Overview

overview

1

Static

static

1

📁 EFT-F...0.html

windows7-x64

1

📁 EFT-F...0.html

windows10-2004-x64

1

Analysis

  • max time kernel
    600s
  • max time network
    598s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    26-04-2023 03:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    📁 EFT-FORM73409-FJ97HF56-0.html

  • Size

    7KB

  • MD5

    48c18b70945a097b6aa80350d896ad88

  • SHA1

    cefa313eb248b3ba3e1fd23dd7826d96bb602bc7

  • SHA256

    cc2204298524f1579b79918842b67add8f0a0dea261fe79eda7ae3e4ebb0d628

  • SHA512

    649c5539e0702efa607abe55345669f5fc6f19ac4dfb812d8c77218affb99ada639c4637ff5c3909f89c64510d3fff949692832e743d9d28602ed7aa3f492f40

  • SSDEEP

    192:aRmmFVakCK0uxkOg+4vXVgrIWFVRWcTqgaRQz4QewFTD:AmMPCruxkOg+4vFtWlZ3AEMwFTD

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "C:\Users\Admin\AppData\Local\Temp\📁 EFT-FORM73409-FJ97HF56-0.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1584
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" "C:\Users\Admin\AppData\Local\Temp\📁 EFT-FORM73409-FJ97HF56-0.html"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1368
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1368.0.390008783\103674748" -parentBuildID 20221007134813 -prefsHandle 1192 -prefMapHandle 1184 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d6d3140-15c5-4b8b-81d8-7f2122ebb6f0} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" 1256 13c18158 gpu
        3⤵
          PID:1400
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1368.1.1727119630\1918241498" -parentBuildID 20221007134813 -prefsHandle 1460 -prefMapHandle 1456 -prefsLen 21751 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31d19fcc-d9ca-4b49-8d82-81bc54e55c91} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" 1472 d71658 socket
          3⤵
            PID:1744
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1368.2.511793170\1419309906" -childID 1 -isForBrowser -prefsHandle 2004 -prefMapHandle 2000 -prefsLen 21834 -prefMapSize 232675 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {305f8ba1-f161-4c90-aaa7-0dfb5cb3806b} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" 2016 1a804a58 tab
            3⤵
              PID:1824
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1368.3.2033954730\131511335" -childID 2 -isForBrowser -prefsHandle 2816 -prefMapHandle 2812 -prefsLen 26564 -prefMapSize 232675 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86f70d1b-7f27-43a2-94b7-0130095a545e} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" 2828 1c62cf58 tab
              3⤵
                PID:1028
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1368.4.189301415\386097290" -childID 3 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26879 -prefMapSize 232675 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34ed92be-03f2-4d9a-8246-3f27cfdaa1a0} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" 1060 1d1e8558 tab
                3⤵
                  PID:2340
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1368.5.241851428\1976957535" -childID 4 -isForBrowser -prefsHandle 3544 -prefMapHandle 2844 -prefsLen 26879 -prefMapSize 232675 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5145b98-7706-42f5-9bac-e34831956ebc} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" 3592 1d134558 tab
                  3⤵
                    PID:2348
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1368.6.389401623\1963164145" -childID 5 -isForBrowser -prefsHandle 3688 -prefMapHandle 3680 -prefsLen 26879 -prefMapSize 232675 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1459daf2-ac94-4b76-9f96-178073b8129f} 1368 "\\.\pipe\gecko-crash-server-pipe.1368" 3764 1d134b58 tab
                    3⤵
                      PID:2364

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uzjlrayv.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  138KB

                  MD5

                  9b407a93ab87c17838cc141354213874

                  SHA1

                  807ad1f6c274c619dc0d3ac6b26d4f118564b09a

                  SHA256

                  1c0ae300c7152ee97ec188fe714de93643206c2e770be1658157fda57c16d2f6

                  SHA512

                  3c252c864fd4900bea83cf618bf60be02093f21d654ecfe5278ba250d99f8f8abca38f2d8b68729020bd22c7ccd4bcbc609c32e0138f34d968cd8484692a07e9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uzjlrayv.default-release\cache2\doomed\30256
                  Filesize

                  9KB

                  MD5

                  a548f228b23cdb2e2e26492ff0e0910c

                  SHA1

                  f93d8f86961ce5fc11c757e82801752204ad9462

                  SHA256

                  c5a4fe3620e553a1605822ab94cf6bf17736989e24b0175f870cb9e9fc7fc088

                  SHA512

                  70c4e6b4cb8097caed5b1da67dffbaad7bb099c9f27acb55ed5a5494d3d28bd0a9765416c033ddda66427fa61675b430cf89c90388b64efe29aad1671df39bea

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                  Filesize

                  7KB

                  MD5

                  a99596a86c4f5003f160acaa56109565

                  SHA1

                  f9a75f33d84c0abb48eccc66a269a941b742b0b0

                  SHA256

                  1a9780a9add22ac041c68b097f94559b78323029bd57dcdba425ce5d9481193a

                  SHA512

                  156109b6e461bdbf59574381a0fed69e4137c868aac7771ebb0b509e1e2e20d13dd0fa9f23ade5bac94fe36ab1d56b045f9159c95da26a5093b59940e4464add

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzjlrayv.default-release\prefs.js
                  Filesize

                  6KB

                  MD5

                  26b09660b11450d3ead4bc6a2a4d0077

                  SHA1

                  d69e65efae83a24184703949b308de45d0217880

                  SHA256

                  633729ab3e06b4e256b80cf5d77d5d51fff9e509e35bfa2d3fa44eabd76b7ef2

                  SHA512

                  fbca4293de0bc263568762c6f19ad31fd57c0538060f8a4370a472e3fc6a9544468267ebd7c1e74b1ff18e98e33f633e1198220c7c6a5d88f07fda16dd15e377

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzjlrayv.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  1KB

                  MD5

                  228156e47ead590739b6a3c82db3482c

                  SHA1

                  4caf40639f5a44f240ac26a09ee06f8e04b8300f

                  SHA256

                  4a64883c7577a339b4b713316bfb2e2d692eb4228f64778908c728e0b85ce210

                  SHA512

                  407c36d485bc655ac18b69b602a78af45903e89be88fe6602441251be32b010522392ebcf8ae7e27e1bd8ac7510721e673e1722d0c5cf2f2aa6bdac4d5ef1f1d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uzjlrayv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  184KB

                  MD5

                  e9c24ab05c7c49ec99d47b02eb2f8b23

                  SHA1

                  ae45e04cfff8af51496377ab4b39e347a6743de6

                  SHA256

                  873581a6a03daa2417718fb3c51e5ac59bc4e62896cc51ee0af47a47f370c30e

                  SHA512

                  5d7266c2ed1780eb3703a2ad80a37a75a0a997fa0f9660b566d58139c772efd03a2008556734724a7cdd2eb344435a5136aaa55027eb8fbcff44a830cf6f091a

                  Download Submit