Analysis
-
max time kernel
271s -
max time network
253s -
platform
windows10-1703_x64 -
resource
win10-20240214-en -
resource tags
-
submitted
18/02/2024, 06:32
General
-
Target
https://github.com/vipmodz13/Bot13/blob/main/project_2.py
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/vipmodz13/Bot13/blob/main/project_2.py"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/vipmodz13/Bot13/blob/main/project_2.py2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.0.628453523\1327728404" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d066d589-0ed9-47fb-af57-6f2574aa9adb} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 1760 257de8d8758 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.1.1713346264\783512086" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ae936ff-e6f7-41a7-ada0-50ef93c86411} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 2136 257d3970458 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.2.153327479\721230694" -childID 1 -isForBrowser -prefsHandle 2864 -prefMapHandle 2820 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {467ababd-0f41-4307-807e-00ef1a1a6124} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 2720 257e28d0658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.3.1267250977\1823328741" -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3548 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0767f1a1-0cd0-4bcd-8773-25c62ef2f7f7} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 3564 257d3968758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.4.1845555290\1156136119" -childID 3 -isForBrowser -prefsHandle 4984 -prefMapHandle 4980 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1356cd5a-e049-4989-b717-de34f5bba6d9} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 4948 257e4d49e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.6.1421913935\1621365271" -childID 5 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91d2d98f-3516-4ce3-8951-faecf1e8ad75} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 5216 257e5dc9458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1184.5.1121676603\2049731260" -childID 4 -isForBrowser -prefsHandle 5004 -prefMapHandle 4992 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1060 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dd5025f-e233-4aa5-8dfb-5bdf0bd69f96} 1184 "\\.\pipe\gecko-crash-server-pipe.1184" 4800 257e4d49b58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
632KB
MD531eb671959944519b946192adb74714a
SHA17d8bab6934debfa9ddf4baace1db4261eb75d7ff
SHA256e7f191173614c2ed6175777c985be712cf862e5de134ae0e3776ba0e7f16270c
SHA5122e46462fbbeb96da5bab9c4dfa3e5ec87d891a1938576211f941f24a85dc005fb644b03393511ed65b0e297aba22fc8efd7da8114576ca8af8111606b4e099d8
-
Filesize
7KB
MD535a8a1cd0dbb79cda5aa976248e34996
SHA1914720abbf70c554602c4b14e8b37df1fcd96124
SHA256bb9f05534320c58085f46ce6c418913cecdda7c9b0f85cfe7260e6edebaf7d9d
SHA512797c82096158f0cb1d869f14cdf10eac1cc2f2051231ab9df03c980cfd7a2c21edfa16bbd20b945babc37a5a859e6eadd4e6ee1db3e55e2843904e4703fc515a
-
Filesize
5KB
MD5240ba8559eb2129c9de23ef68fb49e6d
SHA1bc37cc5e3dbe368918d503e4304aa90006fd99d7
SHA256b3fd0ee397e7e3214cf9076f4fc07e22ac7c89c1f15e3dbf2fdfb4f9e697b1ec
SHA512ca97992adceb23b333c4c8fa57c28177fafe69a2472a774907a2119111c906f2b97552308c572e78abace3e1f7a61cf402f46010d8664f68b3554b2792aac7ab
-
Filesize
949B
MD5aab8169dddebe668ffb6b2082ad972f6
SHA12f343c958db6d46b1f9ee9b24806a51181bc8d1f
SHA2562f6587e5dff4c11bb7c71f06a1baa6fcb7e4db833282a4df557ea329cf5bbb48
SHA51241439c15017981f8fab5173f85ba9abf2d8ee71a61f87d22a4923508389cf63e32e4a0097c5f9f843a3aed9e8bfc78987818aa312382775a2bc41d0ddfd42834
-
Filesize
204B
MD572c95709e1a3b27919e13d28bbe8e8a2
SHA100892decbee63d627057730bfc0c6a4f13099ee4
SHA2569cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182
-
Filesize
2KB
MD50663c2ffe63fc276596d04907e2b2e76
SHA111e7c02dfb449392bdcccd5132a9d5c13347dde8
SHA256dad86ef993c437d345ee146fa7d72992fd88afa6891c69510130daa93e354547
SHA512370f2cacf9db21f17f33fea9b439e40c0126c5223110a76e6a7413c30f0e0de9dc1402459eaec2c25465f5d52bb0ea3138e1ac8a6dde441d861e60dd21aaf445
-
Filesize
10KB
MD5d80e810e7a81a8143896ffeec3b697f9
SHA1f7c8c7e4d1f0a0a9d78f44f93894a940d19635c7
SHA25632a858e81bb3001c26be5a89d558c3ef62743dc9d5f022b7e30024916ed2c360
SHA512763198f6776188da4a7002cc2676cc3634642c8710aa66b145318c6c8cc28da19b8b00df165b8d2faaa1975daf8d7cd6f3e958e31c5c477848c6b2ecbf0bf8c2
-
Filesize
746B
MD58d5d1aa68f65e575cb05b25a12a5dfdd
SHA138960f4021c809a444f3871341f084d3db3c8b4f
SHA2569e9f50a9cb0d0b66a7d8ec71a04d555301f31e02f4e893c1d23e4e22cb7658a4
SHA512e357dd30dd512411cc4a435682b908d657bb8bcdff0144cfca5c7d4c6037b0ab2e0fac8348c13290a443a1fdcdf3b4be1a4d0a9e6da1e59636468f64e15546ca
-
Filesize
452KB
MD50d91d5a22e77ec55e37d2ce1271cf9b3
SHA1ba372464545f429d052ea3a7e2409d1ab0109b06
SHA256d27b0cf9efad9c357f7fe8ee48c44996ce86fdde5a7494cfc010aea9b202120a
SHA512616b8112bb1342417fb9bd4750f2a9f87f9f1a6d9148c30829a9f8973fbc204cb12a95adffc3289defd0ad7f90953aa4788175c9eed76aa941910d47e7a7e89c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
654KB
MD5a6228f212a15b0395b0cc2254aa7074c
SHA1839b7bbe4eb4cbb3c400b66f1166a3f995416528
SHA2561a1b5f540b1d3a177da9b2e2eb46e3843b601c76b262ad214399baeef0516878
SHA512fdf8fc680b6c62f6c0ffaaacba82f94efa7401e5093e547f4c13d84ec00161db0c375e42a2a0582f18a7494903b094c632006c784f96f6316d8dbbaff887178a
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD53857091f0289ddf8e5849b71f2dd971e
SHA14fc64afe9334ece61ae8c613b18eed51fca49179
SHA256a719d556046312a694123cbfb43edaeb7fc8b0fcada21dd883f654c5dcd4c099
SHA51252b5aebbc880372ffa3735c172e3ee97b4e007058a75c1f9e12233e707a91194fa312ad2a3fa6d9872537d052c575b13ed2ecfc95863f54e861fea9429b20b7f
-
Filesize
7KB
MD58e67626c332cc11f1fcf2a3132d609ee
SHA1dd0181247e1d66cc4ddf7c3afd90295aff753ee3
SHA256700025b2ab7d8a0fc4d2e4957029361a2deab2a7fc48f572aaa9ac21da988603
SHA51284a9cb38b03babd91ae2301bc647bea5e4762c2977fa70ed5b687992e38ed7810cedeb4f9c4721f6ee62480e5f81bd3a9f76cc210b399e79b339315af09789e1
-
Filesize
7KB
MD5ef3d5582dc0fcc9f34f2cae806aa0225
SHA195fcd4cf24e5eb42ab5299b811b2ffcbf87ad725
SHA25697e4112b349b9cc4c88e3a55b1820f3a83e92e564cab38340da1d699ffdec79e
SHA512bf9bd5331926d9c32d21ed8ec2a4807fdd9f8884d6a86f5719be51037f4be3a9b0ac9942bf70cfb62c2d59601fb99c10c9b9c056b48f5bd7f9322728181c954b
-
Filesize
6KB
MD5065c42a89d8c6cda3669e9c819d8dcf7
SHA10335c3c3cd12c2f256ea61ad2a081d2eb1918c36
SHA25614b6cac9d556a8f0215af3a7d5a3521ae1d8c9ad51c812036a730240ed02993d
SHA51220a74e5ab1702440132127875672bf866b209f18bbb8a18beb83bd2f1be9ca7669110d588770e0e7ddb5c7f6851e33d9770177f7db5e6a4f987045f89b346b42
-
Filesize
6KB
MD5056206d113a4db9452af84b9ad27c36e
SHA19ddef6f62a480e4de0295d31a1c9bffbbe14998a
SHA2568f8ff459bb56db44413064d63737dd14ab9efcd49a264d644f014e461b912501
SHA51220bca4f0ccb0024435664b304324b2596973ad32f57a893e9e5b8b1cf4ace20f556aae4a8de9298c7cd217b631dafaa2019a98d984f5e88c53921131dfa99af6
-
Filesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
Filesize
3KB
MD50d94e5825e31ebcf9046f732f0adf1b7
SHA123ffe18a5848512bf0b6ae1932aa4478b87bb3b9
SHA256addfd4a7b2cf72c2926c22ee4396748818ce125610ff600e45417ab752fa1a7a
SHA5129f6726c9a7fc40b9b03f71240cd85e8b08c4963a7c2f117163c4aef5cd35e6e2047ba848df6b85ce437288ae48e906416081a6151a27350583a17cddb30e5838
-
Filesize
3KB
MD5a5c001587c70b01abb1fc6d8e225da7d
SHA1004d70402ecf9ec60a2c7d25946db37fa9f97aa0
SHA2560652d446dad1d1dccb89cd8449a0c64febad22c4d8fea204bc6ade5a2470a30a
SHA51256155d5fc83be6fc93d2faaa154c45e724a2b8f89e994278405039db8b37ef39733522ffc40e4fe636645ca155142d3a9f4305a1dc98118e8e59134be9f4e9dd