72f1006dd42d26f9e25139a7342a8782e33eb7bc5434c5e1216adb5f74e29adf

General

Target

gif123.jpg
Size

32KB
MD5

b78f0b28de22ab82e8c8e84e47f252f9
SHA1

ac9a5b21279ba4a9950f2d19cdd9b0f0e5cfaf37
SHA256

72f1006dd42d26f9e25139a7342a8782e33eb7bc5434c5e1216adb5f74e29adf
SHA512

f3f3f86c812cbfeebcf888016f0b27ac3fb0532159cd982f16a7763ab37824dc1210309e1695130873fc12c3be0d43e322f970cd4d8ac374c6d6bc5b6f8fcffc
SSDEEP

768:+lPlmCzSYDK7fh9GUx+9mtvXskrn7QDlNJwAWXKVqH3HC0wOrl:+lMCzCfHGqIm9Lrn7CNJwAWKUimrl

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\gif123.jpg
1⤵
PID:4976

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.2.1967343654\1135137306" -childID 1 -isForBrowser -prefsHandle 2616 -prefMapHandle 3168 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c280995-4201-4bd0-b3b7-ee2e4e7bde71} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 3016 1a7913e1858 tab
1⤵
PID:4428

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.3.1533065323\2067062054" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3504 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8ef3138-7638-4cf0-a01e-da64e9b207d2} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 3532 1a79201d958 tab
1⤵
PID:3588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.4.431206728\1609353321" -childID 3 -isForBrowser -prefsHandle 3788 -prefMapHandle 3784 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b073aede-d0a6-4fd4-a3c1-408a78d1e750} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 3796 1a79228ab58 tab
1⤵
PID:2056

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.5.359911710\785575812" -childID 4 -isForBrowser -prefsHandle 4836 -prefMapHandle 4844 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34354ece-e73a-40f5-bb5e-45fd5d01aec3} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 4860 1a7936f9258 tab
1⤵
PID:4472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.7.1660395736\790024014" -childID 6 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42443727-a7d5-4294-bbd8-1399d441c34b} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 5180 1a7942eb058 tab
1⤵
PID:4652

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.6.360161351\2130809057" -childID 5 -isForBrowser -prefsHandle 4996 -prefMapHandle 5000 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {008ff0b3-3306-4098-b918-b2dba23046cb} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 5080 1a7936fa458 tab
1⤵
PID:4276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.8.329246970\507842106" -childID 7 -isForBrowser -prefsHandle 5620 -prefMapHandle 5548 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {951562f7-9348-4eec-8cb4-0775b4af3819} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 5628 1a793b0da58 tab
1⤵
PID:4992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.9.1470739591\174846096" -childID 8 -isForBrowser -prefsHandle 3892 -prefMapHandle 3908 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a5ebf7a-fd3b-45f3-ad51-fb2672554b24} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 2972 1a7913b3358 tab
1⤵
PID:5472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.11.927567524\530160768" -childID 10 -isForBrowser -prefsHandle 5028 -prefMapHandle 4480 -prefsLen 30581 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41e32386-c2fe-412b-a69d-a0e59ddad30b} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 5556 1a795129858 tab
1⤵
PID:6052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.10.1226717538\134474987" -childID 9 -isForBrowser -prefsHandle 5008 -prefMapHandle 5276 -prefsLen 30581 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2e56269-cf7a-4d1f-9f39-398ea8f2cbde} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 5472 1a7913b4858 tab
1⤵
PID:6060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.12.1133954025\464326003" -childID 11 -isForBrowser -prefsHandle 6360 -prefMapHandle 5784 -prefsLen 30581 -prefMapSize 232675 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b128847-fc37-4a41-a1ab-d5981c410bd4} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 5412 1a78dd1bb58 tab
1⤵
PID:4360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads