04cb9866a3e3b9d1d5215e38de2b43a6f639c2c9009231b1bb13fd99dffbcbfa

Resubmissions

15-01-2023 00:22

230115-anyj2abd3s 10

15-01-2023 00:20

230115-anag7sbd21 1

15-01-2023 00:06

230115-adw88abc2w 1

15-01-2023 00:03

230115-acc4ysbb8y 1

Analysis

max time kernel
91s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2023 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

(pass_0day)_instagram_0day.zip
Size

1.1MB
MD5

0a177850006ef85d74290b4b758e955b
SHA1

1f69d1eea2920cd02ec202dd667e8ecd13d28484
SHA256

04cb9866a3e3b9d1d5215e38de2b43a6f639c2c9009231b1bb13fd99dffbcbfa
SHA512

37796ca7b04fa02eb93d2131113fc037252550e5aaf7b6b6220cd69a8ea0d7bedd33309a5155802ea5a7a36693a864a2cbea8970ac244d7262931f9f025bf53b
SSDEEP

24576:N/5vgZCIqnI/wRgbNzG0HCRaqoat465rqSqPNMAvNp12Adj:5ZQqnJyGKCfdtR5rq9FM4717

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings firefox.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 4808 firefox.exe
Token: SeDebugPrivilege 4808 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

4808 firefox.exe
4808 firefox.exe
4808 firefox.exe
4808 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4808 firefox.exe
4808 firefox.exe
4808 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4808 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings	firefox.exe

description	pid	process
Token: SeDebugPrivilege	4808	firefox.exe
Token: SeDebugPrivilege	4808	firefox.exe

pid	process
4808	firefox.exe
4808	firefox.exe
4808	firefox.exe
4808	firefox.exe

pid	process
4808	firefox.exe
4808	firefox.exe
4808	firefox.exe

pid	process
4808	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4776 wrote to memory of 4808	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 4808	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 4808	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 4808	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 4808	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 4808	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 4808	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 4808	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 4808	4776	firefox.exe	firefox.exe
PID 4808 wrote to memory of 2836	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 2836	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 3496	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 4484	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 4484	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 4484	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 4484	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 4484	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 4484	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 4484	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 4484	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 4484	4808	firefox.exe	firefox.exe
PID 4808 wrote to memory of 4484	4808	firefox.exe	firefox.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\(pass_0day)_instagram_0day.zip
1⤵
PID:884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4808

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4808.0.180607753\196617253" -parentBuildID 20200403170909 -prefsHandle 1700 -prefMapHandle 1672 -prefsLen 1 -prefMapSize 219989 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4808 "\\.\pipe\gecko-crash-server-pipe.4808" 1792 gpu
3⤵
PID:2836

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4808.3.145245676\261190387" -childID 1 -isForBrowser -prefsHandle 2464 -prefMapHandle 2428 -prefsLen 112 -prefMapSize 219989 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4808 "\\.\pipe\gecko-crash-server-pipe.4808" 2376 tab
3⤵
PID:3496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4808.13.1592595308\1879218862" -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 3624 -prefsLen 6894 -prefMapSize 219989 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4808 "\\.\pipe\gecko-crash-server-pipe.4808" 3660 tab
3⤵
PID:4484

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads