Resubmissions
30/08/2023, 19:27
230830-x56y3aac22 1Analysis
-
max time kernel
122s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
30/08/2023, 19:27
General
-
Target
https://livesx.eu/
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious behavior: LoadsDriver 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://livesx.eu/"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://livesx.eu/2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.0.365611030\1982933987" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7b1b12c-8b1f-4723-97c3-72efc02d657e} 544 "\\.\pipe\gecko-crash-server-pipe.544" 1992 25b01606258 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.1.211634865\444978755" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75e29125-dc3b-4f22-b260-aa0dfa9214c6} 544 "\\.\pipe\gecko-crash-server-pipe.544" 2416 25b7ffe5f58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.2.183386589\1018398736" -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 2988 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65b81ea6-980f-4690-8cbf-ef8e25f67660} 544 "\\.\pipe\gecko-crash-server-pipe.544" 3300 25b03fed258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.3.1055742030\1217192101" -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c44df491-35f6-4762-9c79-bfee1497b586} 544 "\\.\pipe\gecko-crash-server-pipe.544" 3652 25b056bab58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.4.71848885\580933932" -childID 3 -isForBrowser -prefsHandle 4992 -prefMapHandle 4988 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9a7a8c4-b650-475f-a135-a9dccfdcb3f4} 544 "\\.\pipe\gecko-crash-server-pipe.544" 5000 25b06ddaf58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.6.1348448655\204798601" -childID 5 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3a7f3bd-5e48-4615-8de5-fc1f78de16a0} 544 "\\.\pipe\gecko-crash-server-pipe.544" 5284 25b06ddbe58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.5.1653697997\1456521195" -childID 4 -isForBrowser -prefsHandle 5008 -prefMapHandle 5020 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52290968-45fe-4c47-b481-038d3f76aa3c} 544 "\\.\pipe\gecko-crash-server-pipe.544" 4952 25b06888758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.7.1332043789\1279869861" -childID 6 -isForBrowser -prefsHandle 5532 -prefMapHandle 5008 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {152ab360-c6bb-4eed-b2d8-8952dcfa313c} 544 "\\.\pipe\gecko-crash-server-pipe.544" 5524 25b07e6b858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.9.126078576\1812341748" -childID 8 -isForBrowser -prefsHandle 6028 -prefMapHandle 6024 -prefsLen 27017 -prefMapSize 232675 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5cec18a-a81b-487f-9cbc-576b84ac2260} 544 "\\.\pipe\gecko-crash-server-pipe.544" 6040 25b054c5958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.8.1728802397\1683591585" -childID 7 -isForBrowser -prefsHandle 3056 -prefMapHandle 3304 -prefsLen 27017 -prefMapSize 232675 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0bbf856-0543-4498-9e1f-274736f431e7} 544 "\\.\pipe\gecko-crash-server-pipe.544" 1688 25b054c5f58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.10.751017168\361068448" -childID 9 -isForBrowser -prefsHandle 9212 -prefMapHandle 8516 -prefsLen 27017 -prefMapSize 232675 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {915cd1ce-0baa-4249-bdf6-d23b91e93a2a} 544 "\\.\pipe\gecko-crash-server-pipe.544" 10168 25b07bec058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.11.1693106618\421895405" -childID 10 -isForBrowser -prefsHandle 9012 -prefMapHandle 9000 -prefsLen 27017 -prefMapSize 232675 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07e5d2d9-2afd-4d90-b41a-f1bac5d1dec8} 544 "\\.\pipe\gecko-crash-server-pipe.544" 8988 25b07bade58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.12.1680057791\862931902" -parentBuildID 20221007134813 -prefsHandle 10020 -prefMapHandle 10024 -prefsLen 27017 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3cbebe1-dcda-4ae7-8a43-790a92061ba0} 544 "\\.\pipe\gecko-crash-server-pipe.544" 2828 25b07a43b58 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.13.1371262437\1801166503" -childID 11 -isForBrowser -prefsHandle 8784 -prefMapHandle 10020 -prefsLen 27017 -prefMapSize 232675 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2954c32-2d05-47da-ad23-5750ee7339f5} 544 "\\.\pipe\gecko-crash-server-pipe.544" 8780 25b08b97458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.14.732342359\989292476" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9948 -prefMapHandle 9032 -prefsLen 27017 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b517cfe2-1ecb-49dc-9e7a-3a0d6ae6f98f} 544 "\\.\pipe\gecko-crash-server-pipe.544" 8776 25b07a44d58 utility3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.16.1813145355\546375354" -childID 13 -isForBrowser -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 27232 -prefMapSize 232675 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab46c537-f91f-4c3e-ba29-e66a85918cb1} 544 "\\.\pipe\gecko-crash-server-pipe.544" 5060 25b054b6258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.15.1608310994\2073455606" -childID 12 -isForBrowser -prefsHandle 4972 -prefMapHandle 2836 -prefsLen 27232 -prefMapSize 232675 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51fbb1bf-d717-466d-97ab-f2e09266ba33} 544 "\\.\pipe\gecko-crash-server-pipe.544" 3292 25b0062d658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="544.17.1620169587\439931070" -childID 14 -isForBrowser -prefsHandle 5432 -prefMapHandle 5516 -prefsLen 27232 -prefMapSize 232675 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ce8a18f-5184-4d37-8ca2-b1f8b068200f} 544 "\\.\pipe\gecko-crash-server-pipe.544" 5416 25b07a92258 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD552b67de754fb8272cb6ba9cbada4f44f
SHA11ddc6a85cd1b2df82c978dc82d4f6226a5d5651f
SHA256309c7aeb961d66df02c7b6a89f6f712b8c36b7f959f88e9c53cdb9fd195fbdaf
SHA512ec27da83c76c60f50f443e5bbed35cc4ace3120e032503e000e43c2064610623ba435f61928c58a3f32b19b549421144830e85b05d483e13da7c93c0794a84be
-
Filesize
7KB
MD513526e29a0852cee55e442ef0a0211a1
SHA1571bdddde37cfaa3b5a37687191096706dd071a6
SHA256aeb09228ccd33d729d81cfd9a55903839ce98e68c4a6e83a3c362f3aa00c9d81
SHA512a18fbffc3eabb17369da25afb252d5bfbb2eee8929f3e12c89e74d9a26f8804bd4725f14bfaf7047e9d92f822e102575fe2f8e1e43043b0cf49ddb2d86bee614
-
Filesize
6KB
MD585607100f5ddf2268a9a59cfb0b7276c
SHA10c9dd564f2cf2373ed92b548550b9d7b048dfde7
SHA2565b0f07d061b9f223fcf8ace1acd8a49f295c6b2e56e3773fd9c2ac7d0bcd241c
SHA512ff96614f77b8743bb31ae47a8f622b3345493ed784158d4a9712e32517e10410cf6ba423c3ef3e9bb75e58fca7e360086f36c7410bbb22f4d14db76b696396a5
-
Filesize
7KB
MD58c4350a49dc1b18df37fb366386aeec3
SHA1115dda4e504ab2417871c3d97721b2f418a25458
SHA2568c3460b5bca0807d8574a7cdb6a62adc1d8e4f352eab7a8599163045faaff42a
SHA51276be4da66f9d381152e87709b3a7ea1bf8297d4b3fe90f74041bdde00d5485754b536eceb4e8cd0b2611cba92017d91bae311781d052c58009d828a8dcec0823
-
Filesize
11KB
MD5d5ab9511e4ba9c21a8393874001da74c
SHA1bfa4ead1b97a30d8027d1b779c7255cb09d10fc1
SHA2569767b90f9482ad96d20b7a8522e2024f579acb40801c22f761da37ef9aeba039
SHA5120ea1d5f58bba3a9f6f97169448d58c677001c8a7796b32e202ee237d340995561b35682df45cad37f18de43094861601ed9763e5b347c9313624b92523c1fe74
-
Filesize
11KB
MD5a2fd670e6d4566707fadb606a61fd14f
SHA100387b7c7fecdb0d12298a8188614851003d5135
SHA256c90a897a262b0345718b8a49d7994c9b90bd19388d2d0b5ca62069ab297ba63b
SHA512d4ba2d74e996621dc781e3d4eb70c9c4f13f245f96c33f16a531a8ea16d51dbbb4e8a3beea005edf7348e8456ed8209e5c41b9f9cd305a4ddfb221ed129013ea
-
Filesize
11KB
MD5e2da31dfd26247a5d2a24637802ab6cb
SHA12bc3651cd5f58f8c403ba6ca495e461bdaebfba9
SHA256e68eaf9eafb52cdcea695c44476badf3b0c71531348b2e06703d20c6af47aa76
SHA5122ff8e67de1725015b17e2a25e399d1a08681e46376696aa3c93166cb888ea5ab071420d7b88478999070a669f959be6387b5e4175ecaf376e442798816524279
-
Filesize
4KB
MD5a94b611361d4bfc1c72dd6d6eea156f7
SHA11113d408ffbb12176eac5ea95005207746cce827
SHA25613e8420a8c0737bab5900768ccf02b56c719bc9c6da6e164793d640c5d648ea8
SHA512428a4cb6b5460868730b16f99c8457462eb1e4155e5efa5a774dbcc466dc26efabf6a6b106c194d1bda2ed8a335b4676b47090df38bf9f6628a0793f0077fb74
-
Filesize
8KB
MD5a93c75b5c4a9785a690f829f83257cb6
SHA1e243dc4e24c9ffd2626ac84f67fc1e4b505bb237
SHA256ded191ee68e6593623c70452eac21dd345c698456e9216d4757b21bf5c7e6eaf
SHA512ef36fecc6a244a86d2fbcb48db2923ce9d8f6941f87170fc95baaa54a8deb69a3c63e79aecdeb9721d6fd5ca49ddc212b86bb26246293ec4628430bceb86d0f1
-
Filesize
2KB
MD5614ff9c3da7d366ebd85b7a29d80c2aa
SHA1f8ce72a38c63eb59b11346210c62e60469481828
SHA2563a79f4a7636fb73835068772b3ef67b2a6c1862dc07f9dc4ba2d42333df586e0
SHA5126c97f5d05b50de78c588a73500514d43dbe0128d3f2c391590bc5cf8f54eedd8938f985c671e7f1c5cc4d23f109c6e990d3b426889c6eb2ec57ced9e838a00f3
-
Filesize
8KB
MD56e6c7582df19bb2a1214e4023c0fc353
SHA1942805187330bbdd81b61615fc995cf6c17df345
SHA256a6a1721e645aa6950de8247e76b0144ae7f6988d612d3fd85da9acf4515b04a3
SHA512179fe339f20276ea1d372828dc27a925fbc84ad203f63dbf58936d9676afff74f833e969ced42b30d2900a03ab80f1800e3e860a7e863406171d9472e78db535
-
Filesize
11KB
MD55618ef51d2ec3ca9ed707c11a0036741
SHA14d8c09a9323a1d2098f5a1cadfa7251373b1d2ea
SHA256c55923dd6092a91433b3f1e96c61f30ac35e11889e115f2e1bedd75c148be1b6
SHA51292c81c5c34886af31d00f2b7d17bae8d8bdcef6a9c7990c63ddc277fd2f2ef5aa84028ac46c72b3719e15dac165725728e7042a94e7a8a76358c41db9ae68796
-
Filesize
4KB
MD543d054ff336ab7aa68cef70c9470cf25
SHA137229a8282f989250d643e86c1eafe038cd63410
SHA25684f4ec4c6b1edca32501ec8193636f2314d4da454be093a7a05b91423b2f7de0
SHA512035c9f83f53dcc199b7561fd9bdbd71995d571d9405a814194abc9a131c05c0491586ead010fc6e96605481f2b6b59d86f4aad19d242e75e9cf41986e1c556d4
-
Filesize
40KB
MD51a04abeb6bcd38dc8fb44a924ccc199e
SHA1b48592718b124dc8c1938028d3e31f8eb5f26e2f
SHA256db2abd92df8def148525a3167d000acb8c9b1ba513fc0f15532868c141c0c0f1
SHA512ec999c8f75d7ed59e6692427c613f0e6a68af498003fac22ffaf5f590f1bd61e08370a5aaf9de7947c0239f538fed70e45e2484790fca546a83cd2c75d87a9cb
-
Filesize
48KB
MD5dff545f35fa526b7d0535af40896f257
SHA1493e875289c1cee190aac3d6c9b0d04fdca62041
SHA25693ef3b6b0d129848e89196d70107fd38f4aa590d6be47c6d7ef38a349834dc65
SHA512a0b55fe375a679bbea5fa58f4eb045e762dc2c617df363b2129452379f8669c590b4334d6213c5b8a43ddbb0246da144dad640535e669750157e4bd41ace18c9
-
Filesize
192KB
MD5023bdef3fe94a19c79139b37c80943eb
SHA171f7d361e6afc9b5037f6f660096aa77529e0d7a
SHA25603c8e93db6f14e68cb510153cfd92756ce57b48bd5fe85c9c57c438a0af162ea
SHA512589813dffe37a0bf1bbc192ecd2fdcd2021bdc25db947c8736ebcd565e56b826f6ae195ff01abb8c33ff5475907cc6e06fb196d9cb2bf258b18445dad06ed921