Analysis
-
max time kernel
55s -
max time network
59s -
platform
windows10-1703_x64 -
resource
win10-20231220-en -
resource tags
-
submitted
13-01-2024 20:54
General
-
Target
https://mega.nz/folder/XVtlQK7Z#1v5NUo5eopwZ0C0c7Mqlbg
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://mega.nz/folder/XVtlQK7Z#1v5NUo5eopwZ0C0c7Mqlbg"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://mega.nz/folder/XVtlQK7Z#1v5NUo5eopwZ0C0c7Mqlbg2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4716.0.444123641\988194237" -parentBuildID 20221007134813 -prefsHandle 1672 -prefMapHandle 1660 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f58862d7-c6a5-45ef-9353-31fdac6e018c} 4716 "\\.\pipe\gecko-crash-server-pipe.4716" 1764 294cc3ed858 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4716.1.1231034595\1101989584" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1638cb40-caf7-493e-aa27-56e67427bb1b} 4716 "\\.\pipe\gecko-crash-server-pipe.4716" 2140 294c1672b58 socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4716.2.942396668\915178292" -childID 1 -isForBrowser -prefsHandle 2744 -prefMapHandle 2880 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b56a67d-3651-4fef-8a07-ab0bc7db0a3f} 4716 "\\.\pipe\gecko-crash-server-pipe.4716" 2916 294d06cff58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4716.3.1675004190\1260892464" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6730295-3ca6-4d86-90f5-18a753a5c67f} 4716 "\\.\pipe\gecko-crash-server-pipe.4716" 3556 294c1662858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4716.6.768739475\1190650708" -childID 5 -isForBrowser -prefsHandle 5096 -prefMapHandle 5100 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0824aa47-777b-4efd-9a19-5fc3d3c640f7} 4716 "\\.\pipe\gecko-crash-server-pipe.4716" 5084 294d2a0eb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4716.5.1458042058\2068437476" -childID 4 -isForBrowser -prefsHandle 4904 -prefMapHandle 4908 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5f376fe-bbb1-4ad8-beb7-36ddfcbea879} 4716 "\\.\pipe\gecko-crash-server-pipe.4716" 4896 294d2a0e858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4716.4.93974231\1316165454" -childID 3 -isForBrowser -prefsHandle 4752 -prefMapHandle 4728 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8128fb0a-e57e-41e5-b495-afcafa95237a} 4716 "\\.\pipe\gecko-crash-server-pipe.4716" 4264 294d2a0e258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4716.7.1198783418\466226930" -childID 6 -isForBrowser -prefsHandle 5436 -prefMapHandle 5588 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe51735a-3333-491f-8ee9-4236f55aa396} 4716 "\\.\pipe\gecko-crash-server-pipe.4716" 4060 294d25cb058 tab3⤵
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2841⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
44KB
MD512f04f1cf5559ecfabab6a46a26d2ecc
SHA12294d9a9914ce1a67e244586e4598686e933f239
SHA256b97295867cfc0c5aac71e765c5172fd95131805aeff6c699bb5a3e286efd4e09
SHA512807e533bbaec7d5fd42af90c70abdb7249ad7f821296989205e9e7360d38616d8b6d1915852fa3e490cb4f3c7d2268bdb8ea24dac3168c66b80a4570866534f9
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
684KB
MD507edeb4c21086250b0028054ed39cbab
SHA144164cab8546b77a404f2753a7aaf790bbbfb958
SHA256087f560ad0542df3c70e2eea262119efca91c8d198eecfa3c8de6ec63a011fc4
SHA512e811f15433f632f1530d4d9183eef59922234bbd2efc2335c0287eabb9166ca9a0fb161060cf03f53e92ab0fca684715366f18815e8d406edbd9b605a54f04e0
-
Filesize
2KB
MD5088660fce24742cfd89d51a18486b0dc
SHA14499a68845ca18c19a0e4010cf53c1f2a9cc7bd2
SHA25656040ccfef764a0bbc88a66ef7236c16081e31333e9e84d1b525769b3745e72f
SHA5126ce7d83cad31fb0ba4cfc4c9bd651621cbda25d7cf21ca9e22122f4dac02eee8f435596d2a28e828c27d2d56d9422528b4480872683e0f985789a632308dab9e
-
Filesize
11KB
MD52e064c7c130ca12d11e1a559ba652aff
SHA17449b0bfb2168abc4afe849f94214d38a3774d65
SHA2563eb42b7f491e8cf5f449230373c9910e02accb2ce0d41287b367c113e26adfb7
SHA512bf014f9fc21634f5f6ddc061cf9f59d61db1c12d5d0bc0dd3cdead150a94881cfc08cb596171df32269673c66520c9c95c12394f0db8a454b7b60b0bef1ae053
-
Filesize
746B
MD568657b56934c5db5226bf450b961d9d8
SHA1fc5149cf9a48e2c232043508f9fe987de8bc637d
SHA25675350d08c89f67ecbaf8bc6c2ae7c4fef951e9d47df6142029d95e231b211030
SHA512f0da5e1ff60cd01dacea6c3450a164d3b4375eba0c7dc6aa53a02be762636f2fc57c240641a4cbbacd83fb8e23d4a7dd9d45658aaff5dcae87ec31fa65721ada
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
517KB
MD579fb76daa72e94d102e24a337328520a
SHA12032dfff9381ea8d6155537647b181d881d5e9a0
SHA256deed7ce6b1e97153f278410b1fa01b81d82ca3027b314b92820226a9391f07cf
SHA5128576a3d6e5ba640fabe3ed4c44c819b9df4764e71be7bfc8407b8994bba5c4d43bdc7b30ce8af9e507a77db8704ed4dc4cd7a5ea7e2f48257690bb3eb12a8aba
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
7KB
MD58f78f8cc67599f9736bd27afa9de0342
SHA1bf1a0cdc189f66930c1e7aa4613b192e57581a59
SHA256c42bdb36f4a7e374c3b55f48322a90f5df3823ce6bfb88157dae3bea74e42f5a
SHA5126d25db989f2c60a1885f57dfe89356d4ffd3829928c30a017073c30fd38e32c17457eee7b93795de36c112a4fdedd665ae211a837f6e52b79cda2b7522771a75
-
Filesize
6KB
MD59a7feff4ace9ab80e2695d6a0cd74298
SHA12cddacba9f1ce0ef8401118fb48479ccae8f8cb9
SHA256fcb521f0d02acec94a0ce1405a5d61afeb84d13e443876e85e4ff7b3926338bc
SHA512c92a2ff7d1bd504a4e030faec45a30adaeb1da5539f63cb7730ed7ade3d8bbab429db819be3c7338b7291b3ccde77eb53b35c9a00eb3f8d1fe7d1730600ed73b
-
Filesize
6KB
MD5d23c6cdf1cff10a3187f6cf0fd38d5f1
SHA1254b157166cd066bd78ca65f576c716a356c20c0
SHA2567679531b538bb47ab56b40f767b6053d85515086fe521f59b717dc57fcb9e070
SHA512cc840dc74a093f62455287b87f9779b1abc53cc47b39f3e82b663daaf2bb22e5f0e124ab044cf5571dcf5c6fbfcd0068eba705be2689285fb306b82288b1c399
-
Filesize
193B
MD52ad4fe43dc84c6adbdfd90aaba12703f
SHA128a6c7eff625a2da72b932aa00a63c31234f0e7f
SHA256ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933
SHA5122ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc
-
Filesize
5KB
MD53aaffe2c9188ead1f75f11c4890f1d92
SHA12643b665333f11951ba85efaf98a8aaf6be371d2
SHA2561a2fd2e2391eb81d2a137b2d5befdc4560dbcbd48ae0a077e7a4ac39308f7f13
SHA512ccdee68afa653735767dbdeb7ed40ebb434d626d12bc040e028f2cf546b469f135cec7f579a6186196ea801b52db9587407e995ca9ff442fe3c5eb93920cf743
-
Filesize
5KB
MD506f5f572b009ddb9efce7cbdb95fccaa
SHA1f8bba15e4f898948347b1cb9ddbd0b938ec9a41b
SHA25645661f376b794da05a6504670be221ebce2b3aa3f1eef70852fe42b169357d79
SHA512b3046e25478404a74e41014ddb856c9854be3c69e482821b1d35198543aad8b48a10b279ed8b7e85aa3a923bf93e8982188ed2fc5e1643dd2f10dfbb4828df95
-
Filesize
1KB
MD53efa9abd92666265dd81c4f4311a96f9
SHA141b6b716d67b93555e444cd453f3c6e3f8c9522c
SHA2565066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7
SHA5125961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c
-
Filesize
48KB
MD56bc9889cd40fc119dd6ae97b68b70ba0
SHA1e2eb1019927a380a2bfca249a14415f95e781264
SHA256ddd1c06493b381c31080937fefcca16b5517949cc715caf81b18b72334af187f
SHA5127e0456ee93bb11de840039428f6117a9cace116688296b6005ab6d8363433ec7e12da31cf1e236d34d095609594a4ac1b72df1e19dcc35ddadb1b1e8614f746e