Resubmissions
20/02/2025, 10:50
250220-mw8festjaz 1020/02/2025, 10:49
250220-mw12cavpw6 1016/02/2025, 02:33
250216-c1244ayjc1 1016/02/2025, 02:26
250216-cw6xgsxldq 1012/02/2025, 14:54
250212-r9zgwswmej 1012/02/2025, 14:27
250212-rsdtvsvqet 1012/02/2025, 14:17
250212-rl7hlavngy 1012/02/2025, 13:47
250212-q3q2hatqes 1012/02/2025, 13:43
250212-q1d9xstlap 1011/02/2025, 01:03
250211-behmwstpdv 10Analysis
-
max time kernel
398s -
max time network
400s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
-
submitted
20/02/2025, 10:49
General
-
Target
beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9
-
Size
8.5MB
-
MD5
2d690d32e637c43a18aa8f4f2fd28e48
-
SHA1
f8a5f75a34d2751c0e7195cd4adabddc1ece465e
-
SHA256
beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9
-
SHA512
2641192c4ebb0a66fdf6a9be16ccfc38a4cd98a32467d5b6e719c73b2893a28888b7c9c77d3db3a0d2e93d14408081bdc92238dc3a5b1479229843f354c7305e
-
SSDEEP
196608:exCyu9hdCjcHsm2gTEE/OBBZVaMKb0QqNnJi6lWzVYK5P6qwpxFlWavvy7:ervy
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 14 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e91⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 27254 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b763bce-e657-4b3e-9637-559c2787e797} 2384 "\\.\pipe\gecko-crash-server-pipe.2384" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 27290 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc79b513-8401-4fea-a0eb-df3f61346f11} 2384 "\\.\pipe\gecko-crash-server-pipe.2384" socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3020 -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 2992 -prefsLen 27431 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d580246c-4299-4d98-91bd-270f46d9737e} 2384 "\\.\pipe\gecko-crash-server-pipe.2384" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4296 -childID 2 -isForBrowser -prefsHandle 4288 -prefMapHandle 4284 -prefsLen 32664 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bab88fa-cec2-4d9e-8c45-ca57849e9910} 2384 "\\.\pipe\gecko-crash-server-pipe.2384" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4904 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4896 -prefMapHandle 4892 -prefsLen 32696 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1092ab6-79b2-4de5-880e-2f8ef89d9a3c} 2384 "\\.\pipe\gecko-crash-server-pipe.2384" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5208 -childID 3 -isForBrowser -prefsHandle 5332 -prefMapHandle 5380 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ec173ab-f5b6-4781-909a-40a5fc4f8946} 2384 "\\.\pipe\gecko-crash-server-pipe.2384" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 4 -isForBrowser -prefsHandle 5192 -prefMapHandle 5356 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd5b7cb1-eb37-468b-8126-f5709d3ecd88} 2384 "\\.\pipe\gecko-crash-server-pipe.2384" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5700 -childID 5 -isForBrowser -prefsHandle 5180 -prefMapHandle 5172 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b7b5251-765b-4263-910b-e7798ae2456b} 2384 "\\.\pipe\gecko-crash-server-pipe.2384" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6228 -childID 6 -isForBrowser -prefsHandle 6220 -prefMapHandle 6212 -prefsLen 27226 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0319b7ff-eb81-4181-a4f8-348c90f97471} 2384 "\\.\pipe\gecko-crash-server-pipe.2384" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6424 -parentBuildID 20240401114208 -prefsHandle 6520 -prefMapHandle 6516 -prefsLen 33013 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32692643-c6c2-4006-8dc5-dfb7edb36ee3} 2384 "\\.\pipe\gecko-crash-server-pipe.2384" rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6476 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6532 -prefMapHandle 6528 -prefsLen 33013 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61a4d659-79dc-4abf-b0c3-16e06e44d477} 2384 "\\.\pipe\gecko-crash-server-pipe.2384" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6420 -childID 7 -isForBrowser -prefsHandle 6492 -prefMapHandle 3528 -prefsLen 27305 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19bb3773-f538-4a66-be7e-85a7f98f7127} 2384 "\\.\pipe\gecko-crash-server-pipe.2384" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5376 -childID 8 -isForBrowser -prefsHandle 5408 -prefMapHandle 5652 -prefsLen 27305 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d89f37d-d837-4302-b2cb-e6fc38637cc6} 2384 "\\.\pipe\gecko-crash-server-pipe.2384" tab3⤵
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2fc 0x33c1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5f319dcf87e25f6503df73ed55dc40d10
SHA114980b064e4f8e8151c2e3d115f8c11c8acf49ee
SHA25626873fdade70eee2dbdd59c96c782ccedb19d1ee45be882618d275ce9a25f680
SHA5127eabcd1632a3921034c0ed267981b5d26999af5d6a674bceef1dfa6fca512f8060fe9e1994af19c7e5369461dd24e4c56b77add23aeec10b377d183a86c48247
-
Filesize
15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
Filesize
7KB
MD5f6b3d36e35300d63642c069f14166793
SHA1ca20db2f1216611d9724bb335a599a304f33479f
SHA2567a4b9d1355118115f5de198ee0b3bc353e4548dabf8611a935b2566c082888d2
SHA512a96afacbec624ac6846023480f4ad3bc1130d3826eccc0dd652275a4ee9ea9367922791d14049952c4ae70b110920276d1b35b95a1d8b9fb6f45628fe32b0f5e
-
Filesize
5KB
MD5da0ab8f1734dbfa9f130fb1934df661d
SHA16a5e6826a943b5a76fae0436c8bfd3599d0930b3
SHA25625bdc1eab490f173ba576b4df39d403dd597c9d3ddd7dfc917e7d26bf24887bc
SHA512a808eee77159b1f0bde441cd5735d0132b78a850bf5c02ba2ab73e93a4f6587e47b4a4e840901fc769fe8447198ad8cdc7e23bc05653cd935536bd521f3e06cd
-
Filesize
5KB
MD51f82fa028f749f8114957688d61ef5fa
SHA1258bc3df7e0b4cc9b0a9a180d637075b9f355330
SHA2563b829b2908af43f5140de83934bfbb92e4258cb6962ae560a47a2461ba15cde7
SHA5127a169d1ef7d6690923f12be42eb75671b8fd2afe9b057d423e0bd63da4f5e4a95efb1541466b7f94b7a897d7a49b4f1d122027373bbc4c897a3d780232db3fea
-
Filesize
6KB
MD5d49144b40699fe850f8ccb6400cbb19f
SHA163c66a462c655e8a9d174b3c7464df9a34fcafe7
SHA256b81ae876c5f3487ccda63ccf905fd0bda2652d1a055927953610e9bdadce7c70
SHA51277666cb937fef28e3584c73a3a464037639c766e0e678df59cd9e8dc5388b4c6465f92d29b8bb30d07d5727d77c508bc2e9d3e4623ef30222dd575c3e8bc2827
-
Filesize
982B
MD5d1e8bdbf45b48137652d6100f0295557
SHA10b6bf9c15224effe8c5f437debffcfe95efb08ab
SHA2561da981121bb0293c46a113807f8fc679bdbd610f8a7689096bbde664ee7f1a3f
SHA51261d36000dbc726b54ecf60bf3155b84fa2db24a02be6eb35ad1402818e0359984be59cb3d7609690c310a1f9f1ee0274fa3df9d66cc04d89006636cb811ae99d
-
Filesize
30KB
MD5e02db08975b7d61829de8c16b87acf05
SHA199cf7c15dbe88e16d7cfb5043aa1ec07484d8092
SHA256b851a777c2e2857d59140ce924cf63ce3ffb55bc2cacc47315ccb5afba4a7bfe
SHA512fb323a4cc2e890496d12146f1c7c9e8254a058e788dd7c40ec0e611ec8a2111fc513d2551be7d82c70dfc22136888a79324dc092485ab0870f176f4c72b73eff
-
Filesize
13KB
MD59220a17895cbcc82607c25aa799f7e4f
SHA1e76901dd7f8cff141bdc0aa2e854614606033ca2
SHA256e04fc004e16fd8cc72b420fa636826acaf4e10bf1910b01885529336a9f954a7
SHA51283ba17d731c1096840c47cfa32673e4f357fbd0abf71577cba51d691706f53a4683fb660a0ba5f23d978588e872edd3235d0259ecd335c21dda330ea0bc7e50c
-
Filesize
671B
MD588793f9ad11a67dd0903a8118b6e8a10
SHA1832d5319f19c2d62bc39eab60c9bf8bded60663b
SHA2564684adbbf36cdb68d0b6a014c4eda7053eb53af0a42b944bc5ddf87c46c407de
SHA512909159f7c610873324a395d0335f39c274cef13201c01c08bf0cbdd059410029ad634b67f1850b69862b8372d67a9628b4109ce1a988a10c47815068a839c8e0
-
Filesize
10KB
MD5bf451f6fbf805982aa8d08e9b6c06fbf
SHA138f4f5ba4eb9e03b8a6a7b842f461178bb29eede
SHA2569d7dce570acde324618a3b1d8bd8ad3700141950350046b66087a846a18e1315
SHA512a7eb6e66725d2163269c38189410f050927d9e9c592cc2e02c7ca43d01eb2e7ed3bc04a1c637181538abdb70269375cf058d7a533699ea2b471d371a4de6ec3e
-
Filesize
9KB
MD5e9a77194c43f97cec4d8dd91586aea45
SHA1c97ecc1b181cbf0b0a9e71cf5403847a73546416
SHA256008e4cb4036eb50b48591c54ca400d17dd39f93d7d2d9e4509b8fad10bbf3a03
SHA512ecff6de9e2d1788594001c740d4720f2cef5c56a33aae0c19d2b392555086ef93f387065c9fae461087eff1b77c2fdfa354e7b7ef0351774103c613c1d396aae
-
Filesize
9KB
MD5052963b9d0cd29108c4cb029f2c3f1bb
SHA1cc347ddb050757edb0dc16df401fc7d3d225a4ab
SHA256dd3ade475409bd02d543cd7c3e47d0cbd240cacc1becaea5708593223da7e998
SHA512e217ce7d214564adac9d45afca1ce79eddaf96e2a794b6bb02d4bb443a3792d4e8e94112b97f0e2c29fca2f00cf9897de62ce0fa06a20055ac305463423585dd
-
Filesize
259B
MD5e6c20f53d6714067f2b49d0e9ba8030e
SHA1f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA25650a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf