Analysis
-
max time kernel
147s -
max time network
158s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
-
submitted
09/03/2024, 20:30
General
-
Target
https://hacktok.com/
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 8 IoCs
-
Suspicious use of SendNotifyMessage 7 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://hacktok.com/"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://hacktok.com/2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.0.222455078\15800852" -parentBuildID 20221007134813 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bccd6c7-ff64-4441-b940-38125e61886a} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 1792 249397d4558 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.1.839702339\87401060" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4a6d46e-4546-4133-86e4-ed87786b2f38} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 2168 249396ee258 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.2.1806519807\1097293479" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 2816 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52e9bd3c-ae0b-4614-bd5f-0dcf412b89bd} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 2864 2493d9d4158 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.3.469079532\1366196849" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd64c1a9-58b9-468c-8e27-2698ab25bcd9} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 3528 2493e9cb758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.4.621566589\2034688330" -childID 3 -isForBrowser -prefsHandle 4760 -prefMapHandle 4704 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf1a990a-1d1a-4be1-8ac2-3c595d8875f4} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 4708 24941305258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.5.1531694857\167622877" -childID 4 -isForBrowser -prefsHandle 4936 -prefMapHandle 4816 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fc04e59-06e2-4e1f-993d-ed205c627f91} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 4916 2494058d658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.6.1999646727\1288488022" -childID 5 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2c003f8-6b73-4ea7-b24c-cd0b2cbe238f} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 5108 24941306d58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.7.1676865951\979998618" -childID 6 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38af7eb9-b451-47d4-aeb5-ffaeeccd3cad} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 5352 24941382758 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.8.662977854\494663494" -childID 7 -isForBrowser -prefsHandle 5512 -prefMapHandle 5172 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {225882c2-0455-4f39-8886-7dccf42d1bf1} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 5500 249414f3658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.9.1215512298\1937783331" -parentBuildID 20221007134813 -prefsHandle 5748 -prefMapHandle 5752 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec75b973-6bc9-450a-b77c-559e4b954870} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 5848 249410edf58 rdd3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.10.1063199444\843950619" -childID 8 -isForBrowser -prefsHandle 4812 -prefMapHandle 4940 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82a69791-c9e4-45cd-b68e-8f8b2876d71a} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 5140 2492745d658 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.11.245795260\1386665091" -childID 9 -isForBrowser -prefsHandle 5700 -prefMapHandle 5208 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f85235ad-43d2-46e7-93b6-bcc5df1ca71e} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 5280 2493ec0e258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4300.12.1033815978\1983656300" -childID 10 -isForBrowser -prefsHandle 2600 -prefMapHandle 2596 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1168 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ba98a7b-d500-4d30-b5d4-6c3d9ea31400} 4300 "\\.\pipe\gecko-crash-server-pipe.4300" 5900 24941032558 tab3⤵
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_hcktok_v.1.2.0.zip\Readme.txt1⤵
- Opens file in notepad (likely ransom note)
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD55856aa14fc5dfd6fe62226e4ce6a5988
SHA1af1c273253f6528daf9b34ef88ff53d7d28b6636
SHA2566ac7c12e817d2a4e96f1f8134fba7d6c146ca6867cf35649c3baf75e201b35d9
SHA51247527097e4bf58919522db2ae77d96b1c7d6df3d817c5871ae4d3c398630e73db193ad73de43a6734bef706ca90f005f04175128fe1cf42369604ebc93984907
-
Filesize
2KB
MD5e5a8f995fde82872add93a9a47b971df
SHA1764263fcd6d83792f19204b84d72fd02e333814b
SHA2561b8f6f134908875208ec519a865aa495f8d7c070d08cca81b32374a6a543785c
SHA512345b345f5611c6a6c2268c72ee68d73fab4c846bcbf9f3d2016777b2bfd57e557d3fce6554ef83597d2185215fcae947dab83e5d86720bdf155353d36e43d02d
-
Filesize
10KB
MD5482d5a286120c074e602942ae804644e
SHA1e53ad6ec126864b540f370de1dbfc4249517c7f9
SHA256d7c363492b5f6ecd6473c3f9e4121ca6ed0f2fe04cc17193b9e9d962ef5be4a6
SHA51247f7bc768cd465d29f6335a09f9bd90ab61cb48cca76e0d72832c17afae8f4891bc05d57639c6197701a154918c360172b8abf8943e6aa257f20ef2df186362d
-
Filesize
746B
MD5dcb6040c37eea943f58a7e2548c5cff7
SHA1833b297a8c50037d21ca6dfc2087c9ac8ea7839b
SHA256157ad6c33c031d1d35fcd6fdd2264b117e7868ec67a15d5ecf7b183e2fefa725
SHA512e43a4b2b9aeb2adb99ee5ce61e335d7a43127ccbe6fb2538e588b1919f99b913140346614f68f1d955b79f5fc302724209d930aac556bf68daeaafcf68412ce8
-
Filesize
6KB
MD5f77511132833244ddecb065ab6b62425
SHA1804db255320f542ae34776fb7cd98760bd10ecee
SHA2565e04e081357c1ede6264f27756c3d90e19cd6418b2fccd9a176fd77ea29a8934
SHA51276ad539f12357d085a307ff4c5f55f47db59f2f393204487490f649003e3d3fc2f3269699d28d2b4602d276c982ddf961dd5bf1788bc53c1cac858625daeedba
-
Filesize
6KB
MD57f6a0f1b1611e0bf84b11da7de3601e0
SHA123f06150b430651d4663523257666d076bb749fd
SHA256eb7dbcc5851bbe9a90e0b55212a13c4b7ec1987cc6c095306d80310aaf2a069d
SHA512132d5d3d7848c0e8feb2ee68a2d7721fbc557e8e6964ee9eca6e4845d39ab6a3ea4696b1af64cfd068a940c5447420b87a1472d0cd27a017cb97c8b20a354732
-
Filesize
4KB
MD53e114e2cb49855ba45982a772a82563a
SHA1f2ebcb91b4c14aa71ab37b4708227c3f5e47efb6
SHA2562bd0bfdc4cf3a04cb4e0c5c93fb42df588c49d7d9ae69aab651ae395c6411d22
SHA512f8993e69a8fa1fa81af07b4f4d72b535f6d916d084306351b2eb73228a1281e99f8bdbdab81145a4d021cf5609a2785ab6a1e048a0b7d6877b8dd902e3a64f8a
-
Filesize
3KB
MD5d17f74da74d3c58bda52519550ec2491
SHA140d3121b6fcea655a83ca7dd1fb4a240fdec90f6
SHA256debd64e4d8aa3fdec61f9dd8425d46d4be996bb4d94c0ac2ab39190742577da9
SHA5124da20831822e8f85b93a96fcdc6f88851eac87627dcaf19f65dfaa40ebbc7e9fe79302655c04592bdb48c81cba8a4659b9551c6ae07f29b3d6f28ab9f3eddb2a
-
Filesize
4KB
MD556bdde11f8299b1be2e965946deabd75
SHA1b6208912cafe1acdb1d51f7e79b3319af20c44a8
SHA2563675d7066158036741174b32dc40bc45736fc47c2aa127b70117a7236734a121
SHA512e45d7d85003af26bdfd60782ea21d987814793cbd5999d39a0e47528aa92063220b0d90f7759b35bc237318f4c812af707c73538d225b237f233a8623b7f6ad5
-
Filesize
3KB
MD5fa84423124826eee1457be438c8c44cc
SHA1d45e76cdbd8ad13967b7cf83a99c6489f9f17684
SHA256666fc9d613e9a54acc2053f2df1c30f4f9ea1ecfdf3725e61975ed91689a13fb
SHA512a803da88b546681c12d539939823832a948617caceb998c11f6809a8ce3b5bdc73334f39158c4e86402dc76dc1f2c42fc13176f7ec6ef0e7d7c70e0c7e4d06fa
-
Filesize
4KB
MD5f22945cd14e3c0c436b51387c0ce6fe3
SHA132adcc7772a8255e37cb0419240a82a10e0fa82d
SHA2561b6c62b77251ae5e7710ce94f664e6c68a0205f43721b61886839738abd4011d
SHA5127685727a87be8c831e70f68f0b4bdde011f661d690ffe1d3e9be69be81136fadc46c0734edb5fe44af296fa80587b2f60479ee06cd62755f22b52913b2335677
-
Filesize
10B
MD5f20674a0751f58bbd67ada26a34ad922
SHA172a8da9e69d207c3b03adcd315cab704d55d5d5f
SHA2568f05bafd61f29998ca102b333f853628502d4e45d53cff41148d6dd15f011792
SHA5122bce112a766304daa2725740622d2afb6fe2221b242e4cb0276a8665d631109fbd498a57ca43f9ca67b14e52402abe900f5bac9502eac819a6617d133c1ba6a3
-
Filesize
978KB
MD58d769b5b4f0f767b2d052669ad54a5dc
SHA1157a341dfc19fd9b2de132b57fbee64f7ebee7c2
SHA25678743638e9c93f556d2add35ff8143a21f217389382dd52489ed25a5fe907cea
SHA512f76fa8fba5e8261b04d2a6979c6689d712ceed1a56ef3b2c4dd87c289ce8b8f6abf4d1a5fdd17b97503308973fdaa4117e94a61535c0ac3a786e7158f9553068