Overview

overview

4

Static

static

1

Enclosed_S...01.htm

windows7-x64

1

Enclosed_S...01.htm

windows10-2004-x64

4

Resubmissions

12-04-2023 17:22

230412-vxhv6adg37 4

12-04-2023 17:20

230412-vwmgysfc3t 1

Analysis

  • max time kernel
    138s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    12-04-2023 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Enclosed_SecuremessageAtt00000001.htm

  • Size

    27KB

  • MD5

    d1d55d75ddd400ee530d171851678012

  • SHA1

    1055064102dbe16376677d83e2969f62897596f4

  • SHA256

    32ff3830fcf413c63d16427f5cc11ed666574080ebe6512f7a2432905cacdd43

  • SHA512

    d6458fc2738c8d08c1a55c7a8418a4df7ee148d140f897d6fdac1198b2e5e9f41e454a6d59ecba2c9e72e43f5ca16b148bae73492f71204f3f4441e80b5b7578

  • SSDEEP

    768:S+BUTtwtmtOMWLsAEg90CRhbooiayhOIN:S+BUTtwtmtOMyBEg9Lnooi7

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\Enclosed_SecuremessageAtt00000001.htm
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1236
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" C:\Users\Admin\AppData\Local\Temp\Enclosed_SecuremessageAtt00000001.htm
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1448
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1448.0.1062330844\124619310" -parentBuildID 20221007134813 -prefsHandle 1192 -prefMapHandle 1184 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b111b2b-3319-4eb9-8086-95c415a2c9b1} 1448 "\\.\pipe\gecko-crash-server-pipe.1448" 1256 143a7858 gpu
        3⤵
          PID:856
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1448.1.1324482733\1027283714" -parentBuildID 20221007134813 -prefsHandle 1460 -prefMapHandle 1456 -prefsLen 21751 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b0e8aad-13d2-42b2-b5d5-5d3aeb959c85} 1448 "\\.\pipe\gecko-crash-server-pipe.1448" 1472 e73558 socket
          3⤵
            PID:796
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1448.2.1361021353\2070815558" -childID 1 -isForBrowser -prefsHandle 2016 -prefMapHandle 1032 -prefsLen 21834 -prefMapSize 232675 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b3bf2c9-e758-46a8-a265-080bf834859a} 1448 "\\.\pipe\gecko-crash-server-pipe.1448" 2072 1a9e6e58 tab
            3⤵
              PID:1952
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1448.3.1695485975\733536614" -childID 2 -isForBrowser -prefsHandle 2952 -prefMapHandle 2924 -prefsLen 26564 -prefMapSize 232675 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52d42cb5-9d18-4c03-99ec-34564eedccb8} 1448 "\\.\pipe\gecko-crash-server-pipe.1448" 2964 12f44858 tab
              3⤵
                PID:1132
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1448.4.557873018\56996417" -childID 3 -isForBrowser -prefsHandle 3472 -prefMapHandle 3448 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {852d1b56-b62c-40c7-8b27-8e355d7ffd71} 1448 "\\.\pipe\gecko-crash-server-pipe.1448" 3484 1cc38058 tab
                3⤵
                  PID:2360
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1448.5.1574026664\111507571" -childID 4 -isForBrowser -prefsHandle 3308 -prefMapHandle 3520 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5aeff285-de7e-435b-ae08-a9ad8e357a92} 1448 "\\.\pipe\gecko-crash-server-pipe.1448" 3532 1e52f458 tab
                  3⤵
                    PID:2368
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1448.6.2053385911\2056834955" -childID 5 -isForBrowser -prefsHandle 3764 -prefMapHandle 3768 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 876 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58bf2e21-910d-4f79-a3b4-824f4a4f26d4} 1448 "\\.\pipe\gecko-crash-server-pipe.1448" 3752 1e530358 tab
                    3⤵
                      PID:2404

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\81ei91hh.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  143KB

                  MD5

                  0960affb5e7d9288c387dac7bd021355

                  SHA1

                  5af3593ea37e5fb84ca65a772bd831bb250f5632

                  SHA256

                  52f19c81e808ea18de383996d04ac1bab553ab03311913186dd2515a8ba1d9da

                  SHA512

                  52e73370c7353a220919555750007bce2798db51f150eb9dec35bfbd07c5d17618796967641c1a5ba78409acc62231ec7019ea0c64d8c9e66735cd3892d322a7

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\81ei91hh.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  287079c0a70882ef8bb416820d8184ad

                  SHA1

                  67f9835b12c37eee8e6d0e00dbc303d8f7d9a772

                  SHA256

                  cdce500c9efcf5aaa92013a70429d0fb43331c7f28472a7186f8079e510b91b1

                  SHA512

                  05048711b5b6c658a6f7c522d33e0260b25f7ba970bd129adba232d68c82ca018fee195022a880972204f5d4566cbb89f2d4063741b0df1aafa8e8bf7d5795b8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\81ei91hh.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  026e173319ff99b255eb0c28f7fea947

                  SHA1

                  85d756fb9159333c24adba1c50ea5c41879ac39f

                  SHA256

                  b25f9762ba9fabb5adfed64e2b139d9ab2b422f854501aa71fe74c8fe0db453c

                  SHA512

                  5cccbc59f634c2efc652dd7c9b877a3dd32cef90227c3a4f3b1e7b3a808142e09ba29e9808289816feafdc49acdcfac58350ba6aebd19e5cc34e2493abe191b8

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\81ei91hh.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  076e002b370aa5f21b4e31d1a9bd4040

                  SHA1

                  030db0bfffacb036688eaa06bdd445b9471d1e1b

                  SHA256

                  8c2f3b3a698a6be6c3b26131bc0efed4f67a93dc1cd5d77bbb32d2d0629126a9

                  SHA512

                  3b190fb8dfda9742b3fded8a83d3f0473b6a4621fa4c12727a3703f1119f90dd2bcbf5350ab5a4abd5a0b68b7d37e114922cf194aca9d9986658bf38404b6299

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\81ei91hh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  fb732ab90ae806de2a908ea466074728

                  SHA1

                  384b71583a2741ec314d2f1a6f04a715ded9dbb0

                  SHA256

                  149d40bd736f752eb14a352c83abf35a2affe987c7f0aa4af0add7b988b49132

                  SHA512

                  b5fe272d713cd5a97bbddcb960cbe068603d67ba1a7ec48dcee80b9495e5cae0a21222df7bf9481fa42c7f5419c1008344aac4680e057d4e62c48566e3754a71

                  Download Submit