Analysis
-
max time kernel
292s -
max time network
281s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
-
submitted
12-02-2024 18:45
General
-
Target
https://consentbuilding.ontraport.com/c/s/5nV/NWA6/6/Ni/zAU/6I7QbV/6GU4cLKFRK/P/P/kt/bXU9aHR0cCUzQSUyRiUyRm1lbWJlcnMuY29uc2VudGJ1aWxkaW5nLmNvbSUyRmNiYyUyRmNiYy1saXZlLWV2ZW50JTNGYWNjZXNzYWxseV91c2VyJTNEamVubmlmZXIua29icnluJTQwZG90LndpLmdvdiUyNmFjY2Vzc2FsbHlfcHdkJTNEeHp3VGUyJTI5MSZtaD1mNWYwMzM5MGI5MThhYQ%3D%3D/Z
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://consentbuilding.ontraport.com/c/s/5nV/NWA6/6/Ni/zAU/6I7QbV/6GU4cLKFRK/P/P/kt/bXU9aHR0cCUzQSUyRiUyRm1lbWJlcnMuY29uc2VudGJ1aWxkaW5nLmNvbSUyRmNiYyUyRmNiYy1saXZlLWV2ZW50JTNGYWNjZXNzYWxseV91c2VyJTNEamVubmlmZXIua29icnluJTQwZG90LndpLmdvdiUyNmFjY2Vzc2FsbHlfcHdkJTNEeHp3VGUyJTI5MSZtaD1mNWYwMzM5MGI5MThhYQ%3D%3D/Z"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://consentbuilding.ontraport.com/c/s/5nV/NWA6/6/Ni/zAU/6I7QbV/6GU4cLKFRK/P/P/kt/bXU9aHR0cCUzQSUyRiUyRm1lbWJlcnMuY29uc2VudGJ1aWxkaW5nLmNvbSUyRmNiYyUyRmNiYy1saXZlLWV2ZW50JTNGYWNjZXNzYWxseV91c2VyJTNEamVubmlmZXIua29icnluJTQwZG90LndpLmdvdiUyNmFjY2Vzc2FsbHlfcHdkJTNEeHp3VGUyJTI5MSZtaD1mNWYwMzM5MGI5MThhYQ%3D%3D/Z2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.0.1187521006\243401077" -parentBuildID 20221007134813 -prefsHandle 1792 -prefMapHandle 1764 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e8af56c-2fbc-44be-8077-d823153ebb92} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 1884 1d2d9bd3258 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.1.491114472\802342691" -parentBuildID 20221007134813 -prefsHandle 2268 -prefMapHandle 2264 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {284a603e-3649-47d2-97d2-52ba0d0581fd} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 2280 1d2d963ae58 socket3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.2.1615222803\230181703" -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 2828 -prefsLen 21601 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {335b28d1-fcb7-481c-9e2f-4226b5f1e3da} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 1656 1d2deddd358 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.3.932224807\1186396057" -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3496 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6110af5c-cece-496b-a339-2feabed590ef} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 3512 1d2e0008758 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.4.1789745345\741867377" -childID 3 -isForBrowser -prefsHandle 4848 -prefMapHandle 4828 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26be28e3-2e00-4a48-8d55-c24760a8812d} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 4860 1d2e1014d58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.5.1950923594\1252683119" -childID 4 -isForBrowser -prefsHandle 4996 -prefMapHandle 5000 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4358711-f89d-4422-86fc-2084f16c16e0} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 4988 1d2e11cf458 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.6.9890848\1458491248" -childID 5 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c139ae7e-d8ed-476b-8146-ab53aff51e60} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 4984 1d2e11d0958 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.7.1964065908\141985713" -childID 6 -isForBrowser -prefsHandle 5420 -prefMapHandle 5408 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34a101ef-b2d5-4c3d-bc31-5947089d9c63} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 4636 1d2e24cb858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.8.377303753\627687111" -parentBuildID 20221007134813 -prefsHandle 2760 -prefMapHandle 3464 -prefsLen 26644 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa27673b-341c-40bf-8b7b-d57311bc0a72} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 2884 1d2e08d3958 rdd3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.9.420352599\298674062" -childID 7 -isForBrowser -prefsHandle 5704 -prefMapHandle 5700 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c76261f-0af4-4aa5-a1b9-9cd3df2c0f8a} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 2964 1d2d9ea8858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4744.10.358763512\1280904636" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5700 -prefMapHandle 5896 -prefsLen 27335 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72f15763-bca7-44d0-95b4-cb1c6f152013} 4744 "\\.\pipe\gecko-crash-server-pipe.4744" 5844 1d2dfe74858 utility3⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD508d42fc70666ddad7fd8f79fe35da810
SHA18cd85b2fa534b6adbf5b8e0872f8c787b8b7a301
SHA256f8d5b5a120a5e782be837d6dee575346cf34fac57e94e537c602ac724d448be8
SHA512860553911891b1d2a257f9af152dcd1e52627034cfbf8f0c31e758594d7260ce67013671b52649e59691308b191a3644ba028756871418fc5f5f3cee22b7b809
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
Filesize
11KB
MD50c907988fbe7806b172b7dba49d8cda9
SHA12a9b52fa2bc1fdd87b7bb93a88c766c76ecaa1eb
SHA2562f41b02326832b0a18b39925c11ab6e324d568a4752ceebffc15a8f6bba7a641
SHA512f15f76ff4ef5c74d29d2b0fcd410af1f934f044cd92abf8a26a26005ff48bfde87953e8c85bf19af3bcdc3dc72b7092b93251bf4716dc0dfb02517132facc533
-
Filesize
204B
MD572c95709e1a3b27919e13d28bbe8e8a2
SHA100892decbee63d627057730bfc0c6a4f13099ee4
SHA2569cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182
-
Filesize
2KB
MD58a871ed05cb13f4eb57d8afbb0fd8e37
SHA111597ebb525f7003f677a6db7c4e4021d447ca06
SHA2560b93e1f318785d33baf6b9d839529e0d2a5ce25aeb453b0a5a365155b14fe280
SHA5124d90cc02df488e38e664279e9ac18c24f57a989141d534ef0054a1e108064a3b20bc34e4f3225d6ae6e34fb651ee45f2b19cbf3cfb9c3b2c680a1b8480fe99e2
-
Filesize
11KB
MD51d776612790d96063f18ffb97b07ef77
SHA10d01859ed9e546f08180faea56d20d30e671783b
SHA256a9186940265735facd67b6616a0038f0872ff2818664e9f9cf638ce33709ef72
SHA512d9bc5735b2b13dec9e6e20a82d0f2245e94d845ecb66948927f8d1b9be2a0441df17f143f1ac44220e4364e360cd738c5e508d20aab84d44bb5032a3afdf740b
-
Filesize
746B
MD5e34c02f8db51434846f6991d6a066db0
SHA14dc1bec9eaf791aa2f3f3684f78a6a77d66ac892
SHA256f649e25e208fc42d4e5d603e787fdd6d290244c62959a70af88b23e1b7f22be8
SHA5126e70867af322ed2a48fbde70627750f0f971b8b70f7274014e48d52857613eb120be38320fdb806aa627303e66ffbe75bc04dc9354865748c9e7379007867df9
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD57cc6ac055aed3d6286f3f9908d3a44cf
SHA18a14144fe0ef1fc745652be7eae11534d76278ff
SHA256f6a1d7710d308703cb9ddbcdbdadf8d1e1c6a2035cfe6f060b66cdae30e060a4
SHA51205aa95c1f275e663e6b1629ef320b2b8344520810d9db35d48c0243ccb51c1eb381692a14efeeab56fd73102151cdc5ed6888294d75195a81a353b6888f3dfe6
-
Filesize
7KB
MD5ee130c41c3664de3f1da71ae27867056
SHA1ad7e4e7b80d7625533dcf4953e6f8ebd677a6386
SHA25686b0d9cbd26196a7a3306efd3ff1959400bb36d2a2ccc723989268e7bf58986d
SHA512276a7e9f3fe01e006882bb8eac9c5fec15dacba7db98501246631844da31dca88e09f1c2d8cc872ca40857673b83cea5d4846dc6b77408c0226124bf8f1c17ad
-
Filesize
7KB
MD57505b7ac35e4067f47818e9c3f58b1d8
SHA1de9343914b9a402a6fe250629b8b477507aa93f1
SHA256d4c33b920c6ba12e50517be7857b6e77be92e5c4e1e1262dc32643942252a66d
SHA512b6cc12f4b4065567778698244e1b7b5e18816e786633e12d4b22ff03ce8d9293102ca02776c3b72007ae1fb206a80c9c7026495f8053feb59b4df11458c6ac5e
-
Filesize
6KB
MD5a4740bb9f31ff5ec36fd9ac35ea1e8b0
SHA1987e21c19e4fc5280dba75b370ec56c63f0b1f18
SHA2562e477a6fb8b37f7d3fe45544491dc0a92d27120de8e407215c54c2f3628718ca
SHA512e098b2288eec1b9c104feb972473d96046ce922e0ee442f7f5699cb8b0e8decf4d4b8df3d35b6d01e788898d9b314c9b4c6259ee56f25a67137b762ed81a58a9
-
Filesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
Filesize
1KB
MD55862b2d61a6ab32ad7d6c9fa8b05e1ed
SHA182efcd93f7f53779cf7323fd01a89bdef68a90a8
SHA2560085d5712de22c0eb1e86b4ca1409447cab531e9beafe277e4b8bce3aa40ddc6
SHA5126ff590dc58410367de4b4ddcbc0a40b8fc6cd035b97ecfac3ad589fa3d5089da9882d06d316fadad5dfb6500f2651dac23de9c25e1ac633fb9c6588851e27c24
-
Filesize
19KB
MD5621f27daf9580a3c838aa8fa6899bb78
SHA1a8454eefa83164da71d2fdb451c86392430cac53
SHA256778259e2c1ac502de21bfaa6d2a486a30a9b8e09c3245494535a05bc4d533ca4
SHA5122b55fd6be34247f7b6f0e0732acdb1628987b77ca997525f88ff81ffcda0d0dd561445b5fbe07744b2dd72b264c31872585fe463ad594b157e892151605ef3e4
-
Filesize
13KB
MD5a433569eaa5eb5b0561f1d28a3db24b5
SHA167b6299ef688b54332275d1fcc00b14908742e7b
SHA2564fde9594489b41af5cb7d453a5d28df7a39f9d08ba39ab21762187f577be59b8
SHA5121bf39db2a14e16b4d516f6e05f40ef3d24c4d20fc25d5bd9409a6d832050ae3bc2b4a532dfadd229bcd21698bb0559dbe00dd3fa4945f19f260cc36aa5fcdea0
-
Filesize
19KB
MD5ea9b3899390ebdf428d93b00a85a9fff
SHA1ec1190576b7daa6e8a515ab7422b1e900f020839
SHA256e98845b50ed3290920f191f2488009897fabae0409b8f48dd6e818e14f8bf471
SHA5121a527e19a9a795211b7201e8e382716907d37f729101bebeec12df0b09abb5da75b18967c333cadbd63de237a5295cc3c100483ff93d5431d0b8e44a1df73827
-
Filesize
19KB
MD54075062a295ebba3bdcdff185b57e29e
SHA19f2bcc1595a0aa6bf1f88d72da0b2af89ea8ec41
SHA256977af89250a2b894d05ed85774509ec318e6fbd4f90201eeb57759c6cd6f3d41
SHA512ec836f74b4e0f62b2f28a7b530e6cbe58a47bcfd77b4a9c19ba2bc582ed5d45b5daa52328d5fcc907d65e9d1323312f4be931b5335a16282c3a0901265d15ff3
-
Filesize
184KB
MD5950f7e8478de7e3737e6fd8f30a5715e
SHA1f210110b827d4eb832601e0fa02ac74b3883cb78
SHA256b96dd8e7542f13e2141922aa584a17996eb666b1f2eb9b0ebcf6c8b929e9d808
SHA512f46903cf82cb4e3da69b1fa16f244bf598b4cbca3ec6aa13bfc71422b4e2e56bf59949b1dad093e14d2dade5e74d51d066dfc6ae013f945440d0e876eaafc3ac
-
Filesize
3KB
MD5195f78d2ea5e9e6960293c26444dd8c7
SHA1080e2fc8d4559e0a06b5c3fdae8bf5112f94a7fb
SHA256cdd0981dc79262b7588993c0190a76fff7e1eb91a5fe7fdc92bb067b025c9d87
SHA5128474a7fad87ddc00ccad7b275faf2e1d0d94b7e109924061ecf97a249ef0446abf23e9aee392cf5b2dbbbe83766a7b8aac5d3987cec75c252fb8186239fdef67