Analysis
-
max time kernel
69s -
max time network
82s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
06/02/2023, 16:53
Static task
static1
General
-
Target
05-02-2023Statement.html
-
Size
1KB
-
MD5
8313cb993e257a11647d21298c4d0aea
-
SHA1
704966e1b1be898587a02fe705d1d12dd2e21c5d
-
SHA256
86a86378369af167e7165566594fa592cb90f8c61714231b427b7598f954cfbe
-
SHA512
dc0db500c4c2bba36d470f17fc637377298cdb8a41364455f34636a01ce9a455993bd0e737c5c5663215b353510d281be75fe1ac48089cada750c0dbdec536f1
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache firefox.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1676 firefox.exe Token: SeDebugPrivilege 1676 firefox.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 1676 firefox.exe 1676 firefox.exe 1676 firefox.exe 1676 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 1676 firefox.exe 1676 firefox.exe 1676 firefox.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1676 firefox.exe 1676 firefox.exe 1676 firefox.exe 1676 firefox.exe 1676 firefox.exe 1676 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1632 wrote to memory of 1676 1632 firefox.exe 27 PID 1632 wrote to memory of 1676 1632 firefox.exe 27 PID 1632 wrote to memory of 1676 1632 firefox.exe 27 PID 1632 wrote to memory of 1676 1632 firefox.exe 27 PID 1632 wrote to memory of 1676 1632 firefox.exe 27 PID 1632 wrote to memory of 1676 1632 firefox.exe 27 PID 1632 wrote to memory of 1676 1632 firefox.exe 27 PID 1632 wrote to memory of 1676 1632 firefox.exe 27 PID 1632 wrote to memory of 1676 1632 firefox.exe 27 PID 1632 wrote to memory of 1676 1632 firefox.exe 27 PID 1676 wrote to memory of 1816 1676 firefox.exe 29 PID 1676 wrote to memory of 1816 1676 firefox.exe 29 PID 1676 wrote to memory of 1816 1676 firefox.exe 29 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 1344 1676 firefox.exe 30 PID 1676 wrote to memory of 652 1676 firefox.exe 31 PID 1676 wrote to memory of 652 1676 firefox.exe 31 PID 1676 wrote to memory of 652 1676 firefox.exe 31 PID 1676 wrote to memory of 652 1676 firefox.exe 31 PID 1676 wrote to memory of 652 1676 firefox.exe 31 PID 1676 wrote to memory of 652 1676 firefox.exe 31 PID 1676 wrote to memory of 652 1676 firefox.exe 31
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\05-02-2023Statement.html1⤵
- Suspicious use of WriteProcessMemory
PID:1632 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\05-02-2023Statement.html2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1676 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1676.0.1614985177\1683012120" -parentBuildID 20200403170909 -prefsHandle 1180 -prefMapHandle 1172 -prefsLen 1 -prefMapSize 220106 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1676 "\\.\pipe\gecko-crash-server-pipe.1676" 1244 gpu3⤵PID:1816
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1676.3.215462018\233898610" -childID 1 -isForBrowser -prefsHandle 1732 -prefMapHandle 1664 -prefsLen 156 -prefMapSize 220106 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1676 "\\.\pipe\gecko-crash-server-pipe.1676" 1552 tab3⤵PID:1344
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1676.13.915169178\720290412" -childID 2 -isForBrowser -prefsHandle 2776 -prefMapHandle 2760 -prefsLen 6938 -prefMapSize 220106 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1676 "\\.\pipe\gecko-crash-server-pipe.1676" 2788 tab3⤵PID:652
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1676.20.2028364201\998082579" -childID 3 -isForBrowser -prefsHandle 3432 -prefMapHandle 3436 -prefsLen 7643 -prefMapSize 220106 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1676 "\\.\pipe\gecko-crash-server-pipe.1676" 3452 tab3⤵PID:2072
-
-