Analysis
-
max time kernel
299s -
max time network
257s -
platform
windows10-1703_x64 -
resource
win10-20240214-en -
resource tags
-
submitted
19/02/2024, 09:02
General
-
Target
https://mashraqdigitalservices.ru/[email protected]
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://mashraqdigitalservices.ru/[email protected]"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://mashraqdigitalservices.ru/[email protected]2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.0.406941406\556490823" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a87e8188-6997-4f3a-b741-6b1f3f6fe822} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 1792 1486dffa458 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.1.1444538648\1231182611" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf40d57b-b9db-4f60-a79d-853de4a7638d} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 2168 1486dded258 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.2.1741218974\898600137" -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 2932 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {245f8ee8-e28c-46ed-aed6-b5a180567dd8} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 2948 14871eef258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.3.1975955220\2023112756" -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {007678f3-a44c-4346-bb4e-19f6d370cace} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 3684 14862e6c058 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.5.1655630476\703075044" -childID 4 -isForBrowser -prefsHandle 4884 -prefMapHandle 4888 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec56fdcf-ce59-4535-a6c3-e49002a167cf} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 4876 14874c72858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.6.1667005092\673713371" -childID 5 -isForBrowser -prefsHandle 5076 -prefMapHandle 5080 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f4a70ea-4511-48ba-aa7e-5ae210ffa120} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 4748 14874c73158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3724.4.115148433\2086406986" -childID 3 -isForBrowser -prefsHandle 4728 -prefMapHandle 4740 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74a8a56d-5b99-4ea9-827d-8d77037cbe29} 3724 "\\.\pipe\gecko-crash-server-pipe.3724" 4748 14874c75258 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD5ac8d48f59b5e8a59b627213f41062144
SHA102f16995a5459b11d5e87c393f22e9b696457966
SHA256faf1f270b77a398e1871d0c3a562d9c53e8aac95959007373562ddf8ee5fb4d0
SHA51297c946b3355b70c168885e798d43b9da5c853c2cf092ccded7066c758f1869862a5cbd698eec1f0850f6ec31e2526caa2b8bdae8a1cfc7a48ac8494ed51aef6f
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
2.3MB
MD51f2787c65885db2351b31a601488261b
SHA1507c5952fcaf5507f2c1fa9fddc8a258e1c1a7cc
SHA256bed04168002512fdc240d30a35493f886d82458cd5b367402c8fd386ddd7f846
SHA512ae068c85a75eda5294767dbbf82e7da0e1e1e4fcb39e2ed652dac609a551b3ee50013ccde4072b4c36457cadb09d9b4a43313daea7d8318abbad16b2cbfbb849
-
Filesize
7KB
MD54495e983cc62a9683feaeae5757c3486
SHA1f923bc6dc14f55b3d8a2214cadb530418d36536b
SHA2567ef3a8f9146cb9c4176eb31b8c365dda6f60529bbf3a9c712ee049d9197c1c41
SHA5123b764465d5ac4c83785bdf78bbf7a270c3e8f1d4c147b8dc2efdf8895ce1ab1da783cffc5033b3865c5e298ed97a04e9f91b9f03715e773ff2f01d24d7344a57
-
Filesize
946B
MD50e62dd9fc763dea539fcca65a9951baf
SHA11dfb9c248e3c9669899fcab87c465c36cfb7779a
SHA2562cd76503ade56e37f2d997f73f19ac1b156cd3493ee7f33c4887949b4d51cfe3
SHA5121c0a4be5f18271d4e3c175581a1b09451d974a72b3a249fab3c7742abfba55c90a26393ec0c7b787ac09bf37fb206f5a7b4977c797ad60bdb7dd2e79f3f3ab18
-
Filesize
216B
MD598afe337ed29ccfb4d7d44a3a4576f25
SHA1333435a4c8d4897e83ea3214503f9c5b10e054ae
SHA2565ee9b018275efc67e499dd620843b357b858b1f80c23775616f2ca5054f55dbe
SHA5120913b8c96e1a8d931a060ce1aae9d0284bf6a4a589d359842a6cf0f55e60834220599508b7f2d263006fcc378e11bf85eeb1a742a0fa9bf5ae916b59f09a9793
-
Filesize
2KB
MD5d73c0fc6135c74caf00ccb4aa70d6439
SHA1c65c510346422a569fa43dd6f7b21673950ffb8e
SHA25659e16644fd667325187115c255937d29969dde5f8bdcfb8c10042076fa26210b
SHA512fa2013bd9e95f1b7ef3913a8779329a631d67cb1c39304bb44ab3dadf2ce864aa418a7c0dc5a38aaaba89aa300c2db552d152f25f858cebe1797a86f84900abc
-
Filesize
746B
MD5df924a7834e53b354192f0274cafcf39
SHA1caf4a22380be271ea730152799ac8da01c99251d
SHA256d9c019858da648e6ea6779dfb70354c3f012e5941943dfa68ada7193dd211f97
SHA5123885c7a9f7de5bb8392e2ddd457a07f564d80efcb923bad5b002aa27bf79431685c7c322b4f361a72efb24dbaaaa80ee8196ae8cb0db1ef433484e2b354d453d
-
Filesize
9KB
MD57c2ed044b5efe9c6d07ea992036fe261
SHA10f2032e5c39b834ab040db4c4c2c41de7a9a1e9e
SHA25628571e0a856a323a61c4c93b113d4a2bb8160fcdeb4cbe50c54c9dffbfdc6eb4
SHA512003e13efa631d5a3ea4bae17c07d4c65c3847b2bba49ee0fc8aafa0a4b6a47da92001404af57eaad23832f913baca542f6e9fdfc693a378f88dc533cbfadcacb
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
2.1MB
MD50d76adb3e177eade43d8e41fa5aeff5f
SHA1ef965bd16eba46d838c6b836b6c3413046b28301
SHA256e1d2ecc90429dc39dff85a1c67ce36a019f17a5c033ef30064de4f49cb8ec82a
SHA512814959b53e5c429a3e4ff954209ec44e685f532973acaac7577b4e3b3c542564f9379f5412063f2265c073d54aea3ebccd15921f68e32ecf7dc8e25adac86e8a
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
9KB
MD54e8cf42a286b43c4dc3b7d84212f2331
SHA194822a555ff4c723859c0e72cceabb37d8e654d1
SHA256bbb006169cf8c13e4f05fb276d5472f2879ff7bc3e7ed5a0a9bc9e73dd7c70b5
SHA51266b8c142c242cb53c447d537ae5a49149a3fcb1a9647d918a8033aa969d064aa9aeee4ef25804591405bbb20c445233fd22d9bc383d66ef40f2ad1c712759fc3
-
Filesize
9KB
MD5d220d7a3a454c668001a6296e6cb796b
SHA186c0db5535e009eafb1fa34a13769a9289966138
SHA256db97f8e1418c5e75c4503185a5d412b97cef64f4c1b9d6ee5449be801c82bbc6
SHA5123209f1e6a61f3fc880f0f0336dddb268c187cd19251238804454a87f0db607f83a9b393a5039a257fd97d396b3ca1e6c4917b7702b3851124ae143f19ace0a0b
-
Filesize
6KB
MD59fd2dfe8c5e84d741e3f87e3dd3835fd
SHA1bbefebe821fe6c6f3e780dc98b224148474f1906
SHA2561b82262c41e449c16ef9457d581f15f4210d714d0ada4aeca7bfddf1a93c9b74
SHA512707bd0503da7e3ca062e9a7e4a578052e8dedee6be46175380adc1b975886acbf563049a37a685b072bf5ec3a24ad7dfd4dbc37d6d746cfc69724caf9268f081
-
Filesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
Filesize
1KB
MD5b9e18ca68746bebe69147a108b65cefa
SHA15f7b20791e877c3c61226f9e1a6a14d17ceb6817
SHA25601c2efbc8680003bdf5116528b17b2260497a26d67309ed8766daaa9f6888c7b
SHA51284eda6846b127b9745d020a59b01858c47f10249c4263763ccb9dddd094fc43cd019d6ad31d39b748285fbcbc516b4d75505a508f597c010a9f69a2c252e450b
-
Filesize
7.7MB
MD5139968044b8a35221a63902ab738bb78
SHA1d0db3f0675577579f2a6fbf2790025a258e0ea27
SHA25610cd18bbecc53b77cdf84c5d9680e4b9493330164ddf4118b60112c982ceb42b
SHA5120415ef90ec274dc046eaeb6d28c337e0fec22d66ef74dddb3fb88afa1eab30b097701d538040d0e844adaba6da4c406a87d88c60f1e372801a41706862453b92
-
Filesize
3KB
MD53dbea60286d19e37debe83657959e018
SHA1bbfb3cf2e8637f39a64cd18f184fdf4a472be91d
SHA25643bfc2da17cb9df13d866e84d0afb41743deec87b2d968653a18f798648900e6
SHA512619e044e0475e91bec241e0d34b4caa56a96aded0d6eb61dc19c8d64a14b1ca464e2ccbdda7fafd506f135ced665a29ec440fd502afaa757827579337ee3b5b9