Analysis
-
max time kernel
83s -
max time network
81s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25/03/2024, 16:34
General
-
Target
https://public-usa.mkt.dynamics.com/api/orgs/969b0850-6ae8-ee11-9048-6045bd00330f/r/WDnAEds1zUKHSK_VPC0_cgMAAAA
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://public-usa.mkt.dynamics.com/api/orgs/969b0850-6ae8-ee11-9048-6045bd00330f/r/WDnAEds1zUKHSK_VPC0_cgMAAAA"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://public-usa.mkt.dynamics.com/api/orgs/969b0850-6ae8-ee11-9048-6045bd00330f/r/WDnAEds1zUKHSK_VPC0_cgMAAAA2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3872.0.802161247\283739686" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9c43ebd-fee1-4186-896d-f2870eb08a78} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" 1940 1cbab9fcb58 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3872.1.141019903\1839438076" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2344 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea667767-0104-4fe2-9679-9d5011e1c2e5} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" 2368 1cbab8fd858 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3872.2.2115432827\347027214" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 3196 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b414211-4764-4159-b559-372111996fff} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" 2960 1cbaf8d5d58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3872.3.1028034264\403067136" -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8dfbb31-c98c-4fd2-a05a-eacca2c88c03} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" 3624 1cb9f060b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3872.4.1628020326\2057663622" -childID 3 -isForBrowser -prefsHandle 5092 -prefMapHandle 5088 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9531a26-0e92-4600-aa35-7f4589378a39} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" 5100 1cbb2228458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3872.5.1017990193\788454054" -childID 4 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24d4a92b-f892-4491-9dde-b270c892b659} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" 5164 1cbb222a858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3872.6.657146103\1092746359" -childID 5 -isForBrowser -prefsHandle 5364 -prefMapHandle 5368 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {995fe0d6-cb84-4948-b9d3-8d1bc0a2d6ab} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" 5356 1cbb2c21558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3872.7.1088164866\51222135" -childID 6 -isForBrowser -prefsHandle 3412 -prefMapHandle 2928 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5221de0f-c603-449f-bbb5-44eba6f16b46} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" 3404 1cbb2c23f58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3872.8.1223497447\1232175966" -childID 7 -isForBrowser -prefsHandle 5220 -prefMapHandle 3332 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b4ed6b2-64b1-400e-a276-38881b9068f9} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" 5368 1cbb3591558 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3872.9.688660947\640724724" -childID 8 -isForBrowser -prefsHandle 3604 -prefMapHandle 3600 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {475956ee-8400-46fb-a44b-4640a926302a} 3872 "\\.\pipe\gecko-crash-server-pipe.3872" 5716 1cbb08e0e58 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD54c2efdae46d2355edd35a0a0e4b6a5de
SHA1743d0d240944245db286d0d89fd8a5d1dbc31020
SHA2565b85a348c26f2f81053f62eec7c59d93ba0b38032b76c5c2586dfca73fe2621b
SHA512fd9ea70583b5ffadb35c3db7cd7a886a362872ad2250aadc06696fd05d05e37c709dfcfbd53294588b2367c8acffde049f2fc76e24cc6d7aa46ab3fda9185680
-
Filesize
10KB
MD5dfbc8c399e889475e6e740839b10b439
SHA11d28deb8a0c7ef435a23b6775e9195abb5fe84fb
SHA2565d4db544dc2341f40d723d50cb2d1c8316bcd6d5a1ab4581c78e9a8919b8977e
SHA51282c8051a7156bf8ca37b15cf4f0fa1171cfa33aae0b54f4d059470f765dde82a10fddf51af393877e32ab46decaefff73ec8e0647a2f69cada444230763cfec6
-
Filesize
746B
MD5a94744364ee248167165d3f5d92e0124
SHA127d8d92468486bd6c47ecdb70a3ba88f30369d49
SHA2561fc673180f81290c8005af544ba207bf05cc356cbe385a6dcf8e3d2f44d976b1
SHA51232f7b9f1260ab0bd7bb5f55ecb8d6fad905f566ff66045af953ac09ad2ae05dfa503cb58a542523dbd6d6e9432762c37cc2d0f40c9a20493bd2cec62d1353cef
-
Filesize
6KB
MD59c2091c33125d37e830300a4d149e341
SHA1e2812bf1aee84e25f22cdfe8e9bdc131f2476b09
SHA256230d42005123f14baf56b72046a847a5216e79c4b08964bf595465ff5a81f7d0
SHA5128a7c06d202c641215ddecbaef0d79b8964e80df6b45d2dd66c8167219b0c6d03309a2ff1e8ab74c59624807ab4fd57ad6464687dd9af1bab9d6abba2836c3252
-
Filesize
6KB
MD514df9c8f3948b7f14da312ea1e63144e
SHA18c63894202c0d45610fffc8636a920ef821a1058
SHA256c960bcf700693e0538b5606d1e4b01619e28641919d00815c9a79ad69a8c53bd
SHA51201c0f3b1025884e255d7575a8a0835c15079bb161e088e4668f30ad3f43d64495e248d617ffaf3841c2349ce6846edcfe4eb95240ea32493f83d492ed639115e
-
Filesize
6KB
MD553a23af4335fcebf29afc4c6f5d8de71
SHA16759dbb7dcd8e7b3aecb8a8222d11e2a3ac48de7
SHA2568dc7e73fe0e1c22834817d5bc5d3ae28220684dba98759190e73cbbd374e876e
SHA512ff8be50607c55a6698d5313040bdb5e18cca6b6939c9cf84e816a3412487302e896c25c760564b76032ba9764af17312ff7b207177a4815a2eedf81443ade12e
-
Filesize
3KB
MD5f42f35a95fd1e94aa6a4c511af8dac61
SHA1b5fb3b44d5badb0055572160800672352a6b1ba9
SHA25650a29cf758a5ede79dda235f4cd7527a028dd9326eced3076c4192ab570eaad0
SHA512a6aabe3c0206da0bcac3fd503fd918017f121c8a2d1e8353851af0dc9cefae96e3e8cf15d7260eca745611a3946cddd8ce56ee7b83e56c3f9452b89027164273
-
Filesize
2KB
MD58936dfd90f77b44b3a78e4e13dc52ac9
SHA1b4500017cd8ee6539a97770dfeea8bc105fd5a84
SHA25656c2b1b17b21cc2b6485125b93b2af10682e7c9bd0b77963a36681879baf5152
SHA5126a86ef05111b5ebe941734ff9293f8bbe5476744f63199c8037ec827ce84877341f2a6ca5e99b916f5189521939d90d50c511b9bf1c40ed3584ce30ce5c561b6
-
Filesize
3KB
MD56d341b0220863132d0fac3d300f391da
SHA18eb8b29f0bb3168ea639b41c52cbba5857cef5b1
SHA256efa1b221c26a8638e4ec429d66f2b6971ee4fbb6b05c38bff12d5bc579ca2128
SHA51204610c735b652a9ead0e2d001c03e7f368f5693ab4160a0014a2d10ede7aa76424366ac577b5d4462e17a2a164726fe2f4f5b5e2fd9625a5392d807e54453536
-
Filesize
3KB
MD5a91d771093b0a66b863921b413cf4577
SHA1bdcaeefa22579048940510ac7b80eea68a807d6c
SHA256cce7689feffe0ae820e59922e92809006f9a5182b7e86fff9e64ccd75951e9a6
SHA512bbb889cf206d71a73aa67c33cf508ba58afe33f8a77078557dfe058d36e909027f544ea67b16c51f493cbca2866aa6e1dd8248e483ce51f653afa43f577106d7
-
Filesize
184KB
MD58eff070195653e2a131a916680cd18c2
SHA17f5dc88fc5d5969b25d5e75cccabd37362b31a94
SHA25661c22934bcca9275d3aa4a9548828b028aaa84a0c1d977d50daeb889e02dbfd3
SHA51218ed6beca1a23e74571ee365b3c5e1b92686188178fa5481d41dd4c991286d5b3599613a870a8d371eb886f82b1b5e35be10ae82b0a95452a53f9cffed73f507