cfa43c2e81ee6aa26d751f1a28e89e7144dde422a5c3918931d578ee6ae9f5b4fc4fa6775519432cc23c213645584bd7b947

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    408dcaaf71a59ad1af2361574b00647d

                    SHA1

                    9a1cba69faf07704c3f238f960c1468fe85340c4

                    SHA256

                    ff8a2cfa5e998a41fb12d583a0eebb5fa0e52acd1ba7a8776a59184b27dc73d5

                    SHA512

                    988f689a5c231be5a32122663819b812e2c25945a62cae6ce2c90ebfcaf0e4f497bbcde52e0c781bc7b4ac8d83fd35ffdb7fb2bb88b50c0b550d662544758c08

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\14b32a7e-903d-46a0-81a8-5a0d36b39fa2
                    Filesize

                    671B

                    MD5

                    3ea90006b438c52dfbf71d15a359190d

                    SHA1

                    0a51c3ae0699d76199473e1600e938ad64e918c2

                    SHA256

                    0fd27aa5f203a2d126395bc3bc9e35f21d3b38873bdd039394ba8751526820af

                    SHA512

                    fae72077b83d1dfe43c6e32f59498db88a90e9be2c7d0ff0c6bedd3b09033ccaa9860b70e9a7ae1b762238c044b1b2a563766a4bd0d113cb7f789a971d3cdc80

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\76f7d176-0562-4ba2-be37-fc96c7202217
                    Filesize

                    982B

                    MD5

                    c2547305a3501eb150599e7dedb3016e

                    SHA1

                    638cceeedd9baeebaa575e349ddb348047207d92

                    SHA256

                    84fe000e6d34ac7d413ba671e5a61589cb2266f3671d1da74d30dd1aabc57bc4

                    SHA512

                    11866ac7495309d72806a3a8b4268ad853077b6695898521a3a6ebf5a837ff021ddc9dc5fec6ca439a1296e421c13fa7ba106ee111002f883583cffb52257820

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\81aed875-4e7c-4ed9-8faa-881dcce31846
                    Filesize

                    24KB

                    MD5

                    17f48dcdc27b3addfb0e74cdc8f83754

                    SHA1

                    b15f60f74f1e6ea2009249bdbb90f8283594154f

                    SHA256

                    3b965e0ccce040bb0cde0d9e40c0c59fd8c837adc1cdd03138fe074b0c3122a6

                    SHA512

                    d30580d5b3f9a88430805cf230947aeee2bf448d37d2e396c30770fa06c003644f2baa27689a6ff86860669ef0d32ceb6d14852e54f1e33071cf709ca1485773

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js
                    Filesize

                    11KB

                    MD5

                    40d3edc5919cec1775ab64135347b0b7

                    SHA1

                    1b07d7d7bf3f529f5087ff1936e5d0b8f2f375bb

                    SHA256

                    b519b8626145bfe646cdca7a427da22f5d20d35819335e9e595ce02878825f13

                    SHA512

                    2967a37dcc107596ee9bf40855a0ff5be1be324cfed6dd3961a6d3321b4d178d01a119138073e30da333b33554dce8d7a18e18100334bc5c6d041341ca63b768

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js
                    Filesize

                    10KB

                    MD5

                    f66ec2df57db508bf69da045d4ecbcbf

                    SHA1

                    9b40ca088a5062ccece08fa171c765491e034543

                    SHA256

                    9912e1a7a7cbc62fcea4b9a89f239019eb797a57c128e2f819fa0529f2aa8c01

                    SHA512

                    ce0812e440b369ca6bd44f882ffdeead2a71df710e49e507175bce43da414a2c73048a692f32661f45bc22617244f58655d14f3aa6d29cac915ccf454c0d50e4

                    Download Submit