Resubmissions
24-04-2023 17:36
230424-v62pmadd94 124-04-2023 17:34
230424-v5ehpsdd78 124-04-2023 17:31
230424-v3pwnafb6z 124-04-2023 17:28
230424-v13dzadd54 124-04-2023 17:25
230424-vzabssfb4w 1Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
24-04-2023 17:34
General
-
Target
http://instagram.com
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 54 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://instagram.com1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4952 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.0.1666191872\2000837886" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {235e876d-1c0e-455e-8bfa-9cc6a6642c7c} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 1916 1c493a18658 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.1.1207885968\1704151679" -parentBuildID 20221007134813 -prefsHandle 2308 -prefMapHandle 2304 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98f28676-a6cd-4375-8526-7e6f5ec4620d} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 2316 1c485a70158 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.2.1181237781\335938391" -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 2888 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22abd271-d94e-449e-a5d7-9579631ef54a} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 2968 1c496306558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.3.1782412010\432139029" -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79fa3d83-f4ad-4ddd-803f-484cb638f0c7} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 3632 1c497723c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.4.1982280293\642627820" -childID 3 -isForBrowser -prefsHandle 3868 -prefMapHandle 3864 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fa42941-bda8-4594-814b-312fa403c0ab} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 3884 1c497724e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.7.1224317619\437389499" -childID 6 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2af53bb8-3ae5-4d7c-96ae-8d4682e0c2e7} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5400 1c498af6158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.6.1816155585\1210736281" -childID 5 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4011cf9c-950a-46f8-b894-066ded65a278} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5208 1c498af6a58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.5.2085073555\299813546" -childID 4 -isForBrowser -prefsHandle 4384 -prefMapHandle 5056 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b6debd3-f191-4d2f-abd3-b02e2f9e0fd2} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5028 1c4988b7558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.8.488524691\1282868822" -childID 7 -isForBrowser -prefsHandle 5740 -prefMapHandle 3232 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db21de29-75e0-43ac-ab96-4daf1e8aec0e} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 3236 1c49ad72758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.9.825290413\944748025" -childID 8 -isForBrowser -prefsHandle 4352 -prefMapHandle 2840 -prefsLen 26851 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d211ce0-c545-446e-a79a-4963d430cf8d} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 3552 1c49ad74258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.10.425913021\39951328" -childID 9 -isForBrowser -prefsHandle 3848 -prefMapHandle 4940 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e40a0ccf-d2a6-4b7e-95c4-3630d07c12e9} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 4920 1c49727fb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.11.1071999746\140298495" -childID 10 -isForBrowser -prefsHandle 4000 -prefMapHandle 3988 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {554ebd6f-118a-45bf-a018-b150ba5b4f90} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 3936 1c4995c6258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.12.2038994408\1065436707" -childID 11 -isForBrowser -prefsHandle 5936 -prefMapHandle 5932 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6602ae77-9b91-4a28-aecd-6ac79430a384} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5924 1c49aa11258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.13.2006127147\693712962" -childID 12 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f40c2cf4-8a19-4a95-bc74-05ad8ecb2499} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5528 1c49aa11558 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
471B
MD5d6b67afeb31f0d9bfe232166e8b300c5
SHA16ba1a534d40fea9302591aaee8fb6969bfa28e4b
SHA256ab4f8d3ad2a02ad67059703fcb9c7ecd397d9abfce4b4cacdf7ecc11b4e37520
SHA51262c9fc6797c263bf33c8f52d5d41ce276b3df2aaed6433d582987a607ae508f5389f86d5d8a63cc5715964623f5be08d5741ddd70a0fe18f0140eb314815c272
-
Filesize
404B
MD522c45cea080faabefa9ea36ef0ed29db
SHA11e22d1e91883106ede28d55a35d4011eb93b6907
SHA256788ede1373f238379f769e5990a1fd34863841bfd5f57b72b5d5edafee24be2b
SHA51233a21c55f88cc42b12f786074e79f2855b5ebad6f68b71e2a645508e9b63b189d57b63dbe85708848f236854e07f7a2290164532339b822bf560acd69c5c877b
-
Filesize
11KB
MD574a2465d549513dbc2ec8144438500b6
SHA1bda7f92ff409b7c2903725481747057a6b9a3263
SHA256b4a668ee51184516abd74b14f8c2ec0f56e173213bb784cb822a5464963fded1
SHA512116d88e6e35dd9c0806f3218cad7279c62eda3b97fcfa9dcbf2168fe2d3157f7066589367e90d11d6f9bef8754e88e16e250275f44f58b7dcc67a51314537bd5
-
Filesize
11KB
MD5112f95bd7a8e11efb6553c5970fec9bc
SHA129eaf460e6741faccf8744dc74d42f911a73d358
SHA2564f4c0ebb5150db9096ce3e4edb754966f91c84bc840ea6b9240aa81c9bb5154b
SHA5124a2d2cf2ef5a1c1378959bbb3777c08f5a2a71934abfb8183947c36a0e5d723b1d14aad1721c08dd1154d4b757cfb7b57da23a4978ee545f2a5d081afc289757
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
155KB
MD5832d3f775b3780e66972ad35124f09c6
SHA16d6f46a286cfbacf7ab80ecef4f2fe126cb605a8
SHA25688803a8b412e59697ea18b081ad78bdd66147a8daf2460358e7035cab15fb757
SHA51231ecd77ab9a9cf362546fcf43b4f8ed8fd06a5a58bdf6eb70d38961d7fb4c71b3ccda6ebd375f425af18d874a3431c8e80411ab51fb40def9f2f603e4f88a34c
-
Filesize
15KB
MD50c5a9700377006bdfa3f6d67a6fcf86d
SHA1904c5d9da1f3f46d6b3a8ad3f2ab639e2f1bbce2
SHA256749fee6b17f7e63595f248c3828d02534d33e480541aecb84fa928352ba3d305
SHA51237b4b188f59c8e627e45625fcf34afb270ed86707d933ef47fe95033cbcd2d939f10dd8f4a5305c7c93e0f6604f98ef98d0b3af0b358b337fc7bd69cd8a2a538
-
Filesize
8KB
MD57c3a0bdab96e0aef3bc2dc03d9c9757d
SHA15b942715687651cf37a0896ed31640b01713acfc
SHA256ab3c0436ba093ead4d5d1ec99e8d2d3122474ecd4653863348d9b91aa0237a6c
SHA5122a2c008d974325cc834565c0bfdf91794e5138c9d64412e299694d1b9f5aee43e074cbab057a62fe4ca83e57527d383c48bea0e63b7cf29bcba19892121834e8
-
Filesize
2.5MB
MD5f1a84b6923d98e3930b6a4264370878a
SHA1d379c583085d3a11f6a934d1309d6e295b1a909a
SHA256970151420cea8f44a583daa3a95e598081393c3710211d2fbcac84c8433b340f
SHA512d2d37a7ca517c61b504f392f3cec3362b6de82cabe67f6a947cc7d2e2a2b31bfd18ebbb08a9b702dcf16629778823640b215e827c00b0c9d132e37ef333771a3
-
Filesize
172KB
MD501b260f97096f79fc7e71953d7391d30
SHA1e714221181ef9325b6adceba973a8e109683127c
SHA2567f187f22b58dffe31d6a4c642b98b26e8e216b6fd2a4b7e1124f5de0b667fcd8
SHA512d40a24dc607ee5393749ba47e4cdfc8b70ff852adec249c4a3fbbd5e20befc55f90282ef1359a3f21737d8399d401df4749170b2464e4c304857efad2a8356e5
-
Filesize
967B
MD5a8bf21d302923477a2502a83baf01f1e
SHA147609996bdb6e59e9bf1b53872541dc54831f119
SHA256492ff674e306dc4df255fcac8c790d7febb60fb729f3bf6cf6195e1c7553e7a4
SHA5123c27e1737d1535b6c054ad30ed54475601589e4839a460eae71cc9bb8ff7c32209d9a9e0616a65b22efeacf3951430164bf11c830889bd053afae1508122e3d0
-
Filesize
7KB
MD5103aa2a9da2b72006ce24ad173b25936
SHA15e45c42232466ccbc41009b605f76b6c735b8587
SHA256ff9b265c9567c68c4f8cc4e69d75d4a70fd4173e8a265f9f49cc5f519e6374fa
SHA512e36929602b3524d843466378caaa28e998e9d1ed25581f54284bc94d9cb64c85e59cb952a6d1f15ff6daa25f04698f2c9dbde550c70d12a0cb97ce1c286d1ba1
-
Filesize
6KB
MD5d5b4dc8b9dac08ae7b6e3794ba08a492
SHA1247fcaa55fbcd1c86aa3f77f197890a60e081630
SHA2564718692cf51619364fdc1f7fba2043223b7af1f7a28167585fe8de3c1db258ef
SHA512429af5d700e41d53f5af8bd35081c9fcd99454d6a196e2d44f4684b4f2bcb9c4dd18db0e6c59a9a538e00c842ac1f9df222cdd8781a41c5dc9bc8e0f0ffbaf44
-
Filesize
6KB
MD54420dc79c5876e6d6b0534cd6ea498d6
SHA16bfbe60af11ac0f1ba7818dc9d2794bf1e733416
SHA2568070b806615fa1981341344fb23d8385e233e29c2ef3cab631cfd4f45de704ce
SHA512193de326cbab6a919f07d710467733540a87d5aacab5a2a561863b80c9eb9f62c918d86bd1f532ce031bce0fdf48cc4c27f51fc82c7e7a4b91a66812265e615e
-
Filesize
7KB
MD523ac2e095e933d84448fad217524b63f
SHA1defd818301d702d58bf82846a2204b21f6aca46e
SHA256cbab5a5a9936e0578872a6c4f7f64c99a1fdd21e8acbc480cf850979cdc1eb58
SHA51237d81e6cc0a654f955b91e66a15d6d5d8639d5260b5e18926c5c87d88bb41e3b2e69907db58422e3d8548e5f9fe210eb22f3e00027d3159857ef570160343fea
-
Filesize
6KB
MD574fb50d7b319d21302dd6154b79bd7e4
SHA1d24da2d0e7396a88fcc75c0c12da68c60357cb94
SHA256503b5d228e521b4ca1933fb9721061d2d89e3089e3ff0fbb332a3b17947949c1
SHA5125011eb55df695757e036b624cd56bf534f86c585563328c36ed2b78905eba7eecc81aa9d2b8fd1b53d677fdce200acf69b1e78174674af1f3e0cea9665bf3679
-
Filesize
6KB
MD5feb8a52858c8167a58f36caa1b37f116
SHA17ae7f9d2721ae3c579f9e18e4fea679e8c848158
SHA256adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a
SHA512109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16
-
Filesize
3KB
MD5f2a6d6c8f9e2e3c26139df1e928e9d2a
SHA123190a1e9b9e96edd38411a056a1c5335d6cd7de
SHA256a464d1705b456111a8cd52180c64afed9021d6a9085c81f66003908c65717008
SHA5128789110705880bdebbe37f6fccf902d1cf6b2e829ddda8f9e67ce0dc52cd8ee901bce97f16048bc6c99dd8674d7573585d1fc2cd7e362c0a59741fcbf75d6da8
-
Filesize
7KB
MD5745e37f0e2564e0192a68433d4b60fcd
SHA16f2d38665f6ff1e619d13f76f6d9094c72f1e43e
SHA256a312596bbd2b6def620aae9230ac2a67d0919c737f8bf4098dfff8ab12388ccc
SHA512d41b270de0d0ba26376dd03ae856d8e2db5e78cefd3651b5a0570a5e50bf89f41c02bcf1008a8bf08f03e513ddb1086f8474e092da0a2d12b60a908f7de52875
-
Filesize
48KB
MD5b4ab2f9f50ab09037021c68ebb57ec40
SHA11fe89f1c6105c9d42e4aa3f8f89a60fa324c7e6e
SHA2569164f615bdfde260eb33b8f42f61ab27472ef8fbf3cb6959612039cb658620b1
SHA512a95d90a3e940e5eb086abe477a78c57d3d6997c89e042deba37d79f80b4121c5778969ca4be07825d9f06f2df2ba8e538d40024c3f5f87565562d54c5280b092
