Overview

overview

3

Static

static

3

README.Music.html

windows10-ltsc 2021-x64

1

README.html

windows10-ltsc 2021-x64

1

SDL2.dll

windows10-ltsc 2021-x64

1

SDL2_mixer.dll

windows10-ltsc 2021-x64

1

SDL2_net.dll

windows10-ltsc 2021-x64

1

chocolate-...up.exe

windows10-ltsc 2021-x64

1

chocolate-doom.exe

windows10-ltsc 2021-x64

1

libFLAC.dll

windows10-ltsc 2021-x64

1

libfluidsynth-3.dll

windows10-ltsc 2021-x64

1

libgcc_s_seh-1.dll

windows10-ltsc 2021-x64

1

libglib-2.0-0.dll

windows10-ltsc 2021-x64

1

libgmodule-2.0-0.dll

windows10-ltsc 2021-x64

1

libgomp-1.dll

windows10-ltsc 2021-x64

1

libiconv-2.dll

windows10-ltsc 2021-x64

1

libintl-8.dll

windows10-ltsc 2021-x64

1

libmp3lame-0.dll

windows10-ltsc 2021-x64

1

libmpg123-0.dll

windows10-ltsc 2021-x64

1

libogg-0.dll

windows10-ltsc 2021-x64

1

libopus-0.dll

windows10-ltsc 2021-x64

1

libopusfile-0.dll

windows10-ltsc 2021-x64

1

libpcre2-8-0.dll

windows10-ltsc 2021-x64

1

libpng16-16.dll

windows10-ltsc 2021-x64

1

libportaudio.dll

windows10-ltsc 2021-x64

1

libreadline8.dll

windows10-ltsc 2021-x64

1

libsamplerate-0.dll

windows10-ltsc 2021-x64

1

libsndfile-1.dll

windows10-ltsc 2021-x64

1

libstdc++-6.dll

windows10-ltsc 2021-x64

1

libtermcap-0.dll

windows10-ltsc 2021-x64

1

libvorbis-0.dll

windows10-ltsc 2021-x64

1

libvorbisenc-2.dll

windows10-ltsc 2021-x64

1

libwinpthread-1.dll

windows10-ltsc 2021-x64

1

zlib1.dll

windows10-ltsc 2021-x64

1

Resubmissions

02/02/2025, 00:19

250202-al7pxswrby 3

20/01/2025, 09:05

250120-k2ap8ssjfm 7

Analysis

  • max time kernel
    122s
  • max time network
    152s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250128-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250128-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    02/02/2025, 00:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    README.html

  • Size

    8KB

  • MD5

    6587a3d6dde3cb058f9b138b291d08e3

  • SHA1

    988406af31b80b51a18b1405292ed6874a5f533e

  • SHA256

    a22b042a4d29929c3b8e77b62caaaa32727714e8b333332f937c1894762d9376

  • SHA512

    ec610db49e019e479a3c10371c630c5839a49d9f02b701e1c0c9dc4d61d9e29e61722d4980048149857846a41cc3f11231427bff359e3af70e2442887cbd91d0

  • SSDEEP

    96:YuCdl7GsPTb2xPxB5h94O/nRY0suzAC1JmZmulK3+6JiTqzbBCcjqw2:UHLb2xph2OfRwAHJblk3

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\README.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:956
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\README.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4104
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 27205 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63c5de47-633c-4950-90bc-d26db4c57a83} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" gpu
        3⤵
          PID:4592
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2352 -prefsLen 28125 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fb2ff0a-282a-4395-96a5-19036c355ada} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" socket
          3⤵
            PID:3324
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2836 -childID 1 -isForBrowser -prefsHandle 3092 -prefMapHandle 2960 -prefsLen 28266 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6ff506b-b243-40b6-bd4b-a2b13b55c684} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" tab
            3⤵
              PID:6060
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3676 -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3128 -prefsLen 32615 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {884e4e98-c1d0-4e62-8b8c-68b50142c3b4} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" tab
              3⤵
                PID:8
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4920 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4864 -prefMapHandle 4868 -prefsLen 32615 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73469110-01a0-4a8f-9e92-911f81f2227a} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" utility
                3⤵
                • Checks processor information in registry
                PID:2328
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 3 -isForBrowser -prefsHandle 5340 -prefMapHandle 5300 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57bd4415-1d97-420b-9e7f-5e6878e46a23} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" tab
                3⤵
                  PID:5604
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 4 -isForBrowser -prefsHandle 5528 -prefMapHandle 5456 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3338103d-5fcc-423c-a152-9c651d47088d} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" tab
                  3⤵
                    PID:2160
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 5 -isForBrowser -prefsHandle 5676 -prefMapHandle 4488 -prefsLen 27145 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0840b172-a42c-43f5-b03d-abdaa29e65b7} 4104 "\\.\pipe\gecko-crash-server-pipe.4104" tab
                    3⤵
                      PID:5608

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lsy92t1y.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  22KB

                  MD5

                  196d32db80ed6042a2bc1565da8105b7

                  SHA1

                  3706d42725833f03b2fb25ad1d53c04f1447bdea

                  SHA256

                  9848dfb59f7010fa644774b700124a0ec33a4d5283bd38d071e870115784b1b8

                  SHA512

                  50f99ebba037a264a1477e612840d39356195cd0bd735fa96a182889ccf0c5bf0a07fc64873a7e1c5c9ddbd8331689633fbb108e7c7448c4683450d10cc8416e

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lsy92t1y.default-release\cache2\entries\D18FB7DA89F8DD4E7A2C97703A1647E8C981D05A
                  Filesize

                  13KB

                  MD5

                  a2361686df22589d6ebb2a1261ce5948

                  SHA1

                  83a5041829bd0506a5a36aa5628758df0522c38a

                  SHA256

                  db92520c1ff7c7f6d6550d3774828d784aa6d81bce9e694fb398620345eb143c

                  SHA512

                  ba8a4cd49b7fe3739592288b0ea11ac40d3cfaa63cd0e6d35b4851a70970291a424a0b4e03feea71bd90201f8aca12f62b318ece904a609431be73b7af590706

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  479KB

                  MD5

                  09372174e83dbbf696ee732fd2e875bb

                  SHA1

                  ba360186ba650a769f9303f48b7200fb5eaccee1

                  SHA256

                  c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                  SHA512

                  b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  13.8MB

                  MD5

                  0a8747a2ac9ac08ae9508f36c6d75692

                  SHA1

                  b287a96fd6cc12433adb42193dfe06111c38eaf0

                  SHA256

                  32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                  SHA512

                  59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\AlternateServices.bin
                  Filesize

                  7KB

                  MD5

                  40fac01aaab55a0419372573b23e174e

                  SHA1

                  401346b2a7ed273597b71904843502e04a4de3e1

                  SHA256

                  76283c77187c7a86837e8a9dd213ee1c0210d5ff0e46fc4adf06b6829e7e9fd9

                  SHA512

                  3e2921a58394ede9c56b90d94e747dd80e4001959fa3899765cfb13658625ff79d21e90a84c1f12a7d45927fa0250ba73dfe72b8d99c5234779e69864d928ba2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  19KB

                  MD5

                  4ea2a84f7862fb9acbe84b366644403d

                  SHA1

                  7720f2d454b0f140140111c55b7426b6c89c4178

                  SHA256

                  40c90951ee95e48b242cd463ec7a6f1745fd5aaa2f71ba0ea899f042f117b193

                  SHA512

                  46d30a65c94464b96baaaee76d4a49edbd506cf4bd59b5fc3a069f4acf268dba9dc2737c2919503bb6c05a2148525a76c4ea2413b97d147c3f38f8a52fcec861

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  22KB

                  MD5

                  6c43ea0654640f8a5dbe2131020a7b83

                  SHA1

                  6e76b85f9e0f576f828dd9a203e21f1ae576c853

                  SHA256

                  a6e033abb78658df0e42b1565c9e980948c0e6340c7328b63ac45cfb151c755a

                  SHA512

                  9176cdad9c015f33c7ed7c225db1c2ebbedd71d2e4cd0be866d3eafed617cddae64c5f2abab0b7c98cddb984523c0a4d3ee2b5503c510c68563aa63da19fa8c0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  23KB

                  MD5

                  525fa592051b246319700d9c3f11c945

                  SHA1

                  1be16ab6eab3b98503bd8a4a52e456c8336e5d02

                  SHA256

                  7706e9dcf43f757e72b54b0ccd58fc1f16fe25f3eaca4361741128be42ad4cd1

                  SHA512

                  dbf7de07706755a8197e52dd71d44790d1b5e9d7d305e2caaa30277efb61f9d4c64e0f4d89acf3c67af14d5bcf85ae2e03c54155c41b03e68a66ac78846930b9

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  22KB

                  MD5

                  bdfed555e1e29dfd2b955a4db76d83ba

                  SHA1

                  41acbc20a8139bb0cf268409a7e9d567466fa6d6

                  SHA256

                  48693e6e8634813ff8960364b5a1a282c1a88878e462ba6985a34c18506195f6

                  SHA512

                  69f0754ea43017a0aab192e04ed3a6524071809c99478b1dc39e6595eca385182beb648fb67d9b7e11fe10a418a7b5f76a310ede9efaf4b71777134a90117ec2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  21KB

                  MD5

                  9fb16c34f9f3f6ba5f8a05875547e9a0

                  SHA1

                  70b7b6af78bb1c492c4407cd6de893af11b13472

                  SHA256

                  8cfe99b6dc4c2ab1303b19859373e77ab1d654b19cc254fab9553e6ab19031e4

                  SHA512

                  20b75f653cfdc2ebb7202ab990a5992fcc255f915c6a0a6766cc35a25eed04aa7777968dfe80a46f1c6cbe1fc3b67e03cf5886245e6165b599d1fceba5f11c36

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\datareporting\glean\pending_pings\0670d591-b670-47e3-b10b-ddd21ad52771
                  Filesize

                  982B

                  MD5

                  503b0b0bbfa9af02df9323201e3c423b

                  SHA1

                  da3195d70a513a664f79fde07726587224d4b44c

                  SHA256

                  a3067d647a243e4d04d5920ea13a1cf3e0f6b69f15be4967f56e3e727f29dfbc

                  SHA512

                  8b505ceac54df1aa5b3dfa50d69b30d2fdcd4c3caaaafa2936570bc40d3f4e1ddc32e56b741475291b50f139286aacf1616491f288a68d477a7106447c148af3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\datareporting\glean\pending_pings\23bc16b4-243c-433c-b31e-dd201ad2fc6d
                  Filesize

                  659B

                  MD5

                  7886277fa7117b5dcae1e816ede492ed

                  SHA1

                  ac7b347df5b90d907713787e56a49920986d77df

                  SHA256

                  c0b980f9d1e55d413ada0f3690c197542ed582ceba648b1d00ac5c796cdca68c

                  SHA512

                  04a7328787540d6b7fcb721e068ac620f30cdd2646361d118733fe82a30f12d494f602902b996bb8c773cf3a7a95be2062947228bca2a64e8a95ce7db9be7758

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                  Filesize

                  1.1MB

                  MD5

                  842039753bf41fa5e11b3a1383061a87

                  SHA1

                  3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                  SHA256

                  d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                  SHA512

                  d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  2a461e9eb87fd1955cea740a3444ee7a

                  SHA1

                  b10755914c713f5a4677494dbe8a686ed458c3c5

                  SHA256

                  4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                  SHA512

                  34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                  Filesize

                  372B

                  MD5

                  bf957ad58b55f64219ab3f793e374316

                  SHA1

                  a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                  SHA256

                  bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                  SHA512

                  79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                  Filesize

                  17.8MB

                  MD5

                  daf7ef3acccab478aaa7d6dc1c60f865

                  SHA1

                  f8246162b97ce4a945feced27b6ea114366ff2ad

                  SHA256

                  bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                  SHA512

                  5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\prefs-1.js
                  Filesize

                  14KB

                  MD5

                  2b31f8e13987faa77aaf62295770e9eb

                  SHA1

                  6b3f4aa80ddec3321d71a25c703c0475f8ad4dda

                  SHA256

                  cb59f5cedd7ed2a49c4f93e55f1ba11db2594a1597b1a3d8b405b6a0296289c7

                  SHA512

                  c3236c9a26644fd7b252686403eb294429cf5084070944b8ba32828154a8cdab5606396984a268cfed4937d1eb6642f2f26a7eca7d2b3b5e95887e50dff89cd3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\prefs-1.js
                  Filesize

                  11KB

                  MD5

                  12d87c693147dae0d2a6949644136a29

                  SHA1

                  4d92394709ec5bd15cb3a7a73fa982b134b13947

                  SHA256

                  5ea856eb50e5a1aa58220226d4d90d69aecf5d62d07becef32b22f0068e83033

                  SHA512

                  bae3779e0a9e33cd6888aad3e5eb0fb77a8a3b5dfac92185872226396f380f0e3aac3306a7f4f7bfe23b5a37e2b085a90607662bfa811725b862e08ad776d003

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lsy92t1y.default-release\prefs.js
                  Filesize

                  9KB

                  MD5

                  2b58d9ec1cd857c12d2e575709d2870d

                  SHA1

                  3790761fc05837f16a26eede15d17e81fe6e45f6

                  SHA256

                  15fbb24b922347c1453f4240bea556a23b8c2201baf05a9a1f25ade5614fd327

                  SHA512

                  78705f8d6f79e5d6fa8dbc6029b622521ec342d4c818189d5ae04b4f7ddd32d600d45ea9c4a520b55013ec169a6ebdd647263dbf779bdcd18ef8e69ac1378f60

                  Download Submit