Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
19/04/2023, 16:21
General
-
Target
https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=d72be2fb-4e92-440a-8eff-c1e681a51c60
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=d72be2fb-4e92-440a-8eff-c1e681a51c601⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/HistoricalEntityView.aspx?hId=d72be2fb-4e92-440a-8eff-c1e681a51c602⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.0.282167768\59827446" -parentBuildID 20221007134813 -prefsHandle 1192 -prefMapHandle 1184 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cad3f75-0654-483e-9b90-76e3c9cc75e8} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 1268 140ac458 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.1.1085615058\1962507078" -parentBuildID 20221007134813 -prefsHandle 1460 -prefMapHandle 1456 -prefsLen 21751 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {baaa8331-d571-4858-b092-3f2a06387eae} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 1472 e71758 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.2.601284125\1779696942" -childID 1 -isForBrowser -prefsHandle 1804 -prefMapHandle 1036 -prefsLen 21834 -prefMapSize 232675 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50428fe5-c3be-4b21-9a46-f2e39bb6ddc7} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 1064 1a5d6458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.3.60711880\1557895235" -childID 2 -isForBrowser -prefsHandle 2872 -prefMapHandle 2868 -prefsLen 26564 -prefMapSize 232675 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf9759d3-62eb-449a-8f44-3cfc2696ad2e} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 2884 17867e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.4.1792773288\1994843127" -childID 3 -isForBrowser -prefsHandle 3308 -prefMapHandle 3328 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d116cf5-2f77-4214-83a1-de097dd549d1} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 3340 1e709858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.5.1739582818\1871928659" -childID 4 -isForBrowser -prefsHandle 3504 -prefMapHandle 3508 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26b19dde-98f4-48ec-be7b-650888f0adfe} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 3492 1e70a458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1340.6.1633378503\1711253904" -childID 5 -isForBrowser -prefsHandle 3576 -prefMapHandle 3580 -prefsLen 26623 -prefMapSize 232675 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6dd07be-9fdb-4300-9117-d92e7817c2ab} 1340 "\\.\pipe\gecko-crash-server-pipe.1340" 3564 1e70c858 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
151KB
MD54a3c11ab06ec8e6c0cd895e84bb31db8
SHA12f2d0eb900c37956024fa4196616f373e503e6c0
SHA2562bb9323dcd54065be55e2250567ed13890d9e76397ee4fade6ebeff7b93d5333
SHA512a8ef76a5df079b08678839a461898b0a2b3a0bf984095c4ee6bc96a275ddc911ca5e8172412a8c2bbe94586323af6da2d6a473c4f5dc979b13d25152ff61bf36
-
Filesize
6KB
MD5024c6fe18df82522164511c697474338
SHA1152f2037990159375f4846bec398c223ac5e6ba0
SHA2562bf01fd3c6c1e12236d23ad9d41fc04528bd1af72be08efb6ea097f4c8f64bb2
SHA512071602ab881eef19d5369f88a8aaf0194f931c8a013088466c5b493f600a7ab914693899e37dd84e30e380b25c4faf674616ea09b76f89465cec406b5ffde225
-
Filesize
1KB
MD525888ac2c807b6f90e1367d076e62cf3
SHA1d1caccb932e091cc18d11158db5be880a5433593
SHA256d910ba562d7cc9da7800084b68636dd979df5b67292d56282a76f125e095d41d
SHA512711c99cd71175bbbc9b6b1707b530e32cacec9abeefd5ff28fb9da9daffb11380f223ce4735ee61f5131909866c70b4294b8bf2c245135e3bb9d1a188a7764d4
-
Filesize
937B
MD5eef2910c4f29ed0694b26800516afc4e
SHA192aec6e1517e49835d7e771462c3219da5f0290e
SHA256188310254dcfbc0ab37db8a27de656b084ff6514f14e34f6fbfac01ea4b578a1
SHA51248da8f703b7031aced72b843e31a1c76860eef1fdbbbe0bb551fdadf622755ae75e4cc545d4f42185da541e245e26caa625219d5823d5cbe9f1a1735c07f2989
-
Filesize
184KB
MD57ec31b0cf77ad91d89ba864b7e5e29ac
SHA1b7a88594dcce7f0fe1cc9ae9362c58d1a16f1993
SHA25638ce562826eb2c710ae62b9d0549e85da8b68bf11118b37d98df11a0696849d5
SHA5126571d2a2d570d6e78e2b36667dbc20f53ff7b9f5f431f557aa1d1ec0bb7456e3c884b402a898ed69db94da0a8f70125ed15f30067d673e64e4dd46187b140983