Analysis
-
max time kernel
152s -
max time network
194s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
18/11/2023, 21:58
General
-
Target
verify-ua.html
-
Size
4KB
-
MD5
a2db73d14cf66a0bf2b67c0c6f5c9932
-
SHA1
b33afc9000a9ea5ea35c3591e31da80efb80d0fe
-
SHA256
3302f258eb18680cb0e167eb4d69f2146b8ff1517aaf74af17f3baf5a5defb80
-
SHA512
53dfdfb20b7b9b197ef812710dc5fd5de74441618051a6fa61b67abd305c4423fc0496571dfec9845cc47bd2cee6fac6b6e77609cf13275aa76a1018e4065155
-
SSDEEP
48:0TWiSTitsuUwgCzenjx2xxDnHrvDG6RUQXpUz+m4hFAc+9LUT4HFNotGXXoW:GwOtsefekxxDH3nCQXqzyVoITMFNsW
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\verify-ua.html"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\verify-ua.html2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3148.0.803258098\526828034" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a2a7566-dc07-45d9-bb54-8abe14d2d7ad} 3148 "\\.\pipe\gecko-crash-server-pipe.3148" 1976 1fae8ede658 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3148.1.257826762\810153030" -parentBuildID 20221007134813 -prefsHandle 2280 -prefMapHandle 2276 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c461b0e2-8df3-4afe-884e-34653bc26255} 3148 "\\.\pipe\gecko-crash-server-pipe.3148" 2400 1fae8bfca58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3148.2.1581031806\1450945058" -childID 1 -isForBrowser -prefsHandle 3116 -prefMapHandle 3112 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1440 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eed9fb9-1c3e-4888-9b53-0f5e91190f96} 3148 "\\.\pipe\gecko-crash-server-pipe.3148" 3128 1faecaed358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3148.3.436520609\1555028212" -childID 2 -isForBrowser -prefsHandle 1164 -prefMapHandle 1144 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1440 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce501d29-4a1b-4caf-9151-cd97b8ba4a55} 3148 "\\.\pipe\gecko-crash-server-pipe.3148" 3604 1faeb414358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3148.4.849598004\1963795802" -childID 3 -isForBrowser -prefsHandle 4968 -prefMapHandle 4924 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1440 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78d00faf-4f58-4149-8cb0-3a17170c12c0} 3148 "\\.\pipe\gecko-crash-server-pipe.3148" 4952 1faef346958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3148.6.410451592\1359540584" -childID 5 -isForBrowser -prefsHandle 5332 -prefMapHandle 5336 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1440 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {834dea22-c80b-4f2c-aff3-857c8a80f33d} 3148 "\\.\pipe\gecko-crash-server-pipe.3148" 5324 1faf0116a58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3148.5.564675265\799554858" -childID 4 -isForBrowser -prefsHandle 4968 -prefMapHandle 5184 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1440 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1609f7c1-cd67-4610-ac5e-ae50e85d4dae} 3148 "\\.\pipe\gecko-crash-server-pipe.3148" 4984 1faef345758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3148.7.533310919\2118412088" -childID 6 -isForBrowser -prefsHandle 5204 -prefMapHandle 4924 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1440 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35d460ef-64b5-4ae1-8887-72e5156eeb0d} 3148 "\\.\pipe\gecko-crash-server-pipe.3148" 4984 1faf0117c58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD5da82cfb888cc063f79b49788cc105598
SHA1eb4db0ec8acc9ea868549ff6582b44196dd82a4f
SHA256b9ac36915324f2b3041e3d43576edb2f3ea725f495dd46fb6c94bf4d2a5094d8
SHA512b020c93ce81df6e52df2040df96deec5032a48e510e16e178b9e560338a40e125d72a56916307860e2edae921411d61ba3d836f03b3263739f83bc08f903afa1
-
Filesize
6KB
MD5f63ed9bcef122a9685a5faac230a14df
SHA149f295ee911e68d4be07ab9d3517fc9cbef9fbe5
SHA256496f3b5343d0b5bdbf79d094ecf6e3d2576c5a933b0b8ea826902bd099ffb188
SHA51233dc365c9dd5922bdf754bd6464e4d15cded5a174ca94cee77576c6298c7c5d83c23edf107ea5e53caa5b0a709633e89c6db9d25dd7c2036c0e1918a0ab20760
-
Filesize
7KB
MD530d6d95d5f57208cf670b2725d9137c3
SHA10935702e67c6da5cdabff66cdec5a4c2b3fb6e5b
SHA2569d48cb176e93bb6680eacaedc606d118050209e6dbfcc414b50832bccf3fd065
SHA5127944ba6a77673951a856891df36063203f40dff8f988e72465ee791b9c17fe796d5c5fada62fd4acb6dafb79628ef1f4bb128802883084e1f365e2d8677fb322
-
Filesize
6KB
MD566df5e78ac950bf24b93c12b3f1017fb
SHA162bca25ab5144da6162247a80bf60853afa8dd56
SHA256b01e4c8f72473966a6658ee6bbd801796d61759d07422f95d2a66520b56187fa
SHA5121dc6961085ee15db55773500a17f43315763e1ec536703e811c3c9183d900e16c345bca5b58692eff6acc985f622a1571168bea6ed553b0c81a0fb1a3680a261
-
Filesize
1KB
MD5b41729dd8069cfdda3668ccbd59cd64e
SHA1667667c0fdf1ca40c774c187ea0eb6e92fba5eed
SHA256b5ac88eef712527adc36a032d959266472fc7af026f134cd687bb3811ea04ad9
SHA512d34098f3785edd0a16bf23a761972df220483cf79cd22920d5c85c8e283e6e73e3613ebaf45d8be5edac711d6d14f2426becfc3b71b5202e83643ae890164cda
-
Filesize
1KB
MD5e932e9e12d06bc401d3874d5e28e9045
SHA134a60434cd46c770ef9b9e1c1d3a017d7875eb15
SHA256ea92f520c0e30cb6c01f1ee4ec31c85c117501107623b7c210edc584097e9437
SHA5123576a184d9e1832c279446b38a4c98c0a09d7c99a0881f01f24bff0ace7c24e9f143b96ffa3f3346d26e2a0c9cb5bd5d717d1c3493ce4120fddfaff733918ffa