Analysis
-
max time kernel
119s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
14/03/2023, 00:58
General
-
Target
https://www.amazon.com.au/gp/r.html?C=12A33WSA94F8A&K=Z1HLO6YYZTMD&M=urn:rtn:msg:202303121154213982e8b63b294333bd55956e2250p0fe&R=2VXELGJ5LTWW9&T=C&U=https%3A%2F%2Fwww.amazon.com.au%2Fref%3Dpe_19115062_429591322_TE_logo&H=X4ZHCAZNU2A3DAOGLKVEPSDSJSSA&ref_=pe_19115062_429591322_TE_logo
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.amazon.com.au/gp/r.html?C=12A33WSA94F8A&K=Z1HLO6YYZTMD&M=urn:rtn:msg:202303121154213982e8b63b294333bd55956e2250p0fe&R=2VXELGJ5LTWW9&T=C&U=https%3A%2F%2Fwww.amazon.com.au%2Fref%3Dpe_19115062_429591322_TE_logo&H=X4ZHCAZNU2A3DAOGLKVEPSDSJSSA&ref_=pe_19115062_429591322_TE_logo1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.amazon.com.au/gp/r.html?C=12A33WSA94F8A&K=Z1HLO6YYZTMD&M=urn:rtn:msg:202303121154213982e8b63b294333bd55956e2250p0fe&R=2VXELGJ5LTWW9&T=C&U=https%3A%2F%2Fwww.amazon.com.au%2Fref%3Dpe_19115062_429591322_TE_logo&H=X4ZHCAZNU2A3DAOGLKVEPSDSJSSA&ref_=pe_19115062_429591322_TE_logo2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.0.1790887128\2144997126" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d409eda-8fd6-485f-a07e-f6d58846cb81} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 1932 14184417358 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.1.271475188\1437767561" -parentBuildID 20221007134813 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {903509e5-d998-4ea9-87e6-19131303a418} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 2440 14183303258 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.2.2123182707\595356736" -childID 1 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ee296ed-bd5e-49bb-9a61-d2c904e04d8a} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 1636 1418730fb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.3.2109503226\1841093370" -childID 2 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {717915e3-d3b1-46a4-afb4-95dd37aca70d} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 4032 14188641e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.6.440368159\1250750978" -childID 5 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {404e02e1-91fa-4291-b540-3ef64add876a} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 5220 1418a20dd58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.5.736373808\1901721108" -childID 4 -isForBrowser -prefsHandle 5028 -prefMapHandle 5032 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18c79c8b-5666-4cb4-9be7-a5f57557ad33} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 5020 1418a20cb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.4.544658479\1512930131" -childID 3 -isForBrowser -prefsHandle 4876 -prefMapHandle 4852 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3204abf-d44b-4ecc-9089-f0649248a11d} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 4888 1418a20da58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.7.299319553\806293301" -childID 6 -isForBrowser -prefsHandle 5632 -prefMapHandle 5636 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e3f70e8-e614-4f35-802f-3ddf7c79c9e5} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 5620 1418ab5b558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2304.8.473215622\803127433" -childID 7 -isForBrowser -prefsHandle 6044 -prefMapHandle 6040 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ab480de-db66-40b7-a498-22e97c473b72} 2304 "\\.\pipe\gecko-crash-server-pipe.2304" 5836 14185c52858 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
161KB
MD50f4b4c9a153eeee1496a68718e4e4d9d
SHA1d1d21be26718571ff3cbc68b5232d4a17a4633b6
SHA25697c6f39bcb5518d4cbaef6299fed500f21db4bd1d1df9e962048c4e96f48c684
SHA512885d56df9537f156116012464d88bb64c56619a7cda7d2095bc128c877e998e8eb3da1b0da7236d9dea0f016e73d672160927ff9ec92834cc72e67d99a6a1d1f
-
Filesize
112KB
MD5b2e12417801f4ebb037b70d11659fb7a
SHA108e24027be04378eb5b28b2eddb7c799168ba46b
SHA256ada017da7829a3156cbbd4f3f1d979728e45b4e3ca8d50c31e141fde16569c91
SHA5126c91edff80459ca3947e0acaac6bcf8164f358d273c3899609a8a343a65b1aa365576db8367a75b6c18b59e8f63101ad77ef3c7417eb970e31615222065bb360
-
Filesize
6KB
MD593de20487818996c83c73db2ea93fe90
SHA16e78320d437207799988683558e39961d1d5f1a8
SHA2561358ca05c232a70a8a3f156baa77746ed548f912fb9a7ce6d8ac48f444c53d3e
SHA512eef49caed37c8084d20cf38ff313100c7c7202ab81d4e5ad9f504d809687d087bd715729a7d1105d5875e8f8ab7ac5781c86466d0dd0f4a1a1e030939f050552
-
Filesize
7KB
MD54c8aea0fa25d2bbcb2928029dbc9c851
SHA196b3e1953a4cd3174bc09748f6dddb5af9804096
SHA25606e4fccb165ca779b06b9638e99771a5865b099cb84d4d218223812d63293d0e
SHA51228135c94ac6473907a7b7c1c9b73328b5af0bf782cbee801219d1c8f3040b98ac5a74dad959ea3dea59737bc9b8eeae328b0a962d3777b8f248d27a0c3baebc7
-
Filesize
7KB
MD50fc55919ac37b4fc3e97b2dc083644c2
SHA1269347c6d19885f359e4c247105299e330ea2662
SHA256087a2331d2adae7b5749ac8e08d1bb5e28c363535bb3584b33dbb93b424ebcd3
SHA512b5e6ea70daa3d0ad4316d34815457f6c308bebe272c7ee529d6dcc8e546ec1b1b99d958a0e599853a035e09328a2d935fbe7f31f9410427c1d9f0ce3c6aaa609
-
Filesize
6KB
MD58f10934257b40e46809c343085a8d943
SHA1ffe6eee36f45275852ee2e7f5bff161617c67e79
SHA256d5d801550d938a461fe96a723325d4a9ec75241123952b47c3df52d43d81ed3a
SHA512b982053fac81e82aba628094a8d45140c15bb9ced63666effd37733e8f8600a311846ed524d1cb7848a10dc9f9157ab32449780e35e14668c25759e17d1dffe5
-
Filesize
6KB
MD5feb8a52858c8167a58f36caa1b37f116
SHA17ae7f9d2721ae3c579f9e18e4fea679e8c848158
SHA256adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a
SHA512109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16
-
Filesize
7KB
MD5e90835559ace793b85a1363d31312c12
SHA18e0fc65df85298e281553823e49924de6bb7fbfc
SHA2569109d02dbae69fdcda182a76a43b77288bd3a5d9fcdffc745049a60b8e96ede5
SHA51290cae871fac3782a6cdf34b1316db354384e8374aa0ac27caf9909219dca54257fc561334d36c89cae1e3481564517b52e987c40c621e46617b5d7f5e4eaaad8
-
Filesize
7KB
MD5ab5610da2f55dba6afb18208ae3cd7bc
SHA11a10d272a64179f15d02cef8f3cc982218cf3015
SHA256abd85a30d9381b02b1a7b251a8f93f31a8f027f154698f2a9efd3e0b889846d9
SHA512f936d86218d011fe8396c4d5300c11346e0c1af703abbb981eaa5ddb01bb693f5ee122e3949535cfe8bf5a9021504827cf51b544b3d575e797772c55144b9d3c
-
Filesize
6KB
MD5552794f91c65ce3e81ade2ffd19201ca
SHA1c0b4fb5a6966eb22783e23f005aafc69e88edfd1
SHA2561ec3c4b8ea155d71797791bce46a84d059b6d255f47f0cf738d49302b6299800
SHA5125d53529188c49b171d8f4b88f0744a47991e00460dd6a70b0eaf6396248f611d3f7f73cef460ca2c101a3665472af895d789fb9692eb8d36153a1b7871ad013a