Analysis
-
max time kernel
70s -
max time network
75s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
12-07-2023 02:40
General
-
Target
https://visit.money2020.com/m2020-comms-unsubscribe
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://visit.money2020.com/m2020-comms-unsubscribe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://visit.money2020.com/m2020-comms-unsubscribe2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.0.59732740\2118459009" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1aca92c8-68f0-4646-b1f7-55831aa56c51} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 1944 237b8cfbd58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.1.1375492770\2131539470" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2336 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4afc57be-9443-472d-a39c-e59af32ec2f1} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 2376 237b8bfcb58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.2.394640460\1545991674" -childID 1 -isForBrowser -prefsHandle 3160 -prefMapHandle 2940 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25dfc609-5707-44b4-a84f-1b4f659702e9} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 3184 237bcce1858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.3.1376811115\990147546" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d449e55-045a-45e9-af8b-53bdf0bee3b4} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 3556 237a5162b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.4.955799366\524495711" -childID 3 -isForBrowser -prefsHandle 4796 -prefMapHandle 4824 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f671c8a6-3d47-48b7-98c6-bcb9c0b053fc} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 4520 237bee86658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.5.779699034\2089971749" -childID 4 -isForBrowser -prefsHandle 4936 -prefMapHandle 4940 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7db3748-bf5e-435d-8eca-104a7492d33e} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 4928 237bf004558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.6.664245047\1130269918" -childID 5 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04539dcb-c41a-43a8-8b98-7ad28da9eef4} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 4800 237bf006658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4548.7.612864079\677361329" -childID 6 -isForBrowser -prefsHandle 5504 -prefMapHandle 5540 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaf35522-c36f-4a3d-b2d1-f52d2beba37b} 4548 "\\.\pipe\gecko-crash-server-pipe.4548" 5668 237c070ca58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
155KB
MD5d5aaf279f7fd63f9fd80cc23c82d0bbe
SHA1986b44c5dfeefa76fbb012385568fd78ff54b831
SHA2569c69f4aff34bdea285edfb2b98c1b1590d358b40f8ac9853c1f3d222902d66cb
SHA5125699b11c357244e095d1f0e5b0da256850338dd24a1c5f1d7afc8fc95f4c4dbd93192fd90635086a8cb2d2b3aa0729e921ac7e9a4ca1d22d479545cc3f78af92
-
Filesize
71KB
MD5314e0b81e2fb830c5b177f0c723012dd
SHA1addd57088dcb6c65a97ffbca097efe19e04cf10b
SHA256354313456ebc9a9861fbf6d2f83e52864a1140039fd4e50b7e7070424b9b4c5a
SHA51293c08e8d839209509b3ca01081eb697fe4c7d6f32fdd2150efc0c4e18ee4a0af14af27f762cc36784eee3eabd6df08e69a88b1c6043083fdd963d7ee70209d55
-
Filesize
6KB
MD5bcd3bc8e2db73122579a70731bac4083
SHA15fefdbdb5a3c5437fb6c48c19003c300159bffa6
SHA2566293c071da155dfcee617ee64b7b6fe64815cd1b91137430bde0eaba860add99
SHA512ec57d818509271aeb5971d989c47bae0c96361a721794117aeeb566eb014216bbcf1d9efd4276aec5c164921152342ffbeb8f64e062d5b79cfb12cef372b778b
-
Filesize
7KB
MD556c4a38c4690b27d125199476b4c9c3b
SHA163bde74dc878117bff01670bb2c9ebe8443815b1
SHA256e2d7ba71e4ca2fa88def54427ebd70c777508d5bb1b81042798918eeadfcd706
SHA5120cf2758a95744f00a9d679cd67ba6f09f22b8958d5a5f8fdcc56c9232dcbc7a6d7cd51630296b37a70569a6bcd80c0de0d3d3be9d5862dfeb0bb48c843915878
-
Filesize
2KB
MD59f325626cb4343df961ddbbe44ea36d9
SHA11cddc72691d2cc99674d4e1e5c92db513d3f92d7
SHA256e2d969a90566de45ff2ff0ac76eb27c62a6001f1c87ef5eb6b6ea26e211aa299
SHA51279b96f59d475d7157309df471fdb6d6e0ad0daf6704e1ca0477b820ae3fa9f027dc5a1ddcdc67044e0d0c33f6796ef83c0666e35d5c98adf6954ae19c9d64501
-
Filesize
2KB
MD57926bc5eead46dc5d0240281822051fe
SHA1231377ad04d2baaea5ab4994ba97dded86a8e332
SHA256e20a615bf3ff9f4ca0e3d7550c08a1d5433dce0bad20dd4406eddfc3bc3f6baf
SHA5121f4b8af58edc17f6728b65c432ae1b3e27a54891fd02657e8a3a93123a7481f4c945e1b675fcf434434ad5c72a76605119ab8b5e27088611f03d7bab6516151a
-
Filesize
3KB
MD56cf44ae6a230550ca272ad1663090b88
SHA129f03acc6e95f444ecd699a5ff00a4ca05f1c9b6
SHA25650d3df1a08541148d129b606108aaa65d6a1479763e6c902f0ae6c2c1687e533
SHA5120d4b8258171b4a11ff922491b65afd1044828605508a84a36ac4321dc8eb6c06213e358a7c3621e46b30722d6af2aec349af532cf74d2843aca6a7a9c4bb2719
-
Filesize
2KB
MD5094249f09fe10480b9169f723b0c2d31
SHA160f5eda169d10c820f40d431428e967631a1cbec
SHA256632452514e56fb2b14e71ef45874e3682c06572c43ed5ed1747f967ef0d603f2
SHA512dbdeab03d2f390e7d68eedff1b327efcb32c0fa0ca1feaf03093f55d98512ad6de200d03a255786fb3a329bdaab4472944f85270152557924476bbcac41f0186
-
Filesize
12B
MD53c799cbdf463db58e9f69ab7c94dc97a
SHA1299629d36d893db78b7e9af40975373239074edf
SHA25629c602651dd9a5c4b783cf414fb207c45c2aed91bb3a4a54ea9fa7c840ed0d56
SHA512e527ae67394e5125290191707b14a1e27664455ca92f1349c3601f23ca2cf2d5b94639b7c9b1faf8bb4ef94f75b8f7775441b80bcb5fb9849f371ccc2a2ec70d