Analysis
-
max time kernel
39s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09-03-2024 16:39
General
-
Target
https://cdn.discordapp.com/attachments/1094288663862583487/1216062703144140890/image.png?ex=65ff05a5&is=65ec90a5&hm=58df7312defef2ae3b096744d74df8b9033df08a1f6856072e0be529b24e33fa&
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://cdn.discordapp.com/attachments/1094288663862583487/1216062703144140890/image.png?ex=65ff05a5&is=65ec90a5&hm=58df7312defef2ae3b096744d74df8b9033df08a1f6856072e0be529b24e33fa&"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://cdn.discordapp.com/attachments/1094288663862583487/1216062703144140890/image.png?ex=65ff05a5&is=65ec90a5&hm=58df7312defef2ae3b096744d74df8b9033df08a1f6856072e0be529b24e33fa&2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2132.0.95258243\514671362" -parentBuildID 20221007134813 -prefsHandle 1204 -prefMapHandle 1196 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b42d022-b6f7-4959-9db0-bc6f4c625efb} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" 1268 11ad9f58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2132.1.301880097\1169098422" -parentBuildID 20221007134813 -prefsHandle 1472 -prefMapHandle 1468 -prefsLen 21532 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d19e61bb-eacf-47fe-aafb-96713dc523d3} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" 1484 d78b58 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2132.2.289526398\1623776528" -childID 1 -isForBrowser -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 21570 -prefMapSize 233414 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98991976-9506-417e-8671-1e6615ed7f2c} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" 2120 d69858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2132.3.1252214359\1711639710" -childID 2 -isForBrowser -prefsHandle 2792 -prefMapHandle 2788 -prefsLen 26033 -prefMapSize 233414 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c764f0b4-db7f-44da-bc3b-a1236d2a7831} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" 2804 1c683b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2132.4.1656864615\1748854803" -childID 3 -isForBrowser -prefsHandle 3428 -prefMapHandle 3440 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3c5e2fc-d40a-4fe7-a15d-cacddaee111a} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" 3364 1d0ae658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2132.5.79808693\1060525685" -childID 4 -isForBrowser -prefsHandle 3452 -prefMapHandle 3444 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0398688c-5679-4377-8dc0-37adead671af} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" 3384 1d0afb58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2132.6.961941956\1803055726" -childID 5 -isForBrowser -prefsHandle 3976 -prefMapHandle 3920 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e2d6ad4-b994-4f26-b872-435cb6474f2b} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" 3348 1e308858 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
3KB
MD5ab9d41e42733a15486c632b6ba9a876d
SHA1ed6c1f0cce0e3f5e1745e6bdd8ca8b6437ed2780
SHA25696e9ce140921b827d44e484852516858d26e6e4e939975702f73f5c15acbb89d
SHA5127590e2142647d775f645e7e13956fdf2045de4aac11f2eb413a0fe2f928bd07a0ff854523c4d5258198c3fa0a720605ca982bc06e7f72d7a0539239d032d5bc3
-
Filesize
2KB
MD54f91e0fd4d9e298726a553df0e3cb4de
SHA147326274f963abfe87c18e7de1d6e73180dc7434
SHA256b4d25dad283a35c2e7742d3e013858ef2eea17a5ef8c7f7a1288feeaf71443a9
SHA512fa706c79df306f8bd33b41a9d489fd30e1397c1307b5702e08c991a876100f87ecc30021c21cf82c9960606c9fcc2d7048d5d6587e80b55f689db2688afad701
-
Filesize
10KB
MD5bbdc6512aef0b4ddbf35b9dc95b1637b
SHA126ae3220d0cf807c603859401a96d07365f94f1b
SHA25622ae3e975260d99aeead5d0a174ed7823f1f627dcefa3565a314cb61039d595a
SHA5126998964ee1c00f31220c1d2ff345f148be59f582164d03566e988662b20b5b0fc7772c54523e77e84564d5d25e5ff60807e1b02ac16b2d2fca8f275d836c5ce1
-
Filesize
745B
MD5f1db09e90302cff15c67329164bde397
SHA1b74301987b52055032f43d27e94698f13c52b05e
SHA25646718430c822e94f126a6277c2ca8ac0a2fc62f7c3b9f5002a572ce0d995fcf2
SHA51290a0d57c85385809b941a57685c6f77fdd8540ce9868cea88fa6f180066e461c49a7c213960a2c8f05560daa560655649eab2a181a123e44d16fb6eaccec2495
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
6KB
MD59d27b793b1d8f8d5da785083b835f9ee
SHA1107914e76f96a68ecff0ff1d60e1d99985e8c60e
SHA25635f2e4022a835236c0d819bac56cba54a633db3543a389242765c1f523aa5775
SHA51234debe13d15959935ccf6dac8563867e7efb0618cba5044f2195d6410833e50e2d6d4388cbd3ef1a689a19e1bab19d9f9508167bffd0d4427fc964047367f687
-
Filesize
6KB
MD50309b5863b21ff84bc622816905793af
SHA1b74ad2de1a33b6712813e1f6b46603cdf3219102
SHA256befb1a0eda1f147c2b34fc0eb570749cb6df83c38a62b41011101394c9c115c5
SHA51247defca082b2cda388a661b468d86c5e58a8aa663370c1598f189bd129acfe67ee543fcfdee563339cfe4b1e6860c18635bc5e1f0954cfc9695607c7d3e66dbc
-
Filesize
1KB
MD5a227af5dea4977d7f4559fab8f32e685
SHA197ebfe558085f710ec386c67f929d769756b3fc4
SHA2560e8c89817e750c0bed4b08e59e112ad14a77fbbfbf1cca5dc25755e1a35032d4
SHA512fd635386b951bc64084b9ff755110d1b2c4c65df6a031ba2b86ab86c30f1fc723adca0a5679c40b68905fca18032e1ca7540bef95455e2a49c5f8c9eb7faf8da