Overview

overview

10

Static

static

10

fnrp.exe

windows7-x64

1

fnrp.exe

windows10-2004-x64

6

Resubmissions

29-01-2025 02:57

250129-df4mvsynfz 10

29-01-2025 02:54

250129-deebksyna1 10

Analysis

  • max time kernel
    76s
  • max time network
    84s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2025 02:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fnrp.exe

  • Size

    9.9MB

  • MD5

    abd1a3c383961afc5f82b2a29a3e4413

  • SHA1

    2e980d691733c69d45078eac008073f556dea998

  • SHA256

    46ab139527d540523322f5bf71f3cf65043db157714cd976f2b67ee5a5090830

  • SHA512

    d6bb4a046354d89c57d8a9a1fa0abae1a8b3194f6015064f2faf227f3c75b9f7fcf44dc3b586b5a71adcb0fa6b46ad12a428e7a6b7d08e7f0c9379316b0d56d3

  • SSDEEP

    98304:9ZiVXduEGuFIbZbBZ9aRgUIELWyEXLGg7BDYl+d9q:9ZEuEGxBxaRgUf6fvu+fq

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\fnrp.exe
    "C:\Users\Admin\AppData\Local\Temp\fnrp.exe"
    1⤵
      PID:3004
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2948
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2884
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.0.729084282\637213700" -parentBuildID 20221007134813 -prefsHandle 1248 -prefMapHandle 1240 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22a08b38-c192-44c6-bf5c-a803e442e558} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 1324 122d4158 gpu
          3⤵
            PID:2736
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.1.1284806174\785799189" -parentBuildID 20221007134813 -prefsHandle 1516 -prefMapHandle 1512 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e178bd81-62ca-440c-ae12-f75cad0e8796} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 1528 e71858 socket
            3⤵
            • Checks processor information in registry
            PID:1388
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.2.1528550879\1984119457" -childID 1 -isForBrowser -prefsHandle 2064 -prefMapHandle 1960 -prefsLen 21031 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c2673df-51dd-45df-b5ed-c30865e6c31f} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 1056 1a278f58 tab
            3⤵
              PID:2552
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.3.8477102\1840274032" -childID 2 -isForBrowser -prefsHandle 1696 -prefMapHandle 1692 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a84db9e5-c434-4911-8510-c7d42e1a62dd} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 636 1be87458 tab
              3⤵
                PID:1920
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.4.910356233\1584871762" -childID 3 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd1fcda5-d7a8-4bd4-b154-203071260422} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 2968 e61858 tab
                3⤵
                  PID:1588
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.5.1863853731\803799906" -childID 4 -isForBrowser -prefsHandle 3852 -prefMapHandle 3744 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {678f347f-f8de-4a0a-9adf-648608ed4a99} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 3828 1e0b5658 tab
                  3⤵
                    PID:1600
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.6.136430261\1346558388" -childID 5 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4e536d0-97fa-4550-9289-12807b4356ae} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 3940 1edce758 tab
                    3⤵
                      PID:1612
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.7.1198681912\1930589387" -childID 6 -isForBrowser -prefsHandle 4000 -prefMapHandle 3996 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c137a4ac-4612-453f-af12-3a6ca0e75b96} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 4012 1edcf058 tab
                      3⤵
                        PID:2488
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2884.8.1367193717\660847226" -childID 7 -isForBrowser -prefsHandle 4520 -prefMapHandle 4524 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5a6f544-491e-4416-b950-f71bb87ae733} 2884 "\\.\pipe\gecko-crash-server-pipe.2884" 4500 213a7858 tab
                        3⤵
                          PID:2596

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      23KB

                      MD5

                      4551c66d06c9f6b3b1e1d95e72a4a691

                      SHA1

                      80cec64aea132192edc38d424da0c82c6b7e79a1

                      SHA256

                      a014d1584288b6ea45605f8af5397bc4a42d59c7a2ae55b21bae21862a5fc518

                      SHA512

                      ebb6353f6c45aabd6f1d00fdd5aa2645b9cdd5924f78916a1e821ec02c0b34a7cd79d5866ae8486911998bc4801884e6e4bc9e121980effb4d226c6646802785

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhzluvd5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                      Filesize

                      15KB

                      MD5

                      96c542dec016d9ec1ecc4dddfcbaac66

                      SHA1

                      6199f7648bb744efa58acf7b96fee85d938389e4

                      SHA256

                      7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                      SHA512

                      cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      9KB

                      MD5

                      18ac71f73ab6118abe84ded6ae32789b

                      SHA1

                      d4bd57beb6b61030ca31336ec5723676c1e49f39

                      SHA256

                      c930831fa914e7e3ba9619fa3f16c53373448ce356bdc13500d82dc164aa04cb

                      SHA512

                      8718fa962aa278ceb0c4f28be99e95faa5db3dc2ada4613dfe1af0ab487070c3ffaba2e1c91b77f7a39c8857a8ccbe6dcf1366680880f23a831f13ecbeb13030

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\datareporting\glean\pending_pings\0009dd7b-3217-4db0-8af7-ed5b9872b043
                      Filesize

                      733B

                      MD5

                      88bfa116c0691a884e1f6d80ab7ba92a

                      SHA1

                      bd98b5c8ef2081607c591ff76a27acbbb830b64b

                      SHA256

                      f3e2e90cde448aa8d8b1aab8d48bbcfb7c3e0c5df242c1d584c2828555ed9fb5

                      SHA512

                      7b768dc0e7dcd0f744f429883c4c9a5c5705e44ed8795170cd9255d0cf530170070ed1ac779bb3c481f34430e44fffa6881aeb0d21b737190f313acf4a430436

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      f57e25cf4012f1d451b42b89fb8dca01

                      SHA1

                      4b5feeecbe38581a95d95982ca2cf1658a02dfe6

                      SHA256

                      36375da2f3494494961843a5a61a62688db1ffb3569df3eb8a58448ce18573cd

                      SHA512

                      007d8c384199c712acd598d0ee68f4c41d93b7b2468832b8722a90fc1fedb5ef23a7de0d8514ba87d9f0303fe2a633b1bb642b9ee3cb18ba7614d3db873b7921

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      bbbe423a9a4ed1e9efe11743a11a6d37

                      SHA1

                      4c61f58ca32f64daa92d8b2a07648904c567c0f9

                      SHA256

                      20f7285a45c4e7393d7534b46b7f47eeb96b38e29d327faf119c872cd4943a24

                      SHA512

                      14d383f33ff82c885f9895a08e2b2a1b0b9175cfc5e01b94d2045fe055660db3327bf9aad99823c8456638a5413b925de8dacae67b6e9993972aec626c1ea1fb

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      6ba1e32a600fed477fab864bc6defdc0

                      SHA1

                      2a4aac03927f2fd8aa15220e5b7f4aaa5ccf091f

                      SHA256

                      a2d4a2a107953b5853651be59aee91476db85fd8e5f0558db2fc9a07ad9e7560

                      SHA512

                      df91cf41d58dfa65bf9cf19f45e72e6ffbf8db281852cedc9f25cccb923c5293f63d13153bfb3a716797b2a4b92f19e3f80f08240b733b10d46680c72f165a6f

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      3KB

                      MD5

                      cd3500d9fd369ac1804a7de97e67a89b

                      SHA1

                      7844496b5b185f76af9adb52922e14b9823e747c

                      SHA256

                      b9b4492f426866f7e532a7bfc55ab56f8ced063bf6d2aaf9d0d7f1129eb94e81

                      SHA512

                      7c39780933db7f03015680d5c1be714aa6bffea9ec2cfa488e8aecc11483ff4678e9ad1847eec40a59c6d9485d8be008b78e0bf23ad3e17ce223968ef2f801cc

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\sessionstore.jsonlz4
                      Filesize

                      4KB

                      MD5

                      c9e22574a9cfd4a4b5e3784406fcc5e4

                      SHA1

                      84881ca953aedbb7aabb26aa8904021699969cc9

                      SHA256

                      c0f6b2e0ccf6dba4c758f2e51e413720ad1a74380348b49a88119764a71ab343

                      SHA512

                      1862b0699a439ae3c205bcafb575034feebfa3a14bb1fec1756eae0a05e6c8b9594a9cb495180997a479430aad0bc8b4e71eb26a1aaf50dc4c63b77807c900fd

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                      Filesize

                      184KB

                      MD5

                      cac8067d625cb2c0d85461aa21a512a9

                      SHA1

                      8ee7b1b84402da5be3ada0467516b0f2553e9f76

                      SHA256

                      2629c91107d86b49d4e191945c9d6d760f8431ab88db34e773cf6af01428ce07

                      SHA512

                      8d70e9cd90d2580b9e92e2131f966d04d3da7a9f1b4a5cc9d4354103f5242ffff7106a999dd1ddff9dbfda3f064d09c717cd172889f4eb58ba620673abdfa112

                      Download Submit