Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
05/07/2023, 21:09
General
-
Target
https://links.mail.service-airfrance.com/ctt?m=22412736&r=MTExNDk4NDU5MzI5NwS2&b=0&j=MjA5NjQ4MDM3MAS2&k=options_option_2_ICI_PROMO_ST&kx=1&kt=12&kd=https%3A%2F%2Fafricanrisktransfer.com/cp/?11=bWVnYW4uY2x1dHRlckB2b2x2by5jb20N
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://links.mail.service-airfrance.com/ctt?m=22412736&r=MTExNDk4NDU5MzI5NwS2&b=0&j=MjA5NjQ4MDM3MAS2&k=options_option_2_ICI_PROMO_ST&kx=1&kt=12&kd=https%3A%2F%2Fafricanrisktransfer.com/cp/?11=bWVnYW4uY2x1dHRlckB2b2x2by5jb20N1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:216 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="976.0.1243090514\896678091" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26354431-b213-488b-a36c-c6a4c1545906} 976 "\\.\pipe\gecko-crash-server-pipe.976" 1960 22e574ee258 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="976.1.1989441492\2069763365" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2324 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1ee6578-dd97-4e75-a894-97c2b76b4870} 976 "\\.\pipe\gecko-crash-server-pipe.976" 2364 22e57406e58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="976.2.1705406627\209322735" -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3112 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e4ce072-ba43-418f-8daa-f9819879b1e7} 976 "\\.\pipe\gecko-crash-server-pipe.976" 2900 22e5b1a0258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="976.3.2000465947\800447183" -childID 2 -isForBrowser -prefsHandle 3176 -prefMapHandle 3044 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1043c864-756c-4f2a-97e6-3954950dc1b9} 976 "\\.\pipe\gecko-crash-server-pipe.976" 3340 22e5c012e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="976.4.855160597\655548067" -childID 3 -isForBrowser -prefsHandle 3960 -prefMapHandle 3956 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef9af78a-17ab-461a-9061-275ea82a22ef} 976 "\\.\pipe\gecko-crash-server-pipe.976" 3972 22e5c011f58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="976.7.2103294258\990426383" -childID 6 -isForBrowser -prefsHandle 5320 -prefMapHandle 5324 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab5c67f0-1a6e-4019-97f2-b73f7b8e79fd} 976 "\\.\pipe\gecko-crash-server-pipe.976" 5312 22e5d6ee858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="976.6.646775435\908526950" -childID 5 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f168080-057b-42f6-a8c9-02d1e5631ce2} 976 "\\.\pipe\gecko-crash-server-pipe.976" 5056 22e5d6ee258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="976.5.628905345\2065875354" -childID 4 -isForBrowser -prefsHandle 5028 -prefMapHandle 5016 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc7c7bdd-da5c-40d7-bc5d-680856bc6909} 976 "\\.\pipe\gecko-crash-server-pipe.976" 5036 22e574ee858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="976.8.810639038\176118111" -childID 7 -isForBrowser -prefsHandle 4736 -prefMapHandle 4780 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81ba4a7d-d89b-4481-8040-56e514eeca05} 976 "\\.\pipe\gecko-crash-server-pipe.976" 3984 22e5c012558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="976.9.509528858\1603647130" -childID 8 -isForBrowser -prefsHandle 5032 -prefMapHandle 3968 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {024e0d30-3beb-4fa2-9792-2fb12167125a} 976 "\\.\pipe\gecko-crash-server-pipe.976" 4528 22e5cff8f58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="976.10.982282943\1748710052" -childID 9 -isForBrowser -prefsHandle 5240 -prefMapHandle 5248 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23fc32c8-b1bf-4e8e-b7ff-bf612d14fd0e} 976 "\\.\pipe\gecko-crash-server-pipe.976" 5276 22e5db95558 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD55674eaac3f2016f6c430ff71ea1803bc
SHA104b5278ba8ebb95ed1f53bbc07af2f9b18006b6a
SHA2564e73dfa733ba89f2715d078900d6967c2ce54695867bb7a6ec977e9984120018
SHA512f265ca77337a0d4456aaff32afaa9cfe723b8517d44297d74dd1f0c333f2801b0bd648a55d104602126c88b49ec1f4ea62af8b4773b9322446cccd925a6bab7e
-
Filesize
1KB
MD5394f695c46149616c4edcc355e335feb
SHA1cd2f3b1b39660ba68b8b8a7b7e0eb4d5b9dc4a76
SHA2560ec7f074e8cd71dfe92c07429f769c33e43a90022cfa7d2b6a6ce4e2359cb964
SHA51232f30aed729323ff7463884e4761dd2e7227913b65a6ca8440a5acc8b41f93c9d2ed234734e6bfe9888adfdb0b92d7cc347357d6eead996da05e7e0886cfb116
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
149KB
MD58dd10838cd0765e24b9b9d0b59350860
SHA1b583fab408a9553a657d52bc553ccf386473344e
SHA256910ead0c320359e7986af4260b973076483ea19b4157cd61cb1a84c45df97a23
SHA512260391a4352f84b7d4781b98f35c6261b0caca1f361560dbc9e8d4cf188de77be0238259f9ebfb16b6e62cf22e69c57d37f2ffbead6e198019e53a86fa2fdbd4
-
Filesize
6KB
MD56f4865ff5af3c410bae7aab19b4ddb4c
SHA130b9f92b525a563432e24118d7317665e87cf840
SHA256ca5964aa7a5d11fb3a4629a2502ab1f62d054d5c47f520c4ff134657959dd5a8
SHA5121f0eeecd3b0bd084fe5436339729e5ff892428dce3bda5676172046b71d4a163180a453538a8e597c2e63a51d644ae8c2cb0826c4d448ffeaf695e428d887d9d
-
Filesize
7KB
MD5b088bd7be32a148874d142f7c2b4fc0f
SHA1fa005793e16931741b13b1105249c9f0160aee87
SHA2561d3e0e641a0d2a428a8b80bf19fa89b07f9dd38cdf834cf12e2d5dbd9023cc13
SHA51200a5149c67fe5103d47eac556dd7bd5189a205e5cc2fb51083090da70e8fd9df7a678840ef2f4038ad3a63412afef4e205c1dff3d32ca26e9d4145152f01ac3e
-
Filesize
4KB
MD58263c382d404eefcfe29d388b5e63093
SHA1ec1eff09db5c14184e8cca9bf8359b4d5db9a302
SHA256ee6afb5bf8448c8a5f44ba25676348b4603888289cb9b35b1570ec7f4c502e3f
SHA512c8af0ed9ec04d8f874066d377f8b031b8aa8db91fca687516ba3398ea11407e948e6a3ae9a16bb48c16f3928925f9d4eeaf227479b1a350f829a549f3ccc67b1
-
Filesize
4KB
MD553eeeebe2345fa2cd7391ebeb14d78b9
SHA12b013e3f52aace1fa168fb4128a707311ca97254
SHA25665e44215719473f1cee55ff26140fdfc2de6b9451dff980823f7acad609bcc6f
SHA5120edc925e292dabcca8673b68980cea9c3b33d4a4b9953a7058069a5720b19c64afce4efecc4131d9c1b8e2be830a87f87f7fef2b77fbd52569a0c43420a05855
-
Filesize
1KB
MD51b4a1cc9e34651bee6bfe9085cafdf6b
SHA1447df58277afa691f4ad1deb4ddc5f9879005e73
SHA256a7a6746dc5ab860441d8abf33bdbb6fc7e0286168051edc3cf83c6eb91005ecd
SHA512c6f688ce519a272b3cdc5ff5ea29093e95979c0eb46e4271ff987f5bd52030558759b43ed4f2f71f3fb1cf35f1d51342265b5f50d9c4c6b25e09f789cddacc68
-
Filesize
2KB
MD56aab27324a4c667e953d514ef02c0ac0
SHA12bfa205d740be3a6019038bffdd3671e72c6e927
SHA256a415831aaf8aba0b11c16dab37952283429e48f9e5f3de9bc89a3d2aed8fbb3c
SHA512ace22f1a35d4046cbad866af404f72e0d4b497a8d4de27e582429ab39597b133b42f173e13affb4dcf302852db0497de99b47f0971712ca5d0a95f0194601e29
