Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
09-06-2023 16:02
General
-
Target
https://appipv4.link/?_u=https%3A%2F%2Focie.app.link%2FYJrpqOM4abb%3F%25243p%3Da_custom_354088%26~campaign%3Dbloc_9ac3fd3a-fa1e-4a60-af9d-5bf221661a0e%26~channel%3Dcrm%26~customer_keyword%3D06402e31-6873-39c6-b7de-495d9e9c298b&_p=c21237c692536cf8e21786fde8bfbabb873ba05bb6115bec0006&_c=8b0658818a0876ab9379fff8ede8e4fbc56aba55ce665e9e667f82e72d3776b8a55d1b2fabda9e69ac7895e2a09a25af210d03443027fd173fbb1c8ba4d629a9b2e31418aababa9430
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://appipv4.link/?_u=https%3A%2F%2Focie.app.link%2FYJrpqOM4abb%3F%25243p%3Da_custom_354088%26~campaign%3Dbloc_9ac3fd3a-fa1e-4a60-af9d-5bf221661a0e%26~channel%3Dcrm%26~customer_keyword%3D06402e31-6873-39c6-b7de-495d9e9c298b&_p=c21237c692536cf8e21786fde8bfbabb873ba05bb6115bec0006&_c=8b0658818a0876ab9379fff8ede8e4fbc56aba55ce665e9e667f82e72d3776b8a55d1b2fabda9e69ac7895e2a09a25af210d03443027fd173fbb1c8ba4d629a9b2e31418aababa94301⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://appipv4.link/?_u=https%3A%2F%2Focie.app.link%2FYJrpqOM4abb%3F%25243p%3Da_custom_354088%26~campaign%3Dbloc_9ac3fd3a-fa1e-4a60-af9d-5bf221661a0e%26~channel%3Dcrm%26~customer_keyword%3D06402e31-6873-39c6-b7de-495d9e9c298b&_p=c21237c692536cf8e21786fde8bfbabb873ba05bb6115bec0006&_c=8b0658818a0876ab9379fff8ede8e4fbc56aba55ce665e9e667f82e72d3776b8a55d1b2fabda9e69ac7895e2a09a25af210d03443027fd173fbb1c8ba4d629a9b2e31418aababa94302⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.0.1895179489\934465923" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {70ab43c5-3c4b-4064-9b28-663c5f8bb389} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 1916 2b2bc716558 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.1.69934859\833541234" -parentBuildID 20221007134813 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d3d84b4-0cff-4ad3-b0ae-5bdf679605ca} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 2428 2b2ae77b158 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.2.756972978\458326094" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 3084 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {564a4a43-cef4-43c4-b277-40407a7ff44f} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 3004 2b2bf50bb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.3.855072572\1540228012" -childID 2 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17526b6f-c880-4cf8-9b5d-06d8a287d69b} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 4032 2b2c0c18c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.4.75387407\1149934610" -childID 3 -isForBrowser -prefsHandle 4748 -prefMapHandle 4752 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5003a23e-ba90-425d-9e3b-14d802b97b03} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 4764 2b2c19f3458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.6.71291958\275110392" -childID 5 -isForBrowser -prefsHandle 5064 -prefMapHandle 5068 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcf6ce9e-7a2e-4b2c-9df5-27dc33ef02de} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 4896 2b2c19f5858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.5.1415385834\1643423739" -childID 4 -isForBrowser -prefsHandle 4612 -prefMapHandle 4604 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d29e467-23ab-4595-81a5-c13e439d084e} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 4732 2b2c19f4058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1668.7.1667533684\914990384" -childID 6 -isForBrowser -prefsHandle 5384 -prefMapHandle 4664 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95e01589-f8a6-42f4-884e-619c809c8acc} 1668 "\\.\pipe\gecko-crash-server-pipe.1668" 5400 2b2bf50d658 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
142KB
MD510aecfabf0c3b28b22f5e838db4a62fd
SHA1e814b6427bd54e900532ff7c9c0030af841de3b2
SHA2569b0a0dc00355ecfa903dbfee3d8ddf075a268dca308d253557d60c6078ff4c50
SHA51297aa9920078818a1f99a3f3529b3297ebd3caf4db323be1eb4f3ecdef9f64fb9cd95aca0368ce497ed4e54ec544a54c17fd01c81f15c9913438d29cd278fef85
-
Filesize
14KB
MD586e6ef438e38510b910299ecd636adb0
SHA111e3d96dd7f4b2b18f8b7072cb329b601f7af07e
SHA256d2f88a724daa1c5b801971d1642ccf9df381ce11ceaef2907a0d3fdf9658b553
SHA51218c598e9a041bd94adfd38f3d6b014e4b8e1d09857725e29c41ff103136fe9f432c6b5c9ef62eb0cab82d5daaa287b0af41ae7d7b9917e3709f0755550a54b61
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
7KB
MD5bae0e9f8dda2f634a622821c05e056fc
SHA1c7536575886fc67a720b34211cbaf55f73162433
SHA256aeb68a71e67ff1f13fe0daa1ee69a41add33b8428f1240df5d4211cccffd81a7
SHA512435c40eeda01e40a4232977731b31c90217a2bd8e04b2a27ae2bea224939cd778edffd9019857e44fe551ab25b06798e68f0413e47ff2ce68472a9f2ed1a75d2
-
Filesize
7KB
MD5016b08d1d1d243079482961aef93a3be
SHA128371661fe557048cc061650566f88988cebfa26
SHA2560524a49ec8f9657edcb97734f397a0adc90d2110fc8df6eb1f244a96dbc4ce18
SHA512cbe9f1fad1a6b92611a9f87c5b34dc173111cccd0acaaede96519bb12deb94f7c6830b3fa9c821958180bbfb496102f45ab5571fb933a2507b2cfe14314e5311
-
Filesize
10KB
MD5d4ce53b7070c25aa3af6495a8a3a0d55
SHA1528f0e98f4a836d36d44897693abb4e947266984
SHA2562c9bbbf9a039aa271e71e7a11b47d20338c287dac9c1aedffde335429a8c6b75
SHA512a07e9bd656c258dd812a181266fb428fe46b9b9b56a0ff42f68424edd316d4660705b0cedd34842a26d07f6377b75471ccc89f4c58102a0c7e8f7f8dce7f33c3
-
Filesize
6KB
MD5b98577db6f131724581a4a136271883f
SHA15b612046b3c3b42b2328473ff85099ede3e7b58b
SHA256108df8ce2feed4d0a57d6a92e17c488b056bd906cfdb7cfac23bd37835a5b8e2
SHA51272f6e814237823c13adc4b90539adab87c7d7150af666511b821fc3333b968697dc7f5827d2375e6c23f332874f2ed90c75d10521b571b363301a5726887378e
-
Filesize
6KB
MD54a81470b4af28075fbc7464bb61bd587
SHA167e7568ad781ae65d3588d9e1964f8e10a2d696e
SHA25622debc54cac23c8221c6ab18e8be531cc0fc9860049a553b03aa2e70a3b4f524
SHA5129ebad5c6769bbc6ab0d50d547193afd1ec88688081e35a21692e3fbed19919cbb9af905bf6c5b958da53bb55f437b70dfa1ca5641a0e12db75167b59acd308ac
-
Filesize
6KB
MD5feb8a52858c8167a58f36caa1b37f116
SHA17ae7f9d2721ae3c579f9e18e4fea679e8c848158
SHA256adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a
SHA512109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16
-
Filesize
2KB
MD53a74f07bdf890435bfbaf25fc40137e3
SHA16c05daba882d33fcef0435807e2f2af251b4fed2
SHA2561dd3dee6a211197cf06061e7b4ba0b4b8469312ebc4d0b82c574095059aaf635
SHA5121219019b4f39ecf9796abf20457229a3ca6a61f32af22049274ec6ad571968451ab7db273c224e41edc6d110da63979c336f7fc34447378d122c66a2cb19f97b
-
Filesize
2KB
MD58f1b37a662a2ca9525c75680c3ec1329
SHA17754d4058a7def300778e2cb97fa7df816517927
SHA2563c02704ca8aaf6e16d083ca2f9b4f86f51db6da0bf68e654e6cedd99a4ce3dad
SHA512ff48abee88757bef5d6a55f27d894cf149d99fdaa72379e69cbc0fddc303a44097651cb9c0e159db3b352b5099b954f03afe6bb7d757c7990e629a2488ce6536
-
Filesize
1.3MB
MD586a78208f98a52fce8911f3652c4a018
SHA17d206eddd1ad833fa5f04f7ae020329ef13cdd47
SHA256d5ca599a5d0b3ef1ad7d9f856ecf45733b8c4ee8c169a78cc2a3f75335ead7e1
SHA512d304d8a0440ded585d0ffdae2febf8542d469d4a1a373c544695a792271838f482018c5e2e0f9d3d4cdb8be543f45d1411f49a0368683ce286c7e561b40b99ac