hxxps://briarwood[.]caddylink[.]net/

General

Target

https://briarwood.caddylink.net/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 3984 wrote to memory of 1472	3984	firefox.exe	16
PID 1472 wrote to memory of 2856	1472	firefox.exe	20
PID 1472 wrote to memory of 2856	1472	firefox.exe	20

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://briarwood.caddylink.net/
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.0.1087953212\489863444" -parentBuildID 20221007134813 -prefsHandle 1776 -prefMapHandle 1744 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91bd7d4e-70d0-46cf-8519-9c3fec113eba} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 1856 1e95f7da558 gpu
  2⤵
  PID:2856
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.1.400528243\873157513" -parentBuildID 20221007134813 -prefsHandle 2240 -prefMapHandle 2228 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df065750-3689-442a-8557-338511017643} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 2252 1e953771058 socket
  2⤵
  PID:2740
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.2.348940247\850483872" -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2828 -prefsLen 21601 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3024ad5-09fb-40ef-a2b1-92e7620e46eb} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 3200 1e964cd8558 tab
  2⤵
  PID:2264
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.3.648586344\622234883" -childID 2 -isForBrowser -prefsHandle 3680 -prefMapHandle 3676 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70cf8233-4e9a-4de9-bd76-b2a2edbf9a75} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 3692 1e953767e58 tab
  2⤵
  PID:5112
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.6.2098293242\2048720362" -childID 5 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {714d878c-1503-4e10-966b-66db51b9e384} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 5300 1e967662558 tab
  2⤵
  PID:3780
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.5.1751130805\2053774764" -childID 4 -isForBrowser -prefsHandle 5016 -prefMapHandle 5020 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60d57821-1756-40e6-b92c-a273d75359c1} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 5100 1e967662b58 tab
  2⤵
  PID:1384
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.4.1602387909\185708985" -childID 3 -isForBrowser -prefsHandle 4888 -prefMapHandle 4884 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {968d3199-3ed7-450d-a663-6e9a6d51315d} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 4868 1e966ad4e58 tab
  2⤵
  PID:4956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://briarwood.caddylink.net/"
1⤵
- Suspicious use of WriteProcessMemory
PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads