Overview

overview

3

Static

static

3

README.Music.html

windows10-ltsc 2021-x64

1

README.html

windows10-ltsc 2021-x64

1

SDL2.dll

windows10-ltsc 2021-x64

1

SDL2_mixer.dll

windows10-ltsc 2021-x64

1

SDL2_net.dll

windows10-ltsc 2021-x64

1

chocolate-...up.exe

windows10-ltsc 2021-x64

1

chocolate-doom.exe

windows10-ltsc 2021-x64

1

libFLAC.dll

windows10-ltsc 2021-x64

1

libfluidsynth-3.dll

windows10-ltsc 2021-x64

1

libgcc_s_seh-1.dll

windows10-ltsc 2021-x64

1

libglib-2.0-0.dll

windows10-ltsc 2021-x64

1

libgmodule-2.0-0.dll

windows10-ltsc 2021-x64

1

libgomp-1.dll

windows10-ltsc 2021-x64

1

libiconv-2.dll

windows10-ltsc 2021-x64

1

libintl-8.dll

windows10-ltsc 2021-x64

1

libmp3lame-0.dll

windows10-ltsc 2021-x64

1

libmpg123-0.dll

windows10-ltsc 2021-x64

1

libogg-0.dll

windows10-ltsc 2021-x64

1

libopus-0.dll

windows10-ltsc 2021-x64

1

libopusfile-0.dll

windows10-ltsc 2021-x64

1

libpcre2-8-0.dll

windows10-ltsc 2021-x64

1

libpng16-16.dll

windows10-ltsc 2021-x64

1

libportaudio.dll

windows10-ltsc 2021-x64

1

libreadline8.dll

windows10-ltsc 2021-x64

1

libsamplerate-0.dll

windows10-ltsc 2021-x64

1

libsndfile-1.dll

windows10-ltsc 2021-x64

1

libstdc++-6.dll

windows10-ltsc 2021-x64

1

libtermcap-0.dll

windows10-ltsc 2021-x64

1

libvorbis-0.dll

windows10-ltsc 2021-x64

1

libvorbisenc-2.dll

windows10-ltsc 2021-x64

1

libwinpthread-1.dll

windows10-ltsc 2021-x64

1

zlib1.dll

windows10-ltsc 2021-x64

1

Resubmissions

02/02/2025, 00:19

250202-al7pxswrby 3

20/01/2025, 09:05

250120-k2ap8ssjfm 7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250128-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    02/02/2025, 00:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    README.Music.html

  • Size

    11KB

  • MD5

    05c42ce3a20cc6ac9d36baa97951c3d8

  • SHA1

    9ebb20e93d04afca98a2777977a6dbf11e61409c

  • SHA256

    515e56649d79e8928ed15c1e19d19e4a89dff9dc3a3227bc715c360f33d0ba20

  • SHA512

    6bb468c6f881574bd916ee2a0d90214365af78b0df59538d908ea85ac33596ea99a8ed7f96272224a90418144836e1c331f496492ddfb403303203c660efcf47

  • SSDEEP

    192:BHLb2xphsDJEV9Uj+Bqoga3nzpziWDdtlw9QjOoyJ577eePdeP3lepR:BHWD9Uj+BHg0nFz/dXw9QSPA2

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\README.Music.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4860
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\README.Music.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5192
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 27175 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b281394a-a630-4138-9a1f-60fc3c971830} 5192 "\\.\pipe\gecko-crash-server-pipe.5192" gpu
        3⤵
          PID:1096
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2364 -prefsLen 28095 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e442147-3e6d-462c-81a4-a2e67b91f0b6} 5192 "\\.\pipe\gecko-crash-server-pipe.5192" socket
          3⤵
            PID:1188
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1440 -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 2904 -prefsLen 28236 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24fea56d-ce4a-4440-838b-07db458b67b0} 5192 "\\.\pipe\gecko-crash-server-pipe.5192" tab
            3⤵
              PID:4588
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3320 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3264 -prefsLen 32585 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b54bfa5a-df46-4e26-b0a6-52d6d4100bcf} 5192 "\\.\pipe\gecko-crash-server-pipe.5192" tab
              3⤵
                PID:3428
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4228 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4284 -prefMapHandle 4280 -prefsLen 32585 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70066981-880e-4821-b1de-689684514eda} 5192 "\\.\pipe\gecko-crash-server-pipe.5192" utility
                3⤵
                • Checks processor information in registry
                PID:1348
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 3 -isForBrowser -prefsHandle 5376 -prefMapHandle 5372 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3296024-ddc7-46b0-87a9-28ee2d1fb511} 5192 "\\.\pipe\gecko-crash-server-pipe.5192" tab
                3⤵
                  PID:4396
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 4 -isForBrowser -prefsHandle 5388 -prefMapHandle 5384 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a77a4ea-435d-4221-88da-69e59ac3fc2b} 5192 "\\.\pipe\gecko-crash-server-pipe.5192" tab
                  3⤵
                    PID:4852
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5788 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5716 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1348 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff804445-bf74-471f-acdf-3fb2efc5237b} 5192 "\\.\pipe\gecko-crash-server-pipe.5192" tab
                    3⤵
                      PID:4372

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vw2hz1e5.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  3a3b5efa422e59fe368a36f84f28ff4c

                  SHA1

                  d40638d732859a5f9ae1f4f54eb0cb3e8234a410

                  SHA256

                  d103832434573d55d397cd327f6edcad35a7b917d98c46fef5d2a92417641018

                  SHA512

                  1cf97fb25e9c434475f3964ded85fcc63bd5fc6d148b28ad2053074f9aee7a4d7c99bc2b8f1d3e1659c1ee9e9fe43d5d0d4f95521026df2d34e969fb5fa9175e

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  479KB

                  MD5

                  09372174e83dbbf696ee732fd2e875bb

                  SHA1

                  ba360186ba650a769f9303f48b7200fb5eaccee1

                  SHA256

                  c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                  SHA512

                  b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  13.8MB

                  MD5

                  0a8747a2ac9ac08ae9508f36c6d75692

                  SHA1

                  b287a96fd6cc12433adb42193dfe06111c38eaf0

                  SHA256

                  32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                  SHA512

                  59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vw2hz1e5.default-release\AlternateServices.bin
                  Filesize

                  8KB

                  MD5

                  b02706f99b32683cf5e4cd4b66cf8501

                  SHA1

                  d4e4493f126f6ea73b8bc3a79f689b14d8b88a34

                  SHA256

                  2945f517ba62012708ec629e63416ca1ebf7861be7f4487f8d6c6fcf755f7acd

                  SHA512

                  aa2b78b0f23a7d0b19604004037975b46fb5ce6ef1b879589578eaade24410cfd7c1e17272d60e9a77fb0b3755d7fe209f8039832f8a5c2474998c8b323518e9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vw2hz1e5.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  22KB

                  MD5

                  f27819af62619b04b8876a7e9fbbf765

                  SHA1

                  12054444f4eb00dfeab74388646df47f718955f1

                  SHA256

                  98d2ee4a636d2cf45e77f4b5c827c5b8aec18750727710ca2867369ef3cd4dd0

                  SHA512

                  775aa9c130ae2b8797cae8350a338ebdac6c2f648026084ed85c4c797a704d4db89483f355c9ad5f9e4a372a31f76b5405eb0e6215ee5551d92c0d8fbdc61d5a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vw2hz1e5.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  21KB

                  MD5

                  accbc9704fd010180db42ec615ca4ff5

                  SHA1

                  22854469f0c256a3e8e953e9e800007d2adb0dfc

                  SHA256

                  8ca7308a3cc26c679977994743c55e67157d2b0f3ee602546ba0f6b73d1be79e

                  SHA512

                  8c3a876c426d569b7b1df09bf7d42baa0f46efde097d7b5ce53d3edb1170f7d78628b4fd8df66b5a80bc113cd09d192515e61682e86c11a380ee2b85f3589293

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vw2hz1e5.default-release\datareporting\glean\pending_pings\47163e52-4500-43b8-be3c-8cbf0fd017a2
                  Filesize

                  982B

                  MD5

                  540a43e8222819ce01059e38b0f111d8

                  SHA1

                  a525f55ad5a5a14df2437abb505884e6f1fa5562

                  SHA256

                  26b0e2aeb7574f00458621fd9b412f23ada31806060dcc5ae786d0402332e181

                  SHA512

                  23be6798f1a7b64f9aaa0c3f1a610d61dbcb4d51758a42e6df8bfd89e1308c11376d1ab975188b656726a6164b03619966e51cd0efef418401359abb61ee0f66

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vw2hz1e5.default-release\datareporting\glean\pending_pings\4c350480-e084-433a-bbe8-6ec2352fe072
                  Filesize

                  659B

                  MD5

                  bda04e0a2d64d51c5cc2ac8435d84c9a

                  SHA1

                  5a15935e686e43c2f066e1986e4fe9267780320b

                  SHA256

                  5bf94a507bf27f81bf335842f7254bf7c13ac27b84a9785d3aed52b66170627a

                  SHA512

                  7ef3ac6a876cd1070ff48d58524b61043180ac4bd4d4142db5ae0d1492bb0f6d01a2b9cbd614683d8120aec20decfd288bc27023589383c86cbea101a3342830

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vw2hz1e5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                  Filesize

                  1.1MB

                  MD5

                  842039753bf41fa5e11b3a1383061a87

                  SHA1

                  3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                  SHA256

                  d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                  SHA512

                  d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vw2hz1e5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  2a461e9eb87fd1955cea740a3444ee7a

                  SHA1

                  b10755914c713f5a4677494dbe8a686ed458c3c5

                  SHA256

                  4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                  SHA512

                  34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vw2hz1e5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                  Filesize

                  372B

                  MD5

                  bf957ad58b55f64219ab3f793e374316

                  SHA1

                  a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                  SHA256

                  bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                  SHA512

                  79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vw2hz1e5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                  Filesize

                  17.8MB

                  MD5

                  daf7ef3acccab478aaa7d6dc1c60f865

                  SHA1

                  f8246162b97ce4a945feced27b6ea114366ff2ad

                  SHA256

                  bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                  SHA512

                  5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vw2hz1e5.default-release\prefs-1.js
                  Filesize

                  10KB

                  MD5

                  3885bddf6f29fd631357c31bb91b76f3

                  SHA1

                  9e917dca86fa71c12bf683c72992c6913d77829a

                  SHA256

                  ef95882d937cb40cadd3296a80b41ff3d98d0c734a1220ed873c3133132c8df6

                  SHA512

                  07465f1c047804ffc106472d7799be49c4f1f9e005599f47d9ec39c4e225ca54ce4965b04a014399cc746a51410c80839fac5f946768d4f21ee435ed78c059dd

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vw2hz1e5.default-release\prefs-1.js
                  Filesize

                  9KB

                  MD5

                  c3532f87e1fdc4f22202b7ed51d411f5

                  SHA1

                  24813925c1188d00b260613b8f3b0bd563335651

                  SHA256

                  809e069199f25f4b3609a75496cb1e443400f37eba863321a9679283334272d4

                  SHA512

                  c191039160f330816a9388d983078ea74ff4e88b3863809f3f2162985c723fbc1a0ced685f216fa79d7d0d998479ce0fd24669d1ee54cb651ffa130a4df8b627

                  Download Submit