Analysis
-
max time kernel
139s -
max time network
139s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
12-01-2025 01:10
General
-
Target
submit.gif
-
Size
3KB
-
MD5
06c253a84b24c28dd6916a2724941f4a
-
SHA1
d8772a9e05bd70809a50d75a91adbe2fb6f30ba0
-
SHA256
5e6df1d077436eaa798edebcaf185853235aa57124bc449151f725ded365073e
-
SHA512
dbc914209a7f787dfc570611f2f1097322109aae451d9c7288324e842f2584f9db0d075c9cbd677124693c0346d7f32a021124f969347f131ec20d636dc9cd45
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 29 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\submit.gif1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {541c264a-7aad-460f-b5ff-d751d1ad6433} 1820 "\\.\pipe\gecko-crash-server-pipe.1820" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {930b4d3a-b4e4-423d-81d9-d587e06a9ad2} 1820 "\\.\pipe\gecko-crash-server-pipe.1820" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3412 -childID 1 -isForBrowser -prefsHandle 3404 -prefMapHandle 3400 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4b1cc6f-6881-43db-84af-460a4285b940} 1820 "\\.\pipe\gecko-crash-server-pipe.1820" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3164 -childID 2 -isForBrowser -prefsHandle 3936 -prefMapHandle 3932 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4eab1bf2-4553-42d9-8573-9694124b61a2} 1820 "\\.\pipe\gecko-crash-server-pipe.1820" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4424 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4420 -prefMapHandle 4416 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9a828c9-c98c-4d1a-80a2-9fafeb69199d} 1820 "\\.\pipe\gecko-crash-server-pipe.1820" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 3 -isForBrowser -prefsHandle 5388 -prefMapHandle 4376 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64f3b3ed-69cc-48ea-990d-cc53436ca22a} 1820 "\\.\pipe\gecko-crash-server-pipe.1820" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 4 -isForBrowser -prefsHandle 5628 -prefMapHandle 5624 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bbad096-a03b-427c-af2b-09dc04e8a8d4} 1820 "\\.\pipe\gecko-crash-server-pipe.1820" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 5 -isForBrowser -prefsHandle 5760 -prefMapHandle 5768 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f4d7c1b-46f3-40f6-ba46-a422308f2fca} 1820 "\\.\pipe\gecko-crash-server-pipe.1820" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6248 -childID 6 -isForBrowser -prefsHandle 6240 -prefMapHandle 6236 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5933fad-9b1a-4e63-957b-859c94b2454d} 1820 "\\.\pipe\gecko-crash-server-pipe.1820" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6468 -childID 7 -isForBrowser -prefsHandle 6388 -prefMapHandle 6392 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8c7babc-a27d-4a1d-ba84-c302947f488d} 1820 "\\.\pipe\gecko-crash-server-pipe.1820" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6596 -parentBuildID 20240401114208 -prefsHandle 6568 -prefMapHandle 6560 -prefsLen 32342 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c751cfde-4e3d-4ff8-85e6-2a74e3d2052f} 1820 "\\.\pipe\gecko-crash-server-pipe.1820" rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6584 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6368 -prefMapHandle 6556 -prefsLen 32342 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c34d5fd-8c86-4fd8-8e11-4d2a21458e3e} 1820 "\\.\pipe\gecko-crash-server-pipe.1820" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7412 -childID 8 -isForBrowser -prefsHandle 6432 -prefMapHandle 2300 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f9d23f4-dac5-479a-adef-6cb9f8053d33} 1820 "\\.\pipe\gecko-crash-server-pipe.1820" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7776 -childID 9 -isForBrowser -prefsHandle 7248 -prefMapHandle 7572 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1336 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b89b4f13-bba1-42f6-b1a4-6de74c89d06c} 1820 "\\.\pipe\gecko-crash-server-pipe.1820" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD500ab976c77feb838fb10654bcd094146
SHA1234f4f3412906aae610478bfaf6dca7797b24612
SHA256ed973552b114851d33228f8b5e031ec8e993a1dfe3165cb0aad18e405a124547
SHA51282f7a114fabaeaf092670832aecda98c78eef82732ced37d4077174cac32d9753ab5530b7ecb4f9f0a96b268daabb6098cac8f1e2a1373216fc9d5aebd2df39b
-
Filesize
15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
Filesize
10KB
MD5d6d3499e5dfe058db4af5745e6885661
SHA1ef47b148302484d5ab98320962d62565f88fcc18
SHA2567ec1b67f891fb646b49853d91170fafc67ff2918befd877dcc8515212be560f6
SHA512ad1646c13f98e6915e51bfba9207b81f6d1d174a1437f9c1e1c935b7676451ff73a694323ff61fa72ec87b7824ce9380423533599e30d889b689e2e13887045f
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
Filesize
8KB
MD50c39b36cc5978546e09616e9a79a5c24
SHA1bc197d3193aaa58d7e3e94763f76ff2eb9c04c23
SHA256a0b07c781a8826c0e4bf4effe7e437dbac5029576e886aafc963fb9419727669
SHA512d2b44317c41087e19752ad5938110d0fd1e871e9fe1870d655d7a0ce2959a5401b2468cefa2e80b0e31a54137300e82b51859c43dad516d8db5ae2a9466e2778
-
Filesize
25KB
MD5a4ac7f524a1addbe94fc4baf065b8e5f
SHA11d0cabe24428f5cc2e7ba20a6c813035306dccc8
SHA256939b7194c4675eadffab7ecf8b3d2666ce16d1461799bb0eae19dd4f23abf224
SHA512ca6586c3d657797c26fdce2871b704a4d512092c62789a4799a78ff6e18cb9e757c6c9b7dbfa8cf1af982daf74e78b89e7e832217c77ae3c6566f09353a6ebb4
-
Filesize
22KB
MD572eafb402792e7a8d08b597b031d0b68
SHA1e475e75ec4057869c8d56c1e6a348a04343e30ff
SHA256073ae42c9432461855939e5ec331080fa08f56fcd49362aa1c4176624034e4a4
SHA512802668593194155d322cb15041c600ed44d5f1e50f41392b61adfd45256fa89d392777e02d6e4ee20521000bfdf32705cecf25f1781fd6053e8b94bb2b275ae8
-
Filesize
23KB
MD5aace352cbe816cd8a7062825d7636256
SHA1f7a112c8778138815c6b59870d4c0ee9156d1c19
SHA2560240e459dcb1b22034420ce44e74704fb777e8b6b1a64a365377f305ec0b17fa
SHA51222b28491064e79cfefb9ad3513c13170717d144768c9fc8472727669a66618710b4326262a8e269609c083809dd2bfda2f10e3fc0392952bf9eef4b16efadefb
-
Filesize
982B
MD55a078016e3190d944a53fd8d564febd0
SHA10c41fd86fb79f922c32cd7ecd700e83ccd81fe33
SHA2569cf1597679024aea464040d404a6ff14a6c9b0ad0797c87e5dce587b6ccf12e1
SHA5121e8f08bffcff41d47bf2a47f12411ce4b541651bbf90c2b2b5e89bfafbd0ac12251e5a68ae17965d3e64c2ec6c1a5c9091b12b7ebcfbe6054f8f8467817bc2f2
-
Filesize
659B
MD5c583109c6af2cf4a27f73b5de1e592bb
SHA1c34d6acefec5ccc22ad19184b6619d1bbb8a62d5
SHA256d7453ea170d1462ff31cee684a878aa8bbafb7954f8bf2587c0b67cc89e32a50
SHA512a7526ff62d1c37055cbe99ecbde1172abd95dd7ec88d534ae85340bcc69eb906f58a796615a01761d44e085b94f0a6ab66841097f1a0a335cfb78ce9209c11e1
-
Filesize
1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
Filesize
116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
Filesize
372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
Filesize
17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
9KB
MD52985b91ca5477cade3af7355ae473648
SHA12a354779ed9802edf14af98ca384622fe50ed039
SHA256b6ee0fec1f485b2b8c843cf0d19485c6e327f53d60a13d3a15eec8bcd7cc2b6b
SHA512bd41ef58cab2fc66b20d336dfd84ab9a54a0e0a2340ba1d6acc484b1e747ccf0716c5f0f4a3f651dab41902a9736ed2cccf1d6ab4d7274c07d36c7f3d7a9539f
-
Filesize
10KB
MD593a11e529ceafb5e2afb95cc591382a2
SHA1a2ceb87044336f6fa340f8e8c0115c43c6b5fc33
SHA256ad3391a0ed42cf18472a8a15133d8e1cf8bd69dcb6160095b37d3d900e632492
SHA512d5bd445dbb46e287830079728f5566f8302936b60e8f9180a33691a82ff9fcb6f32b7e374269287139484229284c13d1faa2aff968fca6601b13335085e11eaa
-
Filesize
1KB
MD53777a04862494e1591ceb2984500b811
SHA192bfd4e8adcf673701df2347c7d3e53aab694c2b
SHA256f69d68ee4dd7c6c1319e58da74563c405a25e89b2a716107b512ab925228721a
SHA5123bbc99a53a17624f86dedd658fc66e69b7cdacd469a3efea61d6d3a086c76f8062e757deba986a31605982298784e1bcf346092deeda3e26bc86c3d09f27189b
-
Filesize
6KB
MD5f091691c25c315b87f50efd7598f1fcd
SHA1d9f6ae70f67f180c2404e8e4bab107fe165f07f0
SHA256aaf1ca64e5e424c441dfd4258821b2b2e4f8638f077433ed3286ff8a410290cc
SHA51280c6c0b24d3467e644f9667841b4d6bc693d206961da38e498861354b9d25115757894a031ea2e478dfb6450df7e996116cf2eec9a6d4f992b5a76963392ceea
-
Filesize
3KB
MD5e2b427923fe8a5bab35825f8cb487637
SHA1cd7f7cd539daa0bc59c538cc1bb58bd66a8258c2
SHA2561b40984f44ada71a67d30326eff1f6246e4e489c73337cc2bf8df2196ec88768
SHA51216eee6f0ca61a4b31963b95da99eb2eedd9668d8c73f6826a2879ef529f4a327e0ec0d87d7a1f97365a8ade26e42a1f69e9cc43d431bef84abf682f29f4911c7
-
Filesize
6KB
MD523a92c6a614bf99bfec2e521e0f8f9d7
SHA16491ce9770d59561ff5f6f898fc552507a22ba74
SHA256c21e0edd5664e5ce2a4525f19593919abaabd2f775df1121717e13c5dea084d3
SHA5127aa55a134c1342a9a42c3532baef7e53eb5fb6340e7add94ddb6f26b034a552df375a56347783148177e4b581ed5600aa06ef0dceec3adff08352f078148aece
-
Filesize
192B
MD52a252393b98be6348c4ba18003cc3471
SHA140f75302fcbe4a8ac2e33a8d9daf801abc2a9598
SHA25604cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee
SHA51207af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198
-
Filesize
48KB
MD5cdea904c9e1c6858e45e49c754c3f1cc
SHA133fdf3b62a3136a714e75ccbbd5cbc081f347969
SHA256b29357636922ff44ccfd0589504743cd52ea2017bcc6d01e1ad0019677f3c516
SHA5128e9b47a11b9236b6c25eb4de9b369b853f5a9e89604374e00f6311888113d2e1f141b08dd70b8d8d368b484c4370107847793d633899a4479335babf9679f103
-
Filesize
384KB
MD561ef62ff6209b17916e898157aadfe42
SHA1e459f87acc8b24e47837021b555fbbef63205536
SHA2564f363fd779af39bae46aab453b596d0c20bf71f280f371791e6c6ad6b727ba2e
SHA5121dcc542ebd7efd2531dbac003564fa7c69a372fa33869f66d74038bc7d8826b0866d833d54ef848373a0da5c010ede4888040b172750f3396d57155094778a05