Analysis
-
max time kernel
135s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
24-05-2023 16:21
General
-
Target
https://guidemyjob.com/esi/?288578
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://guidemyjob.com/esi/?2885781⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://guidemyjob.com/esi/?2885782⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.0.100181188\1463659744" -parentBuildID 20221007134813 -prefsHandle 1812 -prefMapHandle 1804 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d739b57-9da4-4177-943f-c8d4b53a7dae} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 1912 14eb3491258 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.1.1129644129\387603033" -parentBuildID 20221007134813 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {903b9c33-f45b-46f8-ae6b-f148014f4457} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 2400 14ea5472558 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.2.1166045646\613071221" -childID 1 -isForBrowser -prefsHandle 3160 -prefMapHandle 3208 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1504 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dec2d800-5bd4-442c-9296-934d57061d7c} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 3164 14eb60f0058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.3.844069272\193086474" -childID 2 -isForBrowser -prefsHandle 4036 -prefMapHandle 4032 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1504 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e23153c1-ec03-44c1-948a-bf92f471b25c} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 4048 14eb784a858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.4.91583531\18654431" -childID 3 -isForBrowser -prefsHandle 4812 -prefMapHandle 4820 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1504 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17fd6631-fd27-44d2-95a1-bb24ca606186} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 4832 14eb86f4a58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.6.314726585\584029683" -childID 5 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1504 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {278031b4-d775-4d0c-a6c9-890cc73e5c3c} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 4656 14eb89de458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2284.5.1393211778\332879933" -childID 4 -isForBrowser -prefsHandle 4784 -prefMapHandle 4780 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1504 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40bafe5f-fad3-4b6a-9a28-c14cee362bef} 2284 "\\.\pipe\gecko-crash-server-pipe.2284" 4208 14eb89e0258 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
150KB
MD57e61f590a26adc0ffd997e98b4b64323
SHA18bb233031a611071cf918e7791d28f5e6daa78b3
SHA256f783a065a4057ca322c99b0ce5b0cf1e1ade885931395ca74332a15e2bc769f8
SHA5127dd50149783909046fee553057e556efc83e62cc7c75a74b31a6d89c9f1a0114a432a6866c613714b0386dfc5b9453e4b08a9e6e014fb33e105c435ec42e9b93
-
Filesize
6KB
MD5c15f50ea91d23878071d5e4f9cde98b0
SHA1ab6d7df83ef94efbcce658ce80441eff3d8a720d
SHA256b372b860baeb350712cb160199eef61ddad557113e1095bb8a4e092f548658c0
SHA512ebb52a97f65b806a6a53d228e998cacd150f0269e22ec8beceb3cf00c82b58d2f802b87dd3ef54a4633e6f0f3930f8ca45c38ec68ec9f3b4a6acd172d7677c3d
-
Filesize
6KB
MD5ef44a0e32d1bb3260453edb453ad741d
SHA10cc1828d92be5773cd2f09dd08a3dba94e7d965d
SHA2568833eeb2d91ccc5fe1abcee671ecda41cd4a7cfa4ed0af2ff234fbb830afa194
SHA512e522b1a0c043c0065203240768c1976ad42ae59d0dd21619988913cee8e49c6e5c3776f642678052da1c8fc135562358dbfad4bab77f44825a5c1a41bc33a814
-
Filesize
7KB
MD5ee50b10ad252576c8eb2a98c1509f110
SHA10a49be3186827bd0b75d4ba1d66b111cf8e28c37
SHA2560617a5bb8c6ab51eb874994216a1e6c30d4ba945921b79652957487f8b543b27
SHA51230360b3bdf70ef61b0a85f36f7f55fb985107a7ae22edcc7ab4c191acb9e68de719c78b91ee6d9b9f1dd41ad5fc4ecf27e73b93d7e90e311b385747678442d7c
-
Filesize
7KB
MD54fe077f7b3883ff1586072da8efe31bc
SHA1613d0cee0ce3691eadf74a7ef0235ad30483c26b
SHA256fac360578ed812a530af8f0e44fdd1a1997b7ee61cde6862bbe05c4d29925b27
SHA512dacb43eb8113bc7f9a894f91d2eeba5ac0488475101cf46ca8a8a08142143de1e0dc195c0d211d493b322f12450157ebbfd8697484535e99c8bf5f5cd0d691c1
-
Filesize
6KB
MD51984b45f201f1fd79d2154406648433b
SHA142f082dc6d4d43333688690bf4dfa7c7f8b618ab
SHA256000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9
SHA512e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc
-
Filesize
6KB
MD560d0d06016bb638d229b9ceffd9d803c
SHA1488c8042c8893db7f3a6eb4e11a0638bcadae471
SHA2568e278e4e1e43a9ae4e624f9a14eb1871678b9574fa966f18ccdf4392146f8dc3
SHA512d31f9a9cac16fd79d795daf6304e991d0fa5f127b82a486bfca5b27a08574260c77b68988a7cfcda49802ab876e67a518afe104728f13e91c30d66bcfd80b26c
-
Filesize
6KB
MD572206d10e43c12b746de14be9101bf5b
SHA13fe272ab7c424e0e5d592ab7e71d4c55c9c32e32
SHA256752e6c66ee0221f119fae15ce2798dd9ca3a438318d6660f73e855ea8275b021
SHA512331c31a448c0d39a46e05b782cb54be6041555fdc93b3d7bb936131390c4a0b69e7b1ae91ae55cacf990509e39aa27dd083d75041f6629222f9356f31ff07732
-
Filesize
6KB
MD5a8ba3177315d25a5ea2b25c427eb2bad
SHA19e647e985f3db86ae739b2f4f1d7a4d4f2b17855
SHA2568046f2981382a75611753bd37e92d3b995ac2bad97ae201bb1eed6a820d04041
SHA5123c63dc06835230ce49265746ad8afc8cfc5c797bd6bc2a33714e8cdbe53cf1a68d5661ca64745db56cc1689d9fc0d987042ffefdbe366bb9bbfdce717dfe82fd