Analysis
-
max time kernel
89s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
08-06-2023 11:43
General
-
Target
http://a7d70.invesmig.com
Malware Config
Signatures
-
Detected potential entity reuse from brand microsoft.
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" http://a7d70.invesmig.com1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" http://a7d70.invesmig.com2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.0.370396787\405682089" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f74dc027-7233-4423-bb60-f8e25ed0c224} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 1940 23dde3e9e58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.1.1872019445\2018314152" -parentBuildID 20221007134813 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 21628 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97b1a717-bea5-4be4-977c-dbbbd00ba4c3} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 2440 23dd1472b58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.2.1654443089\1623494189" -childID 1 -isForBrowser -prefsHandle 3228 -prefMapHandle 3224 -prefsLen 21711 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed3322ae-5043-42af-b048-2da06527f9d5} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 3240 23de22df758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.3.1960049871\410684545" -childID 2 -isForBrowser -prefsHandle 4092 -prefMapHandle 4088 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b95c8c88-cb44-4ccb-880e-77ee946bd0f7} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 4104 23de0caf558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.5.1860838760\1117202886" -childID 4 -isForBrowser -prefsHandle 4792 -prefMapHandle 4788 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35f3fc47-ceea-4d6a-bef3-2065e07f667d} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 4872 23de4a6eb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.6.950222940\1966399424" -childID 5 -isForBrowser -prefsHandle 4868 -prefMapHandle 4860 -prefsLen 26754 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {674bdfe3-188d-47b0-9a10-b93d485f8834} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 4996 23de4a6bb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.4.542458750\1745203610" -childID 3 -isForBrowser -prefsHandle 4764 -prefMapHandle 4720 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79a9c344-6f39-4481-b6a6-30d1cb1f220d} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 4756 23de428d158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.7.1600254684\1914625356" -childID 6 -isForBrowser -prefsHandle 5296 -prefMapHandle 5448 -prefsLen 26754 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85096df6-22cf-4ccf-bee9-4dfa7a655d3c} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 4804 23de40cad58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
144KB
MD5310134f1f06323577fb707871eb15f86
SHA1ba6f8718a3e48d4128c8c78987b17701a9c43dfb
SHA25678d7244d1dddc50aa21dc43974727db1d88d711a9a065ecdc2d44675872a6b18
SHA512266a11c73aef72df95c835b5c1a25d35c8340a6490b76b4bce9a0073f3720c4b777532f5391e44c861bd28f58b2f9f49b773de389b900ca33909d4426c03d711
-
Filesize
6KB
MD5aee1fc3dd8e58a568de43ce80a794c45
SHA10bf5bb83d76b24baa35dbc4dca2650dc3b851420
SHA2568d43533b395bdf75f9d777e4a88adc8b9d001041d1325c9cd5ce8a61a62c1b6b
SHA5125dafcd5c0105f288ca3e75443faf03398df725c46027916f3d87072308df793e55d5073450a5ced9b0f835789c76504014f86ed1adec15a382f2547f4f8da8c0
-
Filesize
6KB
MD550476a37407e7ce516ca0ca4d40c09a1
SHA14e6f6daa2454a159247e2d7d5736aee67e8106b6
SHA25696826f39b7af059bc99f754237b46781edc417056fe33478b78c16170792a670
SHA51210148c59b12bcf4f712258ecad081f4abf0ff2daffcd1cb82d827da8e320757c79b57e3073c5dd1da3a9af079dd8d47e113792c736be3974e6a6c68d3ef89969
-
Filesize
6KB
MD55af8fc415f617b339c6f70319fb2e194
SHA191e3e69bd70a869d69cff02b09b09de7a97a759c
SHA256f444c7e3a0fb5488074a8a8001fb214f1221289618872acfb48dcf059b80ee8e
SHA5125b046aca4489c5f879db8fdb415a97615d3301f129b609dcdf989ad0ffc7f03eab082582797d294cf4b733a25448f3b21d5062847cea7d618431c1ce6abfd33a
-
Filesize
6KB
MD50e7a8aa365e2ee032b393eeb0f61c77d
SHA1aea074546aad6b17ca8d5cd92a569e8dfef2894f
SHA256462bfe05b8fdb7ffbac575d9f7df6cea712dde1a136030c61701175babd88aba
SHA5121f1b0c1ab9483df0641210e762130e80ccb4db067ed13a325a7de4397fd7f3897d210463591984622cde4fcc356de5700ea56e7578b565662eb70acef6dc159e
-
Filesize
7KB
MD50deec089530e8f303154174ed923ae59
SHA1d0c781dc02081b8efa2fa932c0bbf0fe32a5b32e
SHA256c64703755e05a619dc2c904a4db7fad55e87ca0b4fd72799e5693e2d79778760
SHA512df955c8d5c97d97441aaaac73d60651c49fe4898c91912bf554a03df5adfe31749a7f0cc3f32d2d8a47f3a0abc1fba524f5f4b0206cf42dbc47feb8d7122c1a4
-
Filesize
6KB
MD59971fa8fa89a208685d3e30835832fb5
SHA15d9972a3bdbd4c18b3648597d2fd9f9fd6e30300
SHA25613417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084
SHA51202b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f
-
Filesize
3KB
MD5eaeb2157014cf5138db91d91da17eb86
SHA1bc47a848c65b93b9bc0b25928c5dacb5f54143ab
SHA25603c5a2db8c5c957dc20eb9a789c80ba5974de29f40adab70b4d793ffa6001f1d
SHA512829b0d08bc56c87fc6d24766beb3b76cdf5ac84e92d75ce01b2450a8cf352f1cf2d9117fa0f652330b766d00a047c2a91780d1dd907b8f69fa6935925dee007a
-
Filesize
3KB
MD554a9697484d56c372ea1c114d4c9c07d
SHA1147229fef491fca6c07878cf73514302975ce2f4
SHA2564a272829874ba056398031b9207ac05f4b36941ce5f6a7aa39e9afab25a8b620
SHA512099c64385693ea97c926288dbd12f5bf1cb74a5427935f1304e2eb30a0bd69cffb4be83eca0548498366ac2812a64110318f6e6f182b28267487f42d28c5b822