Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
08/06/2023, 05:25
General
-
Target
https://descarga.pw/como-descargar-e-instalar-clip-studio-paint-ex-1-12-0-2022-%F0%9F%91%8D-gratis-para-pc-windows/
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://descarga.pw/como-descargar-e-instalar-clip-studio-paint-ex-1-12-0-2022-%F0%9F%91%8D-gratis-para-pc-windows/1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://descarga.pw/como-descargar-e-instalar-clip-studio-paint-ex-1-12-0-2022-%F0%9F%91%8D-gratis-para-pc-windows/2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.0.1448836430\1137801304" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {285671c3-c89a-4c92-8319-091bd5f8810d} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 1932 19f428e3258 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.1.428523124\110187181" -parentBuildID 20221007134813 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {297fc274-6863-46ea-a6ac-3aff943e97f3} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 2440 19f35972958 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.2.785721793\1619723626" -childID 1 -isForBrowser -prefsHandle 3236 -prefMapHandle 3212 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e1bed7b-1641-4ee9-a84d-2be436535db4} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 3248 19f467e2158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.3.1955263230\1807833399" -childID 2 -isForBrowser -prefsHandle 4016 -prefMapHandle 4012 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2ed2a9b-780d-47a7-a1a2-2b8c441328fc} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 4028 19f35963b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.4.1482673718\155097197" -childID 3 -isForBrowser -prefsHandle 4708 -prefMapHandle 4728 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b87816e0-09fe-4daf-85b8-44040f3617e4} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 4748 19f48ea7b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.6.1253055956\432166226" -childID 5 -isForBrowser -prefsHandle 5032 -prefMapHandle 5048 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {645bf8c1-5865-4528-897a-0167b4091624} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 4712 19f4910bc58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.5.863433179\905687701" -childID 4 -isForBrowser -prefsHandle 4732 -prefMapHandle 4152 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1460 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b751d7d-987f-426b-a98e-b51c7dad224b} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 4712 19f4910a758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.8.276699954\360747548" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5508 -prefMapHandle 5504 -prefsLen 26578 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9768a717-44a0-41fd-b512-ac4765a77241} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 5592 19f49b20258 utility3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.7.1389101021\2066822225" -parentBuildID 20221007134813 -prefsHandle 5440 -prefMapHandle 4732 -prefsLen 26578 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ad337d5-97af-4765-bf2f-b89c0a1d2fdf} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 5484 19f49b59658 rdd3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
146KB
MD55010a94cce082f51057a5d0472e3a632
SHA1e17bcbdac93f9854591ffdedec07d48db07cdd3c
SHA2563bad5046d4de2d42c043b9886bf61b715fc7319cf72fe21cf519af473d5c1ac9
SHA51243a055ebc1971478cb5b268e870e03fc593532d36f7dd57007f1b76abc7a33a6919c41ce6f8b2e0d4df59bfbda86c4a8219077c45e3ac7ba7f3bf396472fbb6f
-
Filesize
7KB
MD52a5012edaf5dcb0f6570ea910abb1881
SHA13e1a43f399c1e3b0a3a203511acc4a8fd3fde347
SHA25633d06a16341c04a8820a1baa7f9c9beb7dd00848f254ad9418cc941ffabc74fc
SHA51256311a892a21ed08651be5150abb4d08f7f34815bac42608f3edaa7e2e2c84c9969961f8fda14b7fce9f37777f0b84a755bc6ac7b3d5e8ed5070e7b210f69df3
-
Filesize
6KB
MD5777dfeadc0fc341e3c765461e5a907e4
SHA1c4c551b0aacfc81e3f8c752dfef19aca5b4e2727
SHA256e8ffd9e409c60c914b5ee1fc8af994fd28b435f279f74c31519d7feee4caddb7
SHA5124f1edbac03438239ff9ed419e2392e233c1ccfd1cacfe119120aecb462b95517b62610c8ec5755f27df2acb7041a80a16e0adfef88ec1a68191c907f6922a353
-
Filesize
6KB
MD5d092ed6e0c209934842b566ea003bf8a
SHA1828580c9e1f1860e8c814f9381dc0dda5e1a4947
SHA256212539a9998c399c3314a08cb87a318e8e5b3638a4e3f5d4bd62dc631bdd88b2
SHA512556529a43e66a562e0068d13b06307132063d989a747989146d1141a65695775f58817d506cdcb941047d112b6aac2e8d78a4ab58232ecacd62e2a7b0fcff365
-
Filesize
6KB
MD5d15906f7f8d519cfecf1da2b47fdb6fc
SHA154e7b9e9a58c616e92f48356ad98925c14b24af4
SHA2567450c3376bd3b7f04265259e17a9ac1312a4770c2a8772dd23ff3b89b98fe98e
SHA512e1a730ebb725b4ca63430ba3918bf657eeb509fae847c2dc6a74b016e610c8821c72ad48a88e23ff57f799211065461e2caa29955b77e549c6c0cfe8024f73fc
-
Filesize
7KB
MD52b9e09e95be3c152c5b77b964020db80
SHA190ffcb186d1ea6dd07224bb0b5370da67d36df09
SHA256b82e2b30a3fbf619dfd892c14e17adef40bf1d126ada8deb8c61da68bd245a51
SHA51245e9a830cfc3ce7464ee8965cc05e78495f02155285de70972ba7b42e3eef03b31f05aa658cb798ae5d90d6e48df68a369cf730e9d1ab75005636dd379d8cc1b
-
Filesize
6KB
MD51984b45f201f1fd79d2154406648433b
SHA142f082dc6d4d43333688690bf4dfa7c7f8b618ab
SHA256000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9
SHA512e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc
-
Filesize
6KB
MD5476c3371b33b7e48455ee15b9b49fc4a
SHA169e791a18589f50eaa3e2a21225b1cebf06cfa08
SHA2561cec27ee748a4baa919dcac5ca5da60ca44113f85b4ae8493df77091c3fa0d27
SHA51251d1abe1890dfe195311e279c5ca66ee45a38cbac4026cd56f3093c261a218e24aa00f8c04d19f4e14988aa439ff522fa6f2591fae0410d10ef85886191b1862
-
Filesize
6KB
MD512fbddead3c89266d2c3c85ee890bd95
SHA14608735aab455cbc6623c7747fb95b1655ee5e6a
SHA2562ab7c51b084215fa795273b2cce0352d0e6d9119a521941dd11d9842b99b9be7
SHA512b036d1ef814707276d5fbedccb33c1411ad069f73696bd3d43d23648ca7f9578f74c3028104039612fe5b67ea4e48f810f723a0663d3f899d103f0737a83a06e