Analysis
-
max time kernel
34s -
max time network
36s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
-
submitted
07/03/2025, 22:56
Errors
General
-
Target
http://temp.sh/YwuNP/another_trash_malware.zip
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 22 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://temp.sh/YwuNP/another_trash_malware.zip"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://temp.sh/YwuNP/another_trash_malware.zip2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 27376 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0061b17-b76f-4dd0-9186-3858f6b93a81} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 28296 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {068d0179-64e5-4984-ab34-9ce0ca8e4fb5} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3312 -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 3188 -prefsLen 22684 -prefMapSize 244628 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54a69ef2-c7a1-484b-a5e0-ba3f3802ad69} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3644 -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 32786 -prefMapSize 244628 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17e0215d-f12b-458f-9935-d87debda2f76} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4476 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4508 -prefMapHandle 4504 -prefsLen 32786 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8cfa9aa-0b84-4db6-9997-312e9624150f} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -childID 3 -isForBrowser -prefsHandle 5256 -prefMapHandle 5224 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e22e4d70-f8a5-42bc-bbc4-459ca67b2601} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 4 -isForBrowser -prefsHandle 5404 -prefMapHandle 5408 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7d9f620-8111-4314-9a74-480f0e461b96} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 5 -isForBrowser -prefsHandle 5688 -prefMapHandle 5684 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a881ab2c-df1a-43bc-9a08-d02252ed0309} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3308 -childID 6 -isForBrowser -prefsHandle 1588 -prefMapHandle 5892 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 1028 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68c140e7-e9bf-4ab4-89b2-836273000415} 1552 "\\.\pipe\gecko-crash-server-pipe.1552" tab3⤵
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\another_trash_malware\" -spe -an -ai#7zMap18623:104:7zEvent283621⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\another_trash_malware\another trash malware\pc fucker.bat" "1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD560843efa01a7a04fcb77f1ab4a4322c4
SHA1c4f4fcbc63929179c85587b0a732e77022a1e830
SHA2568eeec9d6c2a46bc5547041c947c75b096b806b96c909dc4a3e6d60f2c4286c4b
SHA512de43cb56fcf0c47b378d7085d16412ed9ffdc3e36272ea36d365e1f1b7788f5a01e536ca6a54055a2afda32f0528d3ac15ee0bd51b09d5b2b5d0019b4be4751a
-
Filesize
5KB
MD56fef628c1f77a912d617f1004cd495e9
SHA15b63fa1510e2b9192d2a6ab6f22c49ec7757e7d5
SHA256d9d32cfd925216e04adaa151f7ecd45c8d072c4d06c4b59ba9b639949c55d03f
SHA512a78a8f1fee30d98bb9c9d54ee5e5d07c59aff18a351645d75fb5f1c0612761e928ad05d30bcb21757614c8959252f1e0233af6b1dacbe9192833c8047c3bd52c
-
Filesize
16KB
MD54c6ee3095d77f8807a569a35d1847152
SHA11c89098891596fab4c436be80598948721205efb
SHA2569578a9d5744ac567098e91d820841de9e275453e1428ba8af3dcac2c2b17d9dc
SHA512ceeb2a7bf5e0f5a63d419ab391dbb7584df3c21fe72f07f0d2179fb952936abb60b1417416838647c77ee74a830a943aac072c495aac15a1e97e69c2a42c21a5
-
Filesize
982B
MD51f0926ae53d94b8da0a29ce09037a482
SHA16cf18a2d23e4e94a0f014674f6e6ea9c36d3b106
SHA2564732dba3d72c8a8f3d7ecd18699778c29636003b7f0babd745da1d19122d6c24
SHA51269dab328438d7d871e4ef2759ffab7b0fd4e7665f1e7c5588e50a115c2262941a7cb5dbf4c31aac0f06e0cdae0d929fea67628cb9c3752d318f95ecd4fcfae04
-
Filesize
28KB
MD5428290f2899f2b9c5a2aaae7aeb8d140
SHA1ff1e1b98e3f075e8ecaced05cd3268b45f33df39
SHA256b608653da21932006b4c1f66fd5372c4918b937d3a5d901cda5211e5910b61ab
SHA512cf631b553681f1660888c2d877106d3f5a67a7d5c50f850de81279ca3efce77b4ca8f61ee793ef5eeb1a62483fc880d32544edd67b0b41a2e96c70f6d5f37a69
-
Filesize
1KB
MD59b4e6ef5e283804497121cdfb1abc5bf
SHA119ac9e38b7c431ae2c61ef5b8db2780cf2fe594a
SHA256f0f42f6054806650a69a50304b0b0864fc885eb26503675684e581326bc9bca1
SHA512fc6ea32df24389c2120d51afabdce181cb49bf921a8c33ae30112abc9faf3b6c9b0e237d0351d3ae2dda573718707dccfa28e6b3f62b063758bc5d7a0a920852
-
Filesize
671B
MD5414ee30d7c67d49501ec0c1098cf4108
SHA11f9bbb30825c50e657c3194377ca1c1674344506
SHA256132d61d342385f54da31f9b90221e87b8e8594fb02d6f3a51cd63b9cea8d461e
SHA512067fd67afe666ae19687231f25f093f0d1b20a6f4ca296c4bb358a28e13e6533fb91ace645fa82317893c8d116d2aaae3c75287d86d70e4308c2be9f4ad729c7
-
Filesize
10KB
MD5d33450f2958a24d7d977b31756ea93a3
SHA16d2f6e0ff2775a9824fb93964c67cfdab6e4eab4
SHA256d493af6c55205f366b4285ad5e9684d9dffff1e16f7c1f20491b5bb7a15fa1d4
SHA512f8305a316d8292c42fca2d09a1bb99bf7c17d2dd0ed0ba6f8f8eeb08db5a2b8b64a3162df94de10c142dbac58530aec00bee56ebc129457d194ea6a924aa9aa8
-
Filesize
9KB
MD5c39c9acae558ca16324efb342822fa29
SHA10e0cd03386272c0327ed91789c0c4e922a0f2bd1
SHA2563b4ffb8d9d65498205a51b5fce952ce10fe5c95792985425403f43768b294f42
SHA512930394fd0c2e09a680675e80170e0d827be3faea447fa39e3c271860b43038999d6b846c5c5c21e97393aad63a510fc1b0831a52731fa55cc9aaab475fefa691
-
Filesize
9KB
MD51c8a7510d9e27f0a8cd18667c8ec7c79
SHA10add18f454a494a8514a638fd029c03a6b36ca10
SHA2562d78d525871223e86e5f80b567dca2601836a4e186ab8461085249a23681dee8
SHA5120d7ce231727a2cebcc8f66361b7a1326fcb6f5b90d3a95aec0087d05c3f07635b1c41a72e97d40036a8efbf47e38d5d3b87af9831c6499d796fbade4cdc42227
-
Filesize
4.1MB
MD58fa680b7b1c6675e33832ef97eb807b9
SHA1868744e11b2aa7e2b558e50f6095d8dcac5df825
SHA256c7fe47e4cb546c30a0965cae8cc7e80a4d0a5450ab707612bce5a5b22c94c1a6
SHA512deca53dae300e16cc784285f14ab04f25bac1be126499181b533ac299877335935c839316e7e6f2c6a309a4e1fefa602af0d38799552f3f08a9cf7235fb6507e
-
Filesize
302B
MD5a681abfd4309ccb9e65b124e1a805600
SHA1dee9781be6ef94b176d86cdcf5f6bb237b55ea4b
SHA256fe7ff5f20447fc94cfce2ad0f3bcd2b5dc3d3cbebdaca638402facc3398d8362
SHA512c0b8445932a8319f1eeb0bee89700f3c8f92a57b154b11c0536467487b640250808a210079c61c55382601a717ea3c0c47f7a8f0078564ad2c43dce6c80e6a0c