Analysis
-
max time kernel
81s -
max time network
79s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
28-03-2023 14:53
General
-
Target
https://futurershnhe.xyz/x?u=8988256668536257913&is=1679963663&lv=35&rv=0&did=NjI0NDcOCwwMBQMEAgIPAwECBgIBCwUHSw8EBQIGAk4FAgAPCwIHAQAASGtUREo%3D
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://futurershnhe.xyz/x?u=8988256668536257913&is=1679963663&lv=35&rv=0&did=NjI0NDcOCwwMBQMEAgIPAwECBgIBCwUHSw8EBQIGAk4FAgAPCwIHAQAASGtUREo%3D1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1008 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.0.802490617\1657162185" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1804 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67f2d1b8-7501-4b8b-bfe4-bf3c84ab959c} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 1936 174feffc058 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.1.861511083\218114294" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2aa4808-8c1a-4462-b98d-510500d96d74} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 2332 1748303ec58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.2.1858374909\660938744" -childID 1 -isForBrowser -prefsHandle 3228 -prefMapHandle 3224 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8417c169-7c48-472d-b06f-f2c88d17c0c3} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 3240 174858e4c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.3.1701713043\1119761157" -childID 2 -isForBrowser -prefsHandle 2468 -prefMapHandle 1460 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed19169b-184f-40a1-95f7-a9af6a7e2913} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 3568 174842f3258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.4.1544947108\1487018485" -childID 3 -isForBrowser -prefsHandle 4144 -prefMapHandle 4140 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b0cab91-eb26-409b-ba1f-b671df4f1a6b} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 4156 174842a9558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.6.1969365433\1522340893" -childID 5 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70b514a0-8508-4ed7-8716-e50d1fa984b4} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5124 174f4930e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.7.2071139216\1447393184" -childID 6 -isForBrowser -prefsHandle 5332 -prefMapHandle 5336 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a892b90d-b2ef-4bff-a396-4d6772151aeb} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5324 17488ccb258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.5.26776772\1221865233" -childID 4 -isForBrowser -prefsHandle 4972 -prefMapHandle 5040 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3158e142-abc7-4f40-91ea-aa186e501853} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 4960 17488476258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4872.8.1732470998\447280809" -childID 7 -isForBrowser -prefsHandle 5696 -prefMapHandle 5692 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c11aeae-e068-48bd-b844-621d10d4be3c} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" 5704 17489b74d58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
471B
MD5ec1a8bd1feddd633ab052e24541f94b5
SHA1c7244380a737ba75df1093e7e5e8f7bc7d2ce59b
SHA256422bcf49599facbf36bab286344c1b4e0e007665342b55d3c4eaec05e3cc2653
SHA51286f9db12f706ace002fdd9936ec76e67f5d8660953fccf00d13072e49ac99047a1b7c93a53ea8fb9862ef74128e2fe988ef3b0511a510e942f35351ac313bc57
-
Filesize
404B
MD526bbe222827741c57d4daea5307263ca
SHA17e4f58c1ebcfbfb15042e95ea92ed2497e850faf
SHA256b9c9b648a163e8af64a9e08a03a5895fd790fecf96222c5ee36e8d21f30f8d0f
SHA512924014fb07186e4aa9c0e07d4e5d8ba64b6d2266b25d6aa1e62720e019e40a83688bd3a742751e394f97cb2c7d43dc43abb950a6b4ed7effb03009082cbfb877
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
142KB
MD55e052c7d831cfea500692a9af6059d36
SHA12d0b50554cf632d7623ccf87d1a4fa5d53f35249
SHA256dfa0ed72b8500d7c9a197b7fb4aa0b7b57cda2b2aeb0bedf6757a213cbb1f51f
SHA5128db9ab20f5e68abebd4a61e15a024e7a805b5154a222c36628a1514dd3545da4907aa96641d6f007299a589b2854410dbd73200cae749d46aab70169c3decfaa
-
Filesize
6KB
MD55651f245098bcd20ca45df9f163e0957
SHA1b57512c162ac9f1fcdd7c66b8d56e5092a54af7f
SHA2560e8fc0e860d32784b04b1770bca484f11939eb7daa448e4f9d93e962756b54af
SHA5129d92c709c94980e05924e609698af1e202aad0c0d18144b5938afaa62181c6ab792d3b66147d8c50e3e79d99e165060efdb5c98030a460eac2ae726c5607ffdf
-
Filesize
6KB
MD5973ad6f8589c0fc9a808cb076ebff459
SHA1282c002dcd8ec898fe1d5f09f9d53ba550e2c8d5
SHA2562718b1bbf155718425202fbd6dc25cb8b5263c2756b6f8b0313eb2e00adbf51c
SHA512d723322d0bf605833d88b3ae50cef1019ff2abb9f0d4ec87162f6a18b73e7f6ad60da537fc786f2d2d0a9026f21eb5e4a971a1071c3874c96da1b3c3ff4c5e30
-
Filesize
7KB
MD5a8813df84e891a16be878b539f7d837b
SHA1d971ba802835d884038a3e910c4e70269a19ed4c
SHA2567c78de1846e9cd0f223b7373518111d11eb3970de33937de78f673311cf54821
SHA512cbec2341666daedfd6b6e84a66c16a43ba4151eb78c6b67b7fb6ff626f282c1602a13418258a5369b8fa5f80d20cb6d06032a4e09cf42844d3569f6b52408952
-
Filesize
6KB
MD579b58060c20873cda1edd0d302d9f149
SHA1c4bafdd81aaadcb01fc42372d7ffc575836785c8
SHA25634c479b13d22c1ab716b83f4387912e3541d8cc35e1cf9481a89ada37632596d
SHA51298647b72c6d7118ed4cbea05340445dfad098b9fb7127b6cc8a8f52f1c34679a8a3135973bf5ba7e17ccd46535191906382bf8ffe6b4743336d0ffe424e12d0e
-
Filesize
6KB
MD51984b45f201f1fd79d2154406648433b
SHA142f082dc6d4d43333688690bf4dfa7c7f8b618ab
SHA256000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9
SHA512e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc
-
Filesize
1KB
MD510a3598a6d633afd29cf3d1d5c71cfb6
SHA11e30810af642f4cd56e90826c19a6a02fc7e26d8
SHA256f8c5a4b5f4819d087ca93f73de2f85db6f15d972a75d64777bd7e2fc823b25c9
SHA512fec16e3ec70f567ee2defaee34a601eb57499bb8878b64f23ffc54cfe62f156228ddc71a7bb4b8c51b38fe65c9143b540feadb737bd82077604288b5051f7872
-
Filesize
1KB
MD5b96aca2cdc51e7b84bfe99c3374b01e8
SHA12eacdf0b0340500313153f60c0d506af9d4f6060
SHA256dc5f4ced62daa6c91fdff7ae06cfbafddbc4b4dd53d4d7885136510153e1256f
SHA512e03616dbe12de4b3249f00d949c0d0b18385f9f361b0169745ddf9f6daecef0817e769afd290a7eb7ba21a31d6461af173de8a400e4f0c67f63513549a6b173d