Analysis
-
max time kernel
47s -
max time network
50s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
07-03-2024 15:27
General
-
Target
https://m3gbmp3ewyuj8g52.umso.co/
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://m3gbmp3ewyuj8g52.umso.co/"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://m3gbmp3ewyuj8g52.umso.co/2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.0.1396607988\1901891411" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {328f4eda-ff6c-4e0e-b910-04020bc23b0d} 224 "\\.\pipe\gecko-crash-server-pipe.224" 1952 1c81f5d7b58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.1.554372001\446904600" -parentBuildID 20221007134813 -prefsHandle 2416 -prefMapHandle 2404 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a725f83-e1b0-4c6c-8e97-6305e1ab351e} 224 "\\.\pipe\gecko-crash-server-pipe.224" 2428 1c80b9e6458 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.2.1351702849\131833328" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 2904 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {895dd4a5-b140-4189-a88f-1c14bd47641b} 224 "\\.\pipe\gecko-crash-server-pipe.224" 3088 1c81f55e358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.3.1478248025\1521450507" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da9b5aaa-1170-4d55-981d-4db3fe6e2b6b} 224 "\\.\pipe\gecko-crash-server-pipe.224" 3640 1c80b962b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.4.2128735863\1206244258" -childID 3 -isForBrowser -prefsHandle 4792 -prefMapHandle 4860 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35fa6666-f6fc-4413-9a72-f43c3cef7238} 224 "\\.\pipe\gecko-crash-server-pipe.224" 4780 1c8258e3358 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.5.1075935780\165277026" -childID 4 -isForBrowser -prefsHandle 4988 -prefMapHandle 4992 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c9d29bd-6d74-4465-a635-37154b934513} 224 "\\.\pipe\gecko-crash-server-pipe.224" 4980 1c8258e3c58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.6.1314104238\1309620159" -childID 5 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7c13343-64f0-48e5-b038-b7769e726c69} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5184 1c8258e1e58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.7.415827750\284453302" -childID 6 -isForBrowser -prefsHandle 5240 -prefMapHandle 2964 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5206713c-8ba0-479d-b3a5-07714946aa6d} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5232 1c82235cb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.8.707395519\812140254" -childID 7 -isForBrowser -prefsHandle 3016 -prefMapHandle 2832 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae0154b7-9419-4a4c-b7b3-0c54326c33e8} 224 "\\.\pipe\gecko-crash-server-pipe.224" 2836 1c824a47b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.9.2007660109\1677850437" -childID 8 -isForBrowser -prefsHandle 5384 -prefMapHandle 5264 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c949ec8-2e89-4991-8f71-8d2f5712d566} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5376 1c825ddb558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="224.10.845263488\344257697" -childID 9 -isForBrowser -prefsHandle 4896 -prefMapHandle 5472 -prefsLen 26646 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d95a9bf4-b807-4384-83b6-9ee1969f5118} 224 "\\.\pipe\gecko-crash-server-pipe.224" 5184 1c8258e2758 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD56f80173984a0c5d77554aa0864a161ed
SHA1873e78c2037b04e228c6d67adbe2b4baec65ef37
SHA256e01c9925ee211aed440873671d5ad0aa91a59de68f2f651a4db2aa11f229a91a
SHA5129baa50cd64ddc742ac641a12f93b901ccf19d569a2fbcfba074924e76d364cc9f706a1795faf0f492c46558a7c9f57751feab3d8c8b20ba839c08fb339cb1d91
-
Filesize
11KB
MD50744e89ed2765464dffa4c351aac24cc
SHA1c2121b94f94dbfed0a9a4fb496a24ef94356b766
SHA256985700d13123f495d5902f1ff64fcad240fc4f831a0dd70e1adce71e5da9a2f7
SHA5121ec38905aeac4542ab6948dbdd71637f0b107b819ee523627904e72d2b0c63a97238e4df821b3791126f81eb43e8153d8a4b1c48dc6f06c5ffa46bff64d10b5b
-
Filesize
746B
MD5b4a6b8bb1bd303c4004af0b0a13d37fd
SHA13fcc52add228b44537f660092d4410b5a016efdd
SHA2569c7281e795a8b361bacc257b5b50a6db87ee29aba37b76fd49896a9ad091f044
SHA5125a4f6dc38a205bfacdcd72bb303e3a413841cf74626d0190386749060a50fbd1cf913ba1f08ebb288d5621f8029e20364ff4613c4aaf6ae1969fa77981780616
-
Filesize
6KB
MD5dd7791e50dfb6568c0a5ddd5e9966a98
SHA18dd2cc0d87b8a6c71bce4a14233ada97648fd724
SHA2569596b775c3c63adf048af49157b4eff11e825b5135650b54d3a85c03f16a30c1
SHA512472cdc4db31db8f29eea07fc36880d95ff92c4d73fc64137d58a746f2a19a80b8383cd4528564d3d0fc5603b6fd3a5e046b7a347013f4b508cbb6a9e2ec65ca5
-
Filesize
6KB
MD5b1854086db5a86d335b05bc26ea6337b
SHA1bdbca086d453d9c82928527bc23fec42f244c6fc
SHA256e5565d09805b9c013a3b4d53b15f61e6c4936f6be905f5d7f2463ebb2806e0a4
SHA512c324ab9d6f4c4d1e61559ef9feabdd11301f4f2bcad0ae384b8f6eef15f2f6623a128889fd910d92b78b8eefef0b81653e43b290300c690ad8cc9f57fdca5cca
-
Filesize
6KB
MD55522d3c83fee26e98f60a224ad92e8fd
SHA14a4ff0d1e2aa7ea3688202d441db6f6351d0c092
SHA256295286f47219230879115ac29a6315abe48f1c88bfe9dd69d3a5a0aa4061fddf
SHA512e85bd1ba3bafd7131a7fdc62d0d3b00361dd6764ed3e5c9d8861bd58eedfeb111efeab8278ffadf39b20925ea93048e0986357b0d3b7249a30ef798784acfc52
-
Filesize
6KB
MD58ecddc523d983b80684b2cb8c8d72176
SHA107b6fd46eb61472e018309d481cc3f9312b39f1a
SHA2564a3b85db58bf150149de6214fc003ef80ed52fbaf973e4ac2a98973ea226c69e
SHA51216ad1699e5e9f91f72d0f83d3d1ffec37490cc96e19fe3404e3f7b2324b9951897526203824b928e1affb6a19ec3c40c7eccedb02d44a4d7f694e6c5d568063e
-
Filesize
2KB
MD5493df136c87affa5516a961c59a1b847
SHA10867a1184bb7732472ae7743878d2dd3f36b9ab2
SHA256e90a95c2a1a5a308d272fa55713f4c3479e4536ba05aabdda31fea86ba468441
SHA512f43ac4301a68aceabb673157f9aed83a2669faf6cc13fe1df5c049ccea1f6f25da6a48b298649fc68d251ec63f0d32105b751c5a624541c51b23878268537dfb
-
Filesize
4KB
MD56d5e8c1c10c25de733552d3c1b932bab
SHA15ccdcef341beab45184bf039c60489885cc3a6eb
SHA2563c58f924529256893105bc540a55af56f96167a313128a23e4c0315bf65c2f41
SHA51290422c1ee1a028bb85a6bbd292c7f629062298f67bc3a3744f38cd395272cbf82c478e3d6addaa5da1aaf4e446b3cf0c112a93717cca64ac97103fb5f18b106e
-
Filesize
2KB
MD5fcd0d21fbe396ae3aa48e12de107e878
SHA131cda15f280c2939b71e86bbf83840c96382e8c7
SHA256367c88eb921abafae7f3cb7d7277bde58936e54db85e945ae1b1d5beb21cdc93
SHA512547fe7388c6f4d2667bcef5b03dc02d8f14657bd7eb7d78e06c9a1f58002e20cb38aff57402833e9cbed40e39edb958bc2958b109c1517e58ac617bd6f97f59e