Analysis
-
max time kernel
297s -
max time network
298s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
-
submitted
12-01-2024 14:46
General
-
Target
MTMzLU9TUy0zMzUAAAGQmdWyfXlcsYBlf4g3flvPmMpwQpVOQt17VyehLMOfrbBAOjjJBGORBr6UUzmwMx0YZVDhonA=.html
-
Size
540B
-
MD5
df94e0736aeb7aee3976e1cd756796b7
-
SHA1
f56d8ee1d70869eab8263889121cc02a6588c7bf
-
SHA256
fc59c12fd6da9d316ff5264aa2ecf5d215572efaedca1917ba3679cb408483f1
-
SHA512
cc272465fda048a25fa3eb54f6f9dd5886d65e2d966549b3f8409ad9a8d75eb13c5254a87b0ca7826999444e5e883fd975d2629f1fb300ebc572d51ec465290c
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\MTMzLU9TUy0zMzUAAAGQmdWyfXlcsYBlf4g3flvPmMpwQpVOQt17VyehLMOfrbBAOjjJBGORBr6UUzmwMx0YZVDhonA=.html"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\MTMzLU9TUy0zMzUAAAGQmdWyfXlcsYBlf4g3flvPmMpwQpVOQt17VyehLMOfrbBAOjjJBGORBr6UUzmwMx0YZVDhonA=.html2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.0.1641574121\221416936" -parentBuildID 20221007134813 -prefsHandle 1792 -prefMapHandle 1788 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bebf8d0-b52d-47d6-b7ee-3f026d477411} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 1872 14e11b03e58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.1.452865212\2131270430" -parentBuildID 20221007134813 -prefsHandle 2268 -prefMapHandle 2256 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aafb2f1e-6321-4f8f-a94f-f69c120a1087} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 2280 14e107e7858 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.2.357359197\1359013443" -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3068 -prefsLen 21666 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59ac8d7e-550a-4e9f-9fc0-0bcd757606b4} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 3048 14e155d0658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.3.1619011029\301209278" -childID 2 -isForBrowser -prefsHandle 3472 -prefMapHandle 3468 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e641d5a-d0e1-4feb-acc8-a389961ede8d} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 3532 14e0486eb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.4.458182424\599794154" -childID 3 -isForBrowser -prefsHandle 4948 -prefMapHandle 4944 -prefsLen 26298 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {190907f9-7945-4ed7-9dcf-4746bd48763c} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 4372 14e04870f58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.5.1296466168\1211573210" -childID 4 -isForBrowser -prefsHandle 3332 -prefMapHandle 3320 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f38ab2ec-c5be-4744-b857-1e70d1badcbc} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 2776 14e18d93058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.7.1893295004\438550101" -childID 6 -isForBrowser -prefsHandle 5216 -prefMapHandle 5364 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {321fb44c-dc27-4845-942f-98ddb50d65f2} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 5240 14e18ec4958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.6.1470343997\594556203" -childID 5 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15d19bf7-ebaa-47f1-9f31-b7b3ed4106ad} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 5268 14e18ec3a58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.8.1540824358\457981936" -childID 7 -isForBrowser -prefsHandle 5260 -prefMapHandle 5384 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20328cf5-dddb-4d52-a56d-a8f53abe7792} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 5584 14e19231858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.9.1573837506\1442433885" -childID 8 -isForBrowser -prefsHandle 9844 -prefMapHandle 9820 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c14a8755-b872-4f38-8ba5-c3d4c9472938} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 2944 14e18d08e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.10.292221628\64921608" -parentBuildID 20221007134813 -prefsHandle 9824 -prefMapHandle 2944 -prefsLen 26379 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8129190-36e9-4fde-969e-fd232cb29abc} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 9792 14e15135958 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.11.88276785\1699221842" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9776 -prefMapHandle 9772 -prefsLen 26379 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8e3abc2-a1f0-4185-bc31-5f8d57e0676c} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 9668 14e1a27c658 utility3⤵
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5553d901725c9b3875b614e5dd10150df
SHA10dab76e4caa09cdad33d09204bebdb2f3c84caca
SHA25666456e23b9f81ebc49c7688ecf9742a15153878a44bae946f4cbf45e77c58efe
SHA5126bcb5343598ca38b81fe17f79428ac7ac323bf051914412a608207e2e427e4faf81d0f3c6891a83aa7554c46f1453945ad41ded2f8f44e39c65760865e8f7d7e
-
Filesize
8KB
MD58bafce5b1d520a65f80f36911875178e
SHA18f759064f05f5167205bd673a1b201ea7fad3563
SHA2563f2e9b53e7ccf8650901720dc8f7685a86ad8970d0b8e37ae869b6c005189f15
SHA5126f80bba2141536848f698a42d82260075f172b21620421cef0599a1e5ae6d8ec306f59e3e336a0aaeaef51bb191f936f7b29f332a16df1301e1a42c6adb22a5c
-
Filesize
23KB
MD54ca61d7c00da644085555699929184cc
SHA128d0e59d03dad0e92e68328b8d017e5744006fed
SHA256d7e3f523883b5206477ef437cdcf73d7f564abbee8f7c26f0557c2d08ae1ac93
SHA5121b1ec3fe55ddcea26156c0b5a057f8f3d014fa70013bdf948624d104f49a158f1032ffa5573505495a68a49f63c3781290211ca9fced3742ed57a0e92bffb9df
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
92KB
MD59dbb3518509950401e8f5b30abaf6009
SHA11368d37d2dd3744faa82057d4161fe0365f336b5
SHA25639e6d6a759dec60b04df9f0ef0b6467b1de1400127c173806e4113df73196af8
SHA5128b7ffcd28e7d14fcfe66cd10c2dccec70429b639016642e0a6020d8a7f7c0ee4c7e820ccefd1f92f48c0d32399cbdb68b819c5f160bc1d4706004f57133d3ee4
-
Filesize
10KB
MD5871991b8cff42b10f2a171547ebf883a
SHA17cf7c20a1d1f8b92e8dffae45096610d0adb86db
SHA256285fe1a6ea1ded7e27f66ce13641020c1d6a14a54108f2eba0b44995b35ce3a3
SHA5127dfa9f3ba4ddf00d2e7352cd8485328f0542651b2fac503ba97d7e1e5627b1b668a9c8495f222b7772a52e57a2da99eb36d9d87f8066d072c1720466fd0e8633
-
Filesize
204B
MD572c95709e1a3b27919e13d28bbe8e8a2
SHA100892decbee63d627057730bfc0c6a4f13099ee4
SHA2569cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182
-
Filesize
2KB
MD555a956b3fc1a62ee9610c7c9ee51c514
SHA15dd2d3d725b7acad9f052da7e13f2d2bd93fb6de
SHA256d99f33e86dd4dc9afcff6933f6d14946d966e6bbb9a5f1ed6f8796c4aa2892d8
SHA51267dc1ccae7a67b1bf1021068be5e12d6a0d17274503f233024772b77242a641718561695656ecee7ac47ccbc0cfe16b34b89431fcea2ac6f676b3f64577e3311
-
Filesize
11KB
MD5504377b321c68f70b93ad056f29f331e
SHA119eb28bb5900a3369aacd85444dc6eb56473624b
SHA2567f9d5bf1d1bdddbae7d89703135d1687e871aafc8b221aba90ae3a25d7851759
SHA5124d13b9729dbdeee97a840d27a8864534359f7aa16352ff71b48c856e7d319d5543563ecd0e11bbac768e8d96c16046a16cf08198713a3dc4431ca10514fc7cb0
-
Filesize
746B
MD5e564fdf8ff3144f8c9772db3b2d0861d
SHA1ccbfd0a1eacdbccd98b42b6ebd230324023dadea
SHA2563c8f90b73dea294b6cf3e412622f55a26f5835bb337a63fac8c5a0707d0556e0
SHA5128acae3ec21f196683ea020be04c221f6b7b562e3bd7ad2bdef4a9879a9d8e13ed4be47538de52a9f7ddc56cf9106e4691433e3fc8d9b7105a365f713ec97bbb0
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
6KB
MD52f2feea5b52bfb29bb13d45cd8882acc
SHA1567e466e93193974bcfbb58d662ad2c1b5a16035
SHA2565e1d3dd7d93779a336cf5f84e149ab0fdf67566334491389c821feb800cc5113
SHA512d1be14b370abdc95e411fa048b05848c8ac13f37047da33c6866d4b6a6dd3144b1d32b5921d5eda7c23f236346e14765adf86279b11a85fe8cbaec3f4a86ccfd
-
Filesize
7KB
MD59ce8326d21bb4fc3a86330dbbd6f9d1d
SHA1a7d28b5067fbfbdcffb3c80b29d14e2e982266dc
SHA25616d6d891a257aa76e9354780611eb3392edb16d40f939ec6f39e8b6d936de5d0
SHA51284c1335c2c1269762ed87d02eec0a7d5128be56d28612ab9727af3997cfeb01736573d9d1317833af62a60a89f5c2b3121793bbc6e1ba41386c3f6ae82cbb2c1
-
Filesize
6KB
MD59d9a0a134dbf87ab5bd3737c9e00e8f8
SHA114ebc120e0f95efa5ed07b20502b49f613c0e5d2
SHA256432746b90a80810514e51ddcb4c5e29538032a3dfae67bd0a5dfd0cad3962ed0
SHA512edd0d9d5fe19db5ed390f813a475109871b7d13e75c12aed4321712e4bc7f79178fc8be7a69e72ca18e760a2e5a79cd46f2983171d2028b5c2efd148ba543c15
-
Filesize
6KB
MD5cc8ab47e95da5b69b5ea1da3fdff0399
SHA14fc73a703f364a73f914a2811e25b359c5498a57
SHA2565362169353902b64ec0e225a723ff9088b9de3366857b1f55fb4145b6a4c34dd
SHA51249a42921805d66edf45e878bbb03a941ed0e1418d253aee0bc3606f615171c6fc6c29f84349f6fbf4db42a982a088c1ac54c29e4b2bb95fc93d82b08c8c04a53
-
Filesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
Filesize
4KB
MD5691d072593994d112a8360ffff93d991
SHA1218360bad0e0adee62da5489700b3f0556559583
SHA2566364b1454f546e9721b7efc4462179260f4d4e1ae36ec56ca12456bd64e63ad7
SHA512bb2a2e25c28b12852e72e28498083f418b73409cf0f1cb1395bd28b99a8705862d582ba66e0854990d0b3a2272df3cdcc796d55a8166854f8a41f575edd749df
-
Filesize
4KB
MD54654640c926aee5e4758f314f5a2e3e3
SHA15a43ce5fa3ca6a8c1d4416631bec460a2831a9dd
SHA256f746648cac7e42b3d051df0d88321c83a02f5ba8f51d45e331f9e66b241d47b6
SHA512beca96c6fb5ddb7b0e7fc35a10b8dce6a81d003eb64d8540b6447c4b5788749c33fcc80309f39f9fe28afc30870a01602d6875eca90974a3aaeeb4f5200d0537
-
Filesize
1KB
MD56f0140682f3214b1a5e135d904d641c0
SHA12219ecb0772a78696d1f6639a8cb69acaef1e815
SHA25691fbc08f6c8a7764da556a2f85e2f41a5e9289fe85fafa222f555f33f174522a
SHA512fb166cb586908a75ab58385f3d168699f573cad56402ae0052464f0bba5f71aa61c53ee3798bad898fb3f3b97ebf03753e7a51eabb1aa5b23b21bb586657ad95
-
Filesize
4KB
MD5b07529125916ae796433a765316e1df3
SHA1c1c716b231b8827abbb9832134ba64f81959b82e
SHA256053298903ebf963d90a19305acdccddd2eeca910046eb9a9fa561f8786487b09
SHA512384106ca3d584de7142c09165d301020489c1ff0f1bb14e09f2cb31d51695300014274331ff18576161c636f8111cf5d30c56d013ff1852ac2d1d367ad4e6ff9
-
Filesize
3KB
MD5477a6f29c88e42b4dc95442b65fd0df8
SHA1f4244bdb0c8c48ba96b0690191193ac6ad7ddcad
SHA2566fd0bf98c18c988e8d45efd70181eb611504080f9238c5c9b01a322362d85a87
SHA512197033fbc1a529e19d5db4beb0700ca467a32ee34cc8b1f6fcff8142c645dbf32c8dcdf365139f62d418763e22c8df20135f3920dc4918bb82353fc5888b5cdf