Analysis
-
max time kernel
14s -
max time network
21s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
18-08-2023 01:24
General
-
Target
https://edi-cambodia.us15.list-manage.com/unsubscribe?u=036f6c11e317be895153ae47f&id=1fc0a4537e&e=56c97a2cca&c=9dc526ad18
Malware Config
Signatures
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://edi-cambodia.us15.list-manage.com/unsubscribe?u=036f6c11e317be895153ae47f&id=1fc0a4537e&e=56c97a2cca&c=9dc526ad18"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://edi-cambodia.us15.list-manage.com/unsubscribe?u=036f6c11e317be895153ae47f&id=1fc0a4537e&e=56c97a2cca&c=9dc526ad182⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.0.853297086\95047941" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3387eb2e-1577-423b-801b-ee7b1b23324a} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 1960 1f63f5e9158 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.1.803957027\372252386" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3f8b769-a5fc-4fb8-8bf1-843b8a261e1e} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 2388 1f63f0e6258 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.2.897004487\521576788" -childID 1 -isForBrowser -prefsHandle 3344 -prefMapHandle 3340 -prefsLen 21792 -prefMapSize 232675 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38725c8e-b37e-48ce-bf8f-4ae3c9859c4b} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3356 1f64322b558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.3.1382967756\1549240577" -childID 2 -isForBrowser -prefsHandle 3688 -prefMapHandle 3684 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ab95b10-5c1f-4f39-a75a-6d7872467ac0} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3696 1f64447f858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.4.1168451136\76979985" -childID 3 -isForBrowser -prefsHandle 5000 -prefMapHandle 4976 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17e96816-beb4-4c92-a015-009df306507f} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5008 1f645adfa58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.6.1033245647\851403642" -childID 5 -isForBrowser -prefsHandle 5396 -prefMapHandle 5400 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {828ad55e-c615-4750-aba6-ec469111baf9} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5484 1f645e95958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.5.1378621548\1884431245" -childID 4 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bffb812-88c1-4925-baf1-7a72b82ceb9c} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5168 1f645ae0c58 tab3⤵
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD5a4df339db2df31b7ae383073e36c60bb
SHA19018f73060431bf382eb545721dbe401acea8b87
SHA2569f788eb4097d240c99206a535f8e32228c8eb59a421a41a867f04f6f8740f4bf
SHA5129dfb6f079ca9ba32df0db9e5fd39f039ca95b181bdf7d6e17942281decd7c940c07ef0b8b6ef0641757fbe44a3dfb50422904cb6fd0959bfba86d22708ff216c
-
Filesize
98KB
MD5b2259f5f38a7b2e92474d1963fc82c64
SHA1002f137359f7aa1e19076653a4a2a53bcf63fbed
SHA256d249b4b1da432c589712ab555e87ce1aa29c333b2bdc26021194fa45d2d6345a
SHA51244ca52028b587ef759e2b82efabdcc3b3f9ad7d13128806a33bb396fa801b5ea6d4a6aca339f5015c785a6826a0c384cbeecd78c1aeb4e78518a4ebd1717286f
-
Filesize
6KB
MD55d3fa128dc9147a3eb13527e70870ecc
SHA177b5375356f22bdb796e4f7df282736139013f11
SHA256a0dcc60c412c5e1e3624a7791029d3922c5307b0b8a132247fa8bb74d68c5d0b
SHA51270f6af5c9a46248e2912b7ab12b7c4cbed4014b66e7d9f17071b40e2b555c9606b42975b1a7adeff86f790c6c67c5e124ae1bd3a86a8499a52fa3745eeea53a3
-
Filesize
192KB
MD503916f1b4c3dfea38885fff94891cd73
SHA1757865074a5715dc2320c637d1044c1645274e4c
SHA256acff68798e1515a47dfed08d928d67f757fc9c6ca7e46816e2d800fa24e053d8
SHA512aae8c60d30b5aa216acb4821a76aac339de583dddedf579693d5c0855fbc314d9c4f2f9133a0b91900af30d4fa7b3d9248939be410dc3769abce9ec4311521d9