Analysis
-
max time kernel
130s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-es -
resource tags
-
submitted
10/07/2023, 15:38
General
-
Target
https://plus.google.com/117689312065000346895#117689312065000346895/posts
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://plus.google.com/117689312065000346895#117689312065000346895/posts1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://plus.google.com/117689312065000346895#117689312065000346895/posts2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1640.0.213726724\259635800" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2315370c-635b-4115-850d-b9a1c1269723} 1640 "\\.\pipe\gecko-crash-server-pipe.1640" 1964 28f193fab58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1640.1.1320942138\191307888" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2364 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27c663b1-5d5a-45e8-8f89-0a5f362ebde0} 1640 "\\.\pipe\gecko-crash-server-pipe.1640" 2388 28f0c973558 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1640.2.1675362432\1126008413" -childID 1 -isForBrowser -prefsHandle 3596 -prefMapHandle 3592 -prefsLen 21792 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cde33496-a3c5-497c-b223-de3f4af716d9} 1640 "\\.\pipe\gecko-crash-server-pipe.1640" 3608 28f1d21fd58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1640.3.1527923835\2029628675" -childID 2 -isForBrowser -prefsHandle 2892 -prefMapHandle 2952 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fea50eee-d8f3-46e1-b410-bc8d99cee973} 1640 "\\.\pipe\gecko-crash-server-pipe.1640" 3748 28f1e046558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1640.6.438931216\1355263827" -childID 5 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae73c126-e4b0-438b-8d7a-4814d18eeb00} 1640 "\\.\pipe\gecko-crash-server-pipe.1640" 5280 28f1fd8be58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1640.5.1270282056\567402369" -childID 4 -isForBrowser -prefsHandle 5096 -prefMapHandle 5100 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c99b939a-46fb-4bdb-b9ee-7e350ec231a6} 1640 "\\.\pipe\gecko-crash-server-pipe.1640" 5080 28f1fd88e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1640.4.1428247033\1490954953" -childID 3 -isForBrowser -prefsHandle 4692 -prefMapHandle 4788 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41ee6a46-0e81-428d-b20e-ded4073b29cc} 1640 "\\.\pipe\gecko-crash-server-pipe.1640" 4904 28f1e4e7858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1640.7.11674925\743845634" -childID 6 -isForBrowser -prefsHandle 5672 -prefMapHandle 5684 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b94cac40-26ae-4fa7-925c-9e250d325042} 1640 "\\.\pipe\gecko-crash-server-pipe.1640" 5696 28f20f20e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1640.8.557674466\1464767881" -childID 7 -isForBrowser -prefsHandle 5876 -prefMapHandle 5872 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3e0e5a7-e279-4cbb-831f-4891a27f1f89} 1640 "\\.\pipe\gecko-crash-server-pipe.1640" 5932 28f208e7d58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1640.9.563600723\1497786158" -parentBuildID 20221007134813 -prefsHandle 5928 -prefMapHandle 1756 -prefsLen 27232 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14c81469-cf32-4fbb-9051-fdb7b1049ab4} 1640 "\\.\pipe\gecko-crash-server-pipe.1640" 1736 28f1e03ad58 rdd3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
142KB
MD5db8881b2f4e66b757c94b1bac70156df
SHA130a88ced26b979ef3799d7c420043c0fe7b4dfe0
SHA256510316a9e40c1ade9de63c7e1ae3c517e54baf5e762f7baeedcab99feaf4b97e
SHA5122077fe1220828cf264b4783bc7808fe8338ce96d362156153074133d91e2cd8fdf5876a3be39a02e5e84956780a3d03d3ba71ee5846a7673895a1a74bee1f6d1
-
Filesize
14KB
MD56701e0a92ab901c9a602cf8c4fa734b6
SHA1b706385d24dfa05612cc9107b04cd849c61d4df7
SHA2563d624ee5f2bec1853a53b635d4cfd30615a635fed982a8803881332d18a18044
SHA51247163e81e7086dd7d8cf893dbc592aa8aa05f968d60927b2210c21891b30daafa489ba3d64b238451a44fec609d60c2a1609af1778deda66bd95df78f8cfc571
-
Filesize
24KB
MD53116a74f9510b99b6119dc7904308206
SHA180e887bcacc02f73c90f6124fc5aada78ab53aae
SHA256f720fde693b31b468c5e2d31a40039a34986ff7fa17693f3317d9bb8e84d1901
SHA51258f828db53542e5bc43e3203ec521e893fb7edf528dede60b78d9e5a32c36a04df91798cfec7a9e6ff8654fc64b4fccd3633ce9849c7d3f06b7f4cff21cef5bb
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD5469347906dda0bcffca95e16d8241786
SHA1af4c6fcda9b7a4c4663d5273567c63a7e61eca1c
SHA256162aea62a6c7a69e20ec8d31a16095c1e7c7876c4f0bec7a0aea6b1c7f5c0bbf
SHA51257cc5ccd67bebf2e8b5afd5ea73759d1acb0e5448830054388c3028a9b3a81bf4d4afe2924ed9686408c63694e73250b15847596668daf17930ab42f5f5cd39a
-
Filesize
8KB
MD53b2be8a4d187e8b2a293f72752b28f4d
SHA12097ca8575eb9bf4f3446d76ee837f5bae327822
SHA256e0f5084d272c090120a35f3aa2eafd2a271ceea627592d7e56c6e61a67198f4c
SHA512e1d40802ac5ef0888059eaa8765b339688a3118a00d42193863b016fe6c5a133919d59bcb383e8940c00ea897e848b92d1c96872aed209d87ad64fd0b85213fd
-
Filesize
7KB
MD55136552c8037e5efb970f65f6e7edf34
SHA1c452a3c1953235c05e5ddf67f040d2b25eb7ea55
SHA256c85cf72426fbe59ee4e2092b496089012642003805c6d6474bf35b7bccb7f29f
SHA512772b0f5e155be73b287ea7b9585f429e9fcf79e7234f603ff4911dc62a4aacb55791a00f3bacb6262290edf933787512f3f0c421c7b7660f86d6c500d00e9e1d
-
Filesize
15KB
MD54eaef67ebb5eaec767e38bc78fd5b114
SHA1e088ca45f56566fb6c8f7f961372b3d797c09564
SHA2564021552865378631633d2740e2fc894e31ef620c8fdd1e8c297134160c0812a2
SHA512eee1082cb21999b080bf2b937ff5651802afd019a7ef0b21503e0e8edce107e3b77b5dc54b2fb182fa49d9505289a40c9423f81cf5032499a693caf6cc682d9d
-
Filesize
5KB
MD5133273ed3e24c2339bf75443470f8c32
SHA139969e53b75ecccbaaf05993c103bf029442c204
SHA2564c6eba927e708324c247e55e4e78ca882909d89f916411cb31522e6384f43e91
SHA512291dba1271069daec906b90c5e4f8b3806adc8bd0b6846f0929bdd8e608d2c6388487447fe808bbf8c9f96b0541f6f541481279e8c2ea97db026d62555374f4b
-
Filesize
5KB
MD55a74301f7cf40d288256e08270bef12c
SHA1e0ebb40c96ac8e768b0a7dc04774bf268a9901c7
SHA2567ce3c43245cb96ab19e8841e990b84bf1de437b9e1a7dc617107cc44cb154d15
SHA5126c11a8dff7981e567bd7486cda742637f18c3ba153101e103b90c6da4e4e97e936f642ce0ed118ef619fdcfbc3d2e7383c858b55a422a0dd26595c62b0c0b88a
-
Filesize
11KB
MD55536cce4575a9615fd3e047933c51571
SHA12dc3a434307f9fb2997fb3a8d740dd47cd17c4be
SHA256750120599b7846ddc2df6253ce2f1c070dca4a77e895e3ff2b0abebe5db29b63
SHA51218e152fdd738fb47848f05ef7b6a1a3504c04289139809f38d6d6ef45b49a80e22dd73984e56cca99caf4b1c40fb245ad982d84c6bc840136abb8da2e01fc839
-
Filesize
12KB
MD5b2e69eca344166a4e89747e5e3f2447d
SHA1a66939ec37c6982d179308b0db6944c82bca8de4
SHA25692b30df8b86d537818ad655cc4a959b47dbf8f2687dec938c09549188ea013a1
SHA512fbdda855aef79d6583d4c34657789e25fe52661a12c62ecceb9a7140f493bbbdce542ea7eec958849d7930fe265dc6dc4e08befe772459ca5cdd8227bf6bad89
-
Filesize
13KB
MD586d51556c0ac0988b748a4873766369c
SHA137daab1c004d65f9a8d0ba8e9df9625cfaf37817
SHA256f266a666a39713d61b3799dc1db99d47ca07d731b95bc7a72eda27d780db15ec
SHA512e6d10b362575f3411686e976e5903801663afb205279bb7543ac74e32a5b38e50b6db1923543a5a19255465539dc8003eb6d78b203f947de017d6623a6fdea15
-
Filesize
11KB
MD58a14390219e5ed90785894ebc0c95a4f
SHA1f05e0ad3ec7ae7f748f903ecc72535a0d97a299e
SHA256200467741f32a68abf326148861442d782c3f06a2b0aa07269c19f6daea8c838
SHA512a689fadb9885ec44c373fd221f52982bf7844e306278c5060e39e5dedb1ee2f09770f4724bb06f35f6593370d31826e73dca284db4ff81d5aec852d946879467
-
Filesize
15KB
MD584e6dd655c6c154e09bc6bc91fc036b9
SHA16df095f0705c0dbb659aaae2cb7c55827af1ae62
SHA256dff35c186ae07aa69dba6f599b930d6d3c945a1350c406b065bda77e022debeb
SHA5127a8953c3b11670e1058a62db2d6cb34c7da18666b70d2859e625a0e6c71348a2c36783a9afbe5ecdcc5947a0e6790ec0fc3c25e869c5421d3d9ece0b0b9f8d10
-
Filesize
1.3MB
MD5df871d74239aba197a6ad8004b0e4161
SHA1fc681e8846ffbfacf756e069b893079267a7b582
SHA256a7bab42d0ce3d544d3397c265c6311f8288a64d0bf088e1cd8be52a283baf7a4
SHA512674827be51557481fd83562ed3683505f85fbe458daec7622a457cde5ab3bf359269dd7933b216d98393af6935e3fdedb528a3d324d0e68718e802b6d92ea6a2