Analysis
-
max time kernel
302s -
max time network
297s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
30/03/2023, 22:12
General
-
Target
http://lttec.org
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" http://lttec.org1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" http://lttec.org2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.0.727024239\866293381" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1820 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d15c6d30-1c87-43ce-b34e-3168fdaf381e} 400 "\\.\pipe\gecko-crash-server-pipe.400" 1900 1d4eeca7d58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.1.527652385\675040572" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e480dddc-badb-4327-83a0-3e418efe36c1} 400 "\\.\pipe\gecko-crash-server-pipe.400" 2412 1d4e0c6f258 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.2.1330914291\1031256905" -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3032 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8616d529-a226-4baa-9394-5e38f51ba650} 400 "\\.\pipe\gecko-crash-server-pipe.400" 3024 1d4f1b05358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.3.1000089381\1968803852" -childID 2 -isForBrowser -prefsHandle 4032 -prefMapHandle 4028 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0de41c31-29c3-48a8-ba55-3a678105a5ed} 400 "\\.\pipe\gecko-crash-server-pipe.400" 4044 1d4e0c5dc58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.5.1974302253\965546011" -childID 4 -isForBrowser -prefsHandle 4932 -prefMapHandle 4936 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2a8c418-a73c-481a-87a9-975738049c07} 400 "\\.\pipe\gecko-crash-server-pipe.400" 4924 1d4f43d3258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.6.11532033\49619239" -childID 5 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dbc302b-2a04-4e4b-9ce8-edc0578d6b2a} 400 "\\.\pipe\gecko-crash-server-pipe.400" 5112 1d4f3fe7158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="400.4.418127993\2006645763" -childID 3 -isForBrowser -prefsHandle 4820 -prefMapHandle 4816 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79d2501a-a0aa-4a45-9da0-d56c38195f3f} 400 "\\.\pipe\gecko-crash-server-pipe.400" 4760 1d4f4134d58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
150KB
MD5cddf3a8bf5f371d20d382cce048bb21c
SHA13d4f7a157f27434971b4d6abd0a979f662aff95d
SHA2569116ffc3d0213a391acea85f401fd680c90c0f8ae604d6f7e393163965293232
SHA51291c539cadfa274b6ffadd5789bdd0d3dffcdc9186ff4377ac466a7aa5f9bae762b03bc82a355d8e097df902db0b91b932ef3e8272dbbf226b2c007a29adc450e
-
Filesize
7KB
MD55b5661e7bfc1f5f1b9c0df06cc2bd547
SHA172c3fcb75d94453b16f6878e98ee5a412b2d191c
SHA2566b42331214830afc19fe2e0d255c9f29ce386d4f415608a96ec4b628db41f675
SHA512a677976b7f174bf8b64ae17a34a437666b828d631a16da8a476395c1e23e4d0cc39cbf14e57326826e7bc8156561bb727873c9633459f8332283d6ac17822c80
-
Filesize
6KB
MD53c960cee6cafcef966139657bb7ae91e
SHA17def20050cd31bd661aa492bb2e63aa5ef77c304
SHA2569a886f24bc0d42865f24dc58e5d6df96aed0ca934829da073a7d2e06d597e415
SHA512e08b165509b2561b90a624060a939917e1a0c0882ee58a6c0a334fb79adecf669cec09fdda18db0340e19fb30e17fa27b47fe9479148fed1598788b17844ca28
-
Filesize
7KB
MD544d35c55cbdc728f79be4abebff5101d
SHA16742bbd19f39debdf8b1f6077f1f527ba7ebfc93
SHA256755cdce3d4302e1d42962b08c181d8dd3a0561dee77a82cf27415e37f8d71bc7
SHA512082c3af4691d1c9c805003f01e978fb4f40a968bfdf4b078ee45d65bc2dc5584247a6b6b268c745982c37b34744ab162eec9ccd6dd144782722a809e313ad86d
-
Filesize
7KB
MD5bf99eb722c525506dd9a98bb8c0bdfc7
SHA16094ecc85e8ccd6074b643457d47b1f07e2f9ffa
SHA25692b6a9731460aa815a52cd8781ddec60590d600f1f7ea06b52678097618dcb70
SHA512e4a5cb20da53046631be49e32cbafd8c08719ad6e917ac6df1703455d7241469bbc0bc8d1f36174e6340fe664ac13c77ce80034db161664ef347192da08701ed
-
Filesize
7KB
MD5208eaa566696a332db4f06a70511a0ac
SHA1a11a007a4b76e4e906b8a332c8ed2198b760e36a
SHA256209d914aaa4ecccf337b34663aed7772e8749e839b990b640986f8ea25d88d22
SHA5127c61e8ba2d0ebd6b3dec8c681fd18ed5a26a950c2490fb5057b1f68abad2763826ffa7e8c15535e14977a2fc55216a08ee3ab603e7d573a6e2cd671037199ced
-
Filesize
6KB
MD549d323d27671a2bd59cfa5450325a7f3
SHA17f2d203494d2845fe50e05ce93cae710efa0e57a
SHA2560264ce9b1f7c3e113c65befff868ec34ae960558efb735d29d9e334a30a4c87b
SHA512f86295f8c7834ebec3330a5e0dd6994fb8656d0780a4bfe82259f0eff5860681dd04cf1740915ef6ad8651b6a0efbb4e69b5dabdf8ecf9a797b87d47554aa3a3
-
Filesize
6KB
MD5b6a956c0cb35aa0912d17d90d4aebe57
SHA1448525b60265d288b71974092edb173e9c259872
SHA2561d0431709b1b7e2931a6f86621809186d6721ac49b0b54ba12a423f63a2f8f46
SHA5126a75447c1b43dd0cc9e22a97d4d950705b4e69e68a043f3ffb92345fedb832143ad1794682580ff43c64e3d44e6aeb3bf7c78bbd21e231dd9f1ea0883d63da06
-
Filesize
7KB
MD535b1df96e12952bee3b6962316bd6210
SHA180fae3d77ca917f1e473628724307ed3a288a96c
SHA2569f47ac8888d69997893d745a93c465802a186df2a2d7fc357779801f5e1b08d7
SHA5123537427cb1ad4e083085b221f2e06d5cab6429e80c88d702417defd6f20e30e4ccdc4b844953343069c17bf24467a52917f74aac5fa3fc34276ba04c7005f855
-
Filesize
6KB
MD5108b97b1ff7efbdb1aecce96d55ff2e5
SHA1bb72b2e0c3d859fe5e821632307a32df331b55e1
SHA256c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e
SHA512e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc
-
Filesize
1KB
MD5274620fb1e3ef3fc93381355b059b1f8
SHA167822683892105b6f4139337ac82885b10a5c590
SHA256c83b4df0b4ec8c923cde7c04892916a53dbe1b48a6204711f826a0c24516821a
SHA51252d842a93cc21cc49d6d4e74b09638f395a8125564c98dd29c15c38b0eefc3a55561a8aa5d85f23a3f9c289e7bebb36ccf1c030177e57286becd6d67ad3030ba
-
Filesize
1KB
MD5bf73184afe5d879c9a6b15fbb4361eb8
SHA1eaa829cdcb957bd25c4afb280fd891593e7afa7b
SHA256be60126ad82057597801754d9b62c745fecbd59d31fced03377264e1dafb283c
SHA512223bb61341cf36ece13fe7e1db472631b6eca3bf96c0ddee0d2089db88a1039772410ec8cc202f13a11fddb0ceeed67a828f3d4e19d9ee0bcb5d2b6dc0bda81d