Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://grhqmapp01.hy...

windows10-2004-x64

1

Analysis

  • max time kernel
    72s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/05/2023, 07:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://grhqmapp01.hyundai-gucc.com/Update/AutoUpdate/MasterInformation/0.2.0.1/th/HMG.GUCC.MSG.WPF.COM.resources.dll

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe http://grhqmapp01.hyundai-gucc.com/Update/AutoUpdate/MasterInformation/0.2.0.1/th/HMG.GUCC.MSG.WPF.COM.resources.dll,#1
    1⤵
      PID:1332
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4584
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3064
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.0.1127503663\855307235" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f1ecc64-e984-4f06-b7a7-130115c199aa} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 1944 26cb1e17758 gpu
          3⤵
            PID:372
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.1.186461028\844054939" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6becc12d-ddd1-44ad-8744-9382751811de} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 2332 26ca3e6f258 socket
            3⤵
            • Checks processor information in registry
            PID:4636
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.2.1293782993\918858250" -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 2900 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {178d89ad-f2c8-43b5-a896-d10338249f9f} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 2832 26cb0e92058 tab
            3⤵
              PID:1108
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.3.174105249\1137948033" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96ce3ec2-3b5c-4630-bc25-caa80793bf72} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 3528 26ca3e5ee58 tab
              3⤵
                PID:4040
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.4.235898129\1073410005" -childID 3 -isForBrowser -prefsHandle 3768 -prefMapHandle 3764 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4658690f-d96d-40b0-a0de-34309df77b16} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 3780 26cb2353858 tab
                3⤵
                  PID:3820
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.6.69544569\1020074746" -childID 5 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e484659-cff4-4fe6-91fa-a92464a6f9e2} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 5324 26cb7a7b058 tab
                  3⤵
                    PID:2000
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.7.693956688\27827266" -childID 6 -isForBrowser -prefsHandle 5432 -prefMapHandle 5436 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4dc0486-6030-4e2f-890a-714d97ec8e5a} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 5424 26cb7a79258 tab
                    3⤵
                      PID:1288
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.5.104103235\1365634610" -childID 4 -isForBrowser -prefsHandle 5036 -prefMapHandle 5112 -prefsLen 26657 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {482446a7-7803-40a5-af06-8f096c0ad278} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 1688 26cb7232f58 tab
                      3⤵
                        PID:4432

                  Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          159KB

                          MD5

                          e596b3d7ce65b3e775b39ea572498d8b

                          SHA1

                          7ba21f9696035dff302abca09ec13285026f757f

                          SHA256

                          f21ab2c749916213c7500811958bd059c8fea51c3317ba6bbed6a368c0e0dc48

                          SHA512

                          b96e51333e0dad828b678f4c968b8d0495c413093ca9d644b3a0afe82ef898af605669882f7fda29e208d0dbeba597f721217fc329757c0c93675dfc77b42b32

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          d577c13ec243f81f494468cecc37e789

                          SHA1

                          61d15b3fcb862e31d6a192d67d35ad591a69f52a

                          SHA256

                          1a67110962cf1b90243012e0fe000d7e57afdab9973c0e4fc31dd30b8a0182e0

                          SHA512

                          dba968081a5cf4052811de5710d42b8871f8801916b47e926da7023e4c9674301086cb8b3ba02f7d19283efce7b5089214d112b75dea3a2088f14072b8a0c6fc

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          3875f511ad729348a725162e1be6074b

                          SHA1

                          2df5d3f34005fe536f12a3ccbd0688294c988e43

                          SHA256

                          5ad321daa0957e2d9c953276a70a6d5ff1f4426581659cc961138007bfcc3b3b

                          SHA512

                          f3241fa0642f82f2910156db59cd3f4cfb1aee426b86f445823c626c077801015a520a1fb792183028a52f9c840491ef9fcc9e76abed7bd7da1e4379a0bda776

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          feb8a52858c8167a58f36caa1b37f116

                          SHA1

                          7ae7f9d2721ae3c579f9e18e4fea679e8c848158

                          SHA256

                          adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

                          SHA512

                          109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionCheckpoints.json.tmp
                          Filesize

                          259B

                          MD5

                          700fe59d2eb10b8cd28525fcc46bc0cc

                          SHA1

                          339badf0e1eba5332bff317d7cf8a41d5860390d

                          SHA256

                          4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

                          SHA512

                          3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore.jsonlz4
                          Filesize

                          884B

                          MD5

                          9d74cf432970a9807830a62a3198317a

                          SHA1

                          40b172f938026be6c1bf3902d7182b6c70711205

                          SHA256

                          5fd5d7b7e26f6e2d7b8cf35d1a4af99d80b1c16b67732f6823491b4db411f3f4

                          SHA512

                          6b7648e4f0c6047212bc52ec60ed8ccc9a464cda29c828cdfb6fe025a64ff72f660bfc046973ba0f023e2de9aaa03044c5d2e458ab2840a824ccec7c8db70ddb

                          Download Submit