Analysis
-
max time kernel
44s -
max time network
42s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
31-08-2023 07:42
General
-
Target
https://gem.godaddy.com/signups/activate/MS0tZXNzb1hBUzN1d2puVlgrTzJkMXhEeGN0N04wdkpKRVdiNE4wNEZ3ZlNRNk1vNFRCNUJxTmNVNURRRTlnK1ZWQjZOUHJBZWluMGFic2RBQ3B2Y0VRLS1jZFBVcFlKcjMya243aUFmLS15L0pWY0pxeVljdkRXQ2oyN0xrZEFRPT0=?signup=6863438#bmNob3lAd2VzdC13YXJkLmNvbQ==
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://gem.godaddy.com/signups/activate/MS0tZXNzb1hBUzN1d2puVlgrTzJkMXhEeGN0N04wdkpKRVdiNE4wNEZ3ZlNRNk1vNFRCNUJxTmNVNURRRTlnK1ZWQjZOUHJBZWluMGFic2RBQ3B2Y0VRLS1jZFBVcFlKcjMya243aUFmLS15L0pWY0pxeVljdkRXQ2oyN0xrZEFRPT0=?signup=6863438#bmNob3lAd2VzdC13YXJkLmNvbQ=="1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://gem.godaddy.com/signups/activate/MS0tZXNzb1hBUzN1d2puVlgrTzJkMXhEeGN0N04wdkpKRVdiNE4wNEZ3ZlNRNk1vNFRCNUJxTmNVNURRRTlnK1ZWQjZOUHJBZWluMGFic2RBQ3B2Y0VRLS1jZFBVcFlKcjMya243aUFmLS15L0pWY0pxeVljdkRXQ2oyN0xrZEFRPT0=?signup=6863438#bmNob3lAd2VzdC13YXJkLmNvbQ==2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.0.3676096\2049447582" -parentBuildID 20221007134813 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2462c2fd-8ffc-4d14-b35f-08231a11c699} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 2004 2a359d03858 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.1.1658424233\35285398" -parentBuildID 20221007134813 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1a77fc7-1630-4cb6-b4fa-4341c83f8d45} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 2440 2a3589e0558 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.2.393153092\1508674390" -childID 1 -isForBrowser -prefsHandle 3288 -prefMapHandle 3416 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {286975ba-c3fd-4ad9-b371-d14bb88b617e} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 3276 2a35cc2f658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.3.771915853\558824287" -childID 2 -isForBrowser -prefsHandle 3240 -prefMapHandle 3216 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c7efec9-b90f-4308-a528-a0642cdd9f6c} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 2992 2a344f6bb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.5.984034799\994577734" -childID 4 -isForBrowser -prefsHandle 5008 -prefMapHandle 5124 -prefsLen 26671 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d436049a-113f-4cf7-a138-17de04c20570} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 5108 2a35fc8de58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.6.648931719\1349312807" -childID 5 -isForBrowser -prefsHandle 5332 -prefMapHandle 5000 -prefsLen 26671 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {945e8ccb-b752-46de-98cb-df99ffef27b0} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 5320 2a35fcbab58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3644.4.1556547112\814562169" -childID 3 -isForBrowser -prefsHandle 4976 -prefMapHandle 4972 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1052 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e2406e7-886f-4a61-b0ac-301bae2b595e} 3644 "\\.\pipe\gecko-crash-server-pipe.3644" 4980 2a35fc8cf58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
23KB
MD5242b7aefdd6987a99725d75c37e3792a
SHA18ebe01da531a781d4caa23c1e341d5edfa200e63
SHA256c80d7681d6f6e479582aed0533283e2f23c82b7227f5c95dd3fd3a4276ddece5
SHA5124de2c875aedffff55aeada524d47041654d96178658c4710c3ab87997b9d49025e77cef50a7db21441505351d76b4fb5206ad09a7133ace8d9f805f95d842d9f
-
Filesize
6KB
MD58c2345821378de45d696d43f275ec7c2
SHA1284ea83819e6954a33c19f4a680afa10882a71aa
SHA2565911f6a7b2b645e82592c78f8303eb51324b687b292fa95b0b8ca36f46a9e457
SHA512eabe1a1b7426e6fe3a31b8001fcca96dfccfe3b1ef6a5e3c8509efcca590a5b9a597d49fa294d78bcc325b52e07cb142dc0975585e10e4bfb6c49763b18e725b
-
Filesize
7KB
MD52831738a495831a32c725c321507c437
SHA15c43810dcb9d71142899391b129f149b7a752f6f
SHA256b61dd8701c113af69c1cde09e625f0714c8e2c5fc97f89191518976ab9fb27b4
SHA512235791cc05d0d4b9fc458d1dfc4e2c0a452ee4443d87a22601f7e1d09fa885293594c060af3fd425599af867c632516d87f17437bc1545d68ad6a2d1f87c0862
-
Filesize
2KB
MD5a65761710edab1b1f80cf1ebe412f3a6
SHA1c58eb6db25b37aec70d6d60faf49d7348b0806c0
SHA2564520f9dc5fdafcd7516daf14ff5bd6891a447ee901a4d6647de32760b9e4bc29
SHA5123e637fa96747a673aeeff0d60d469e2e57f37188825bff3d5471af3e34ce903f05bc937ddfe4523e1c10a58020e1d3507d7144d6ae3de71718e89b1861dd4de1
-
Filesize
2KB
MD5500cfe97848ed5307b77f8f27fa3ab84
SHA164923ed129878203332d0f02d69d2e43be2b925d
SHA256ebd1dfc754b39dd29fba5f6e2d580a68e754cfa91ff5e5fc596f9bb35b0c4ce5
SHA512d989367f99a5df369cfd664a81b7517d4937ebdab6b72fb796de9c74c64d5c424b84d0e209240c65cda20fc79be9c45eff99c8c32c6096cbf2bbb99f8da8b4d6
-
Filesize
192KB
MD51c50368d3781df52d8ef844b80339444
SHA17d1d015f50fe436ad6afd91f9569da489eb17a4c
SHA256d5586407931f9560ab277e1ce44f8148fbf2079ff1997d860c4f3c59bed85471
SHA5121c0c7ba394b24fbead3600f0f6b52e698e748365af0cda7e6f337425949bf9d2a55065e8207a4a97b713828190ea9cd0e31396a854c87c4ffd336d661741a6f2