Analysis
-
max time kernel
300s -
max time network
303s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
20/04/2023, 22:29
General
-
Target
http://35.225.130.96/artifactory/libs-snapshot/org/kreintosoft/P3ObjectData/1.4.1/P3ObjectData-1.4.1-javadoc.jar
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 19 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\ProgramData\Oracle\Java\javapath\java.exejava -jar http://35.225.130.96/artifactory/libs-snapshot/org/kreintosoft/P3ObjectData/1.4.1/P3ObjectData-1.4.1-javadoc.jar1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4892.0.1466115435\1857720089" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {095757fb-14f4-4064-b91a-5e8c778cfc89} 4892 "\\.\pipe\gecko-crash-server-pipe.4892" 1932 21d51216258 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4892.1.1939580748\409843784" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bed16374-56eb-45eb-8f48-63651bca2f3b} 4892 "\\.\pipe\gecko-crash-server-pipe.4892" 2316 21d4316f858 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4892.2.2071473304\830780688" -childID 1 -isForBrowser -prefsHandle 3344 -prefMapHandle 3340 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca1a5c60-3c7c-4b0c-ad06-7605f3bf0b75} 4892 "\\.\pipe\gecko-crash-server-pipe.4892" 3264 21d5018b858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4892.3.368474194\1795408811" -childID 2 -isForBrowser -prefsHandle 2460 -prefMapHandle 1456 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a56f32df-5b18-498d-b832-7edd30df1489} 4892 "\\.\pipe\gecko-crash-server-pipe.4892" 1264 21d43172558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4892.4.1981937503\861750497" -childID 3 -isForBrowser -prefsHandle 4052 -prefMapHandle 4048 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40bf064a-8bc7-432d-9deb-3fb541474a3b} 4892 "\\.\pipe\gecko-crash-server-pipe.4892" 4060 21d43162b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4892.5.2090778873\534115274" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 5012 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a22d669-09f9-4cad-901a-5b69c6da9927} 4892 "\\.\pipe\gecko-crash-server-pipe.4892" 4976 21d4312db58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4892.6.818336229\1692902007" -childID 5 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb86de5a-7077-4f2b-99ef-a8d44b0fdcef} 4892 "\\.\pipe\gecko-crash-server-pipe.4892" 5164 21d566e8b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4892.7.713546170\305242991" -childID 6 -isForBrowser -prefsHandle 5364 -prefMapHandle 5368 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c03e93a-7bca-4bde-b91e-f27b2f99c5d1} 4892 "\\.\pipe\gecko-crash-server-pipe.4892" 5356 21d566e8e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4892.8.1445412044\586270882" -childID 7 -isForBrowser -prefsHandle 5968 -prefMapHandle 5972 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c966651-b9f1-46a7-be65-9f4303b20427} 4892 "\\.\pipe\gecko-crash-server-pipe.4892" 5816 21d58f44e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4892.9.2105587691\1301330388" -childID 8 -isForBrowser -prefsHandle 4560 -prefMapHandle 4556 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a88c311-e8ee-4231-b908-2b4361aac00d} 4892 "\\.\pipe\gecko-crash-server-pipe.4892" 4544 21d59144758 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
158KB
MD5b190fce609077a3eb2727ff3a6ab3d36
SHA17174c280ab3e860df3af7170b0d717e4372902b6
SHA256f6cf2dadfb1309e22607ea5fdcc8b4ce9764464c0d09b0bb0c9cb2dae99bd04a
SHA51266e1bdd3df471726875c21d5fc3a8c707975d39a9740c44e962b571d010ea8b24ff9ddf837f1bf2feaf731266104835a65c393a08c07b34763cf3fea2c7cdf63
-
Filesize
14KB
MD56bfe85214ccda7ff543b641b1e0afb38
SHA10724fb8dad9e2d92932145813f7429776a77ab72
SHA25669d9f080c506ee294a56b017a8b361fe258504c57dfb6211663210e8a16f0eb9
SHA512d37ab8d2d03341635fa4503fe8ae5c3a0ff1241c6a97a8903edafa53bf75932f1472f73e98562b3a3f8023c68e97c69ee7a9cf323dceaf586b378f5b23ff8fc5
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
Filesize
14KB
MD57b36212ad58263c898687fc748efbaee
SHA1975831cf0d27d15045b18282bb3076e8fec128c8
SHA256afc989bb5b7d1d906ca4188920d27a3a1a62daa91172100cd9931eda7ed35d39
SHA512183d83aae009ea405343ab9e6c867770587d5c862b85879aedd004b6b86481a4bbc7962439e66403d86344a0854975cc016ec0504610f1a39bdb19f18d07c19d
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD565948aa3b138571d5bc68d63f2dac2c5
SHA129b24d6557a4aa4406f3ebe77e58de96cb10a040
SHA256bdeda5f5276308bee998eeb7f1fc66fb5c78634dccb8abfecc3aa85c2764db65
SHA512df479fc2eccd58b8708ba2bb237c33741d6ca33b641d929c0f0415dc6d21dd16182cb0fd92ffa15a3ed7b899ff63ca93aeb0ed1d7d45a6aa2b86efbf7994462c
-
Filesize
7KB
MD53a57a5a1001334317e0407fa4f36a1dd
SHA1949079c5eebf5d529abdbb4f6092c23324e3ca1e
SHA256f63568ebabf8073b2e8cb499988cbaa63c22f22d70c440b82d64c274ddcb2c86
SHA5125a69fe60ceedaabf64267d3c4646da659a696a150faf404aa293104595b06ed1e6572d1ffb673b806cbcd383429b9156bb5b411db1f2d921b1a747d511725afa
-
Filesize
8KB
MD5377ad5855b01fd19a5c3d97174b35d49
SHA1bbb55f7a6cb12e78611de0103647e5af340076f7
SHA2560883a911f987fec97a81c16386a3ffa7d6cc585c78c6ecaf7e1a69f21575ffea
SHA512fc518b090b45e6243329190a04e2fe6a9fb425526261ab0f0da978b391ff5a0b86fa51925c2973a6a141148c331464d537c89606be4521fae8eea1ada52bf325
-
Filesize
10KB
MD54bfa5070572583e9147f9bae3ba7704c
SHA1aa45d8598451dd5f308f95fd9bd0fe8ba8e39266
SHA25686f3ca11e2d51c26322231fddb4ec25fa0ba65890d802e8d7a6b24641ff1e6db
SHA512dd1fe8c65a02d56c6a84c61974f98a5090f12d32e968d2098dec2ab5ef25493f8ebe189bd10ab4ba350269563495fa26eba453ab6d289d679b2fa3cd779f6a10
-
Filesize
6KB
MD592849e64ee571666a174e3de7dc2fc28
SHA1c789fadd4a4aec6cff6e51b8aae8244d2bb80782
SHA256bb8768d6b1ee9f29cc8f35ed9580bf08252b9f44ed7bd1416108a039c79de486
SHA51236711dc868114ec7ec795df46e257805c8322473ba9dfd2cc8282310624031b3a3699d8a3ec4bf8de02bcddc07793be612d2b929a0f3b569a0c0e659034b1ffb
-
Filesize
7KB
MD587ead9cfcdcf98e9ebff6c133653eb7f
SHA1020bfcd860f0dd3d3e377fd5baae401c5b063fe4
SHA256e0e779f2561ec61c1ef4365460e2a2a427d20a747b875e8de7f2e672b5a02306
SHA512f8ddb515c1bf16b817316577499b8de80402c117f4f0c4e39d1990810c777248a220f0d21e2a6ec8cfd58eb6fc5cee96529f016c5370449a2de759c0aa1fb26d
-
Filesize
6KB
MD5207077fed406e49d74fa19116d2712aa
SHA13ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee
SHA256b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58
SHA5120c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e
-
Filesize
3KB
MD561c8a99004b2bcd7cf84309120279d12
SHA1bd9183b5e6e2c5422a1a20b799a79f979aebde00
SHA256a90d48d03a5dd13182c7df4ed5399173c584f578dc95d9ec6335365159a6f3e8
SHA512277c5719c2e4cd08705cd1a2c94a829b33244ad127312330e83f8967e9b962a32114bef8332fbe030e8a6ca0178e533dc94e031f3a8cbfdc86d550ad5708cd62
-
Filesize
1KB
MD5fc1acfa5e464661a08dde03ba63bd564
SHA1c7759f8e3b474b46a91bb93abd87a5f0db3dc243
SHA256924444993733db64eae35cd6bd2d745edafc46246576e8dbab550c3005c20f55
SHA5126f016cc6357ef55750cfed093dd76470b9e66c5edb314334d5ad29dfaf3cd127180ff676cc78f2ff7353ceb6ad098de69cd3e5769fd1a64dac0432544af15daf