Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://t.me/Rustikcy...

windows7-x64

1

http://t.me/Rustikcy...

windows10-2004-x64

1

Analysis

  • max time kernel
    21s
  • max time network
    573s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-01-2024 00:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://t.me/Rustikcyberservice

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://t.me/Rustikcyberservice"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2984
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://t.me/Rustikcyberservice
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1364
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1364.0.1925434361\2134415798" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1848 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {832cd9d8-8435-4800-aed8-f292ec915465} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" 1952 19cb62d7e58 gpu
        3⤵
          PID:4820
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1364.1.582439357\1198068070" -parentBuildID 20221007134813 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d57d31eb-e946-4b61-916c-9d68198e33fc} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" 2384 19cb6204158 socket
          3⤵
            PID:3200
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1364.2.549294992\1490256893" -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 3328 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19eea9ad-8de3-4e94-86c5-00efa7db669c} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" 3384 19cb9ed0958 tab
            3⤵
              PID:2632
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1364.3.1769656041\821926690" -childID 2 -isForBrowser -prefsHandle 1028 -prefMapHandle 3144 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {440ed070-78fc-44a3-a86d-69a2fa800f30} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" 2940 19ca976a258 tab
              3⤵
                PID:1608
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1364.5.819630035\559942463" -childID 4 -isForBrowser -prefsHandle 5140 -prefMapHandle 5144 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5380a7f3-1acd-4763-a5c2-b52598e70001} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" 5132 19cbb4fb258 tab
                3⤵
                  PID:2108
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1364.4.755627020\1053050666" -childID 3 -isForBrowser -prefsHandle 5004 -prefMapHandle 4984 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a16d75ae-1dc1-4315-8003-6dd356b43c98} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" 4996 19ca976a558 tab
                  3⤵
                    PID:4696
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1364.6.1614085103\245755870" -childID 5 -isForBrowser -prefsHandle 5336 -prefMapHandle 4996 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc93dfe8-0339-47c5-8c60-e90b11724f23} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" 5324 19cbb4fe258 tab
                    3⤵
                      PID:4472
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1364.7.609918980\682638830" -childID 6 -isForBrowser -prefsHandle 4912 -prefMapHandle 4516 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {590b06c3-a4b3-47c2-b0a9-829cd7003daa} 1364 "\\.\pipe\gecko-crash-server-pipe.1364" 4808 19cb8bc7258 tab
                      3⤵
                        PID:380

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    91KB

                    MD5

                    72137d5c6cab0bcc15da9158fd5037b1

                    SHA1

                    b1e06e8362cf914180be17e210ae0be0097cc99e

                    SHA256

                    84b0da914b9f36fcc32e9d6363a7fbd1dd97bd518802753e73b855828d2cffe4

                    SHA512

                    18a6fae61b512c35096c3e97a0818d69b4415af66f230e5ff9ea05495e352dcf23161e27410eb6c0052304ff6705360c05c6b479c6a3d9046faaff578e5789a3

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    1.6MB

                    MD5

                    e341e1081e0cc91bf1efde3e4a479e96

                    SHA1

                    69ffa0fae89d69215a494af2cfbd8a25629a99a3

                    SHA256

                    c46692791b6d899f52c31f0fffa6a45af154129afa90c0822139b981ffeeea5c

                    SHA512

                    49b8f72810255e143cb561027cc58bf9d4601f4a5fdfedef7dbb39930c45dda099b63152b3da215e67ff67b26312ddaf3301ea0bf213b98892f8b2947d82f86d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    9KB

                    MD5

                    ab91cc7e304008d12e6e1547be616bad

                    SHA1

                    f9ffb5a1c45c2cc5112c94a00ee9a2b6fb4c2435

                    SHA256

                    14a1a450ac74a77398ad55346482e34fc380939521c0fd6bc2977764c5fa6009

                    SHA512

                    822e6a550d8d726553147f19419a139c460e5592e958154afba98a88eebc3827095d490f2e72cc192d39d74820e7a3aebd8142994d9c1b684c027ba4b9582417

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\pending_pings\a63ad0ef-3841-4024-aab8-59f85112672c
                    Filesize

                    734B

                    MD5

                    3f432e713f285c001c8e010785f7a736

                    SHA1

                    8beb3b7b18ee5ed26a8a8fc643c3d363f288f371

                    SHA256

                    52e02cd37d2f520d2b0a39bac8024747836bcb89c971368fa1a3918e433ae974

                    SHA512

                    fddd7242b3ac3fab5dfdaff0416b7ebcce9ab1194c1bde210d8fb940a02f8e5a2c68b85376d06b3e402c7382e61caf2f071aaa10374453efe43698abc919bf4f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                    Filesize

                    479B

                    MD5

                    49ddb419d96dceb9069018535fb2e2fc

                    SHA1

                    62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                    SHA256

                    2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                    SHA512

                    48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                    Filesize

                    372B

                    MD5

                    8be33af717bb1b67fbd61c3f4b807e9e

                    SHA1

                    7cf17656d174d951957ff36810e874a134dd49e0

                    SHA256

                    e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                    SHA512

                    6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                    Filesize

                    893KB

                    MD5

                    53c73e6c70ba8ebac201e58df0372a49

                    SHA1

                    c4200bf819dfdf0b516850a90dc0792c199e946f

                    SHA256

                    b1c5ed56d5ce1bff506f572a8c5423a8065f4ad01555ed373ff1493f3b2a1332

                    SHA512

                    5533a79ae48752d7746f60bb66a23733852a478cea3a67a5cadd9e77bf1b465b54ab6fba52a429dc88f5ba570ff35a4630cc62b43b451b7dbbc9abacc6ba3d2f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                    Filesize

                    1KB

                    MD5

                    688bed3676d2104e7f17ae1cd2c59404

                    SHA1

                    952b2cdf783ac72fcb98338723e9afd38d47ad8e

                    SHA256

                    33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                    SHA512

                    7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                    Filesize

                    1KB

                    MD5

                    937326fead5fd401f6cca9118bd9ade9

                    SHA1

                    4526a57d4ae14ed29b37632c72aef3c408189d91

                    SHA256

                    68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                    SHA512

                    b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    c30cd699d467e5091175acac494d3f93

                    SHA1

                    868130d66b4c31aaee7057b46398eccbe31807d2

                    SHA256

                    a30ae849a822affb1bd234568294ff2bb8b4997230a860d7d05acf56ce8121ee

                    SHA512

                    808cbc842d51c3e73904f3f5abb66763ccab72192fda9033623194ac2131a3b931f1555cbfa5b3ff7fd2f8e8bd35c968e3e6ce32ccd82bfa8b691768a3a5ed13

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    b07242f7ac4469aeec85700ddfe0a562

                    SHA1

                    0a9b2414145ec6b266c9ad3c7935add1442857e4

                    SHA256

                    2b6935c3fd9bacb399c715c46bba036478b8fef2091702f6d577c1c37d71975e

                    SHA512

                    ce8ab12b9a3f39875703531e55a720f63d9680c7c44b7c6a3bb16269e6a8e12e1300a509458be4da38845a7d6f93e721eb94944b8f11105af51245deaf18324f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    eb9280b4fa938c36d6eb2d9112da919f

                    SHA1

                    c66d02347fdfd14bcc3f1a8a9fa9c9b630d41271

                    SHA256

                    5069f8336128e05ae5e39d8f016bef89126cbb3f9c9f08ae8b8dcb0ace3ce626

                    SHA512

                    0e9e851a40e9ac3dd20e6c286f0302a6187563f7cb71d185c42ea2a0f3a176fdb192056f58b9abcf32b709ad462b2cc1c4da19dabebda4af22fbf1487f54dbec

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    3KB

                    MD5

                    8ff34aa24db8d24431038830162b18ca

                    SHA1

                    299ecde1bfdfdef2e30191feaa9cb139443407e2

                    SHA256

                    4660e55adb3924fe2b8d7395b06a03fac46aa8c7433f769a80c59fb7409ba8d0

                    SHA512

                    c389e7a376bdc3cf96e48a76e77b5e30edd17d0c8c2b477b534cd95ee34ec026a439e8c1bf17e85e98b7829bb19d1aa06fc9dc08dd5944cef1e743aecb486de7

                    Download Submit