Analysis
-
max time kernel
74s -
max time network
77s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10/04/2024, 10:24
General
-
Target
https://url.uk.m.mimecastprotect.com/s/6zp6C5WEqI2DlBgFzpNc5?domain=google.co.uk
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://url.uk.m.mimecastprotect.com/s/6zp6C5WEqI2DlBgFzpNc5?domain=google.co.uk"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://url.uk.m.mimecastprotect.com/s/6zp6C5WEqI2DlBgFzpNc5?domain=google.co.uk2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.0.1815395972\959832245" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cd79f4d-3c9d-4284-a294-28deef60f8b1} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 1948 20bb9cba858 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.1.1933978423\1920009051" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24cb2b9c-4b19-4938-bb34-d28687a00ed5} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 2368 20bad272258 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.2.356556345\6058905" -childID 1 -isForBrowser -prefsHandle 3284 -prefMapHandle 3192 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67638be0-0379-49a3-a9d7-6f2d7745487c} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 2888 20bbdcef958 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.3.417339863\1663403736" -childID 2 -isForBrowser -prefsHandle 3208 -prefMapHandle 2784 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d426afc-aea1-42bf-9090-935e8f0e76b9} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 3648 20bad261f58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.4.1960705293\402061192" -childID 3 -isForBrowser -prefsHandle 4820 -prefMapHandle 4840 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ace2a840-b3c1-4af3-abaa-b10ce2972bcb} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 4884 20bbfe17d58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.5.1545755933\1056981657" -childID 4 -isForBrowser -prefsHandle 5024 -prefMapHandle 5028 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fa389a0-7a11-459f-941a-7d5680c651f4} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 5016 20bc086b858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.6.1881108385\311536518" -childID 5 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a0dc674-efa9-4f5b-a3cd-48ea0816ba99} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 5184 20bc086c458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.7.1651312223\1856289990" -childID 6 -isForBrowser -prefsHandle 3244 -prefMapHandle 3220 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9e42d18-5f2e-469b-a907-fb02b6ccc02a} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 3088 20bc175be58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.8.964910156\1738736146" -childID 7 -isForBrowser -prefsHandle 5656 -prefMapHandle 5600 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {add6eeff-b073-47bf-9e3b-4d06130b5f37} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 5648 20bc1759a58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.9.359054289\694582030" -childID 8 -isForBrowser -prefsHandle 6020 -prefMapHandle 6028 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {405260b9-a601-4d0d-9618-d2b27d198684} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 5972 20bc076ee58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.10.2085433065\815467243" -childID 9 -isForBrowser -prefsHandle 4812 -prefMapHandle 3380 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a12bfc8-315d-4569-a0c7-a2bd4ad76dc5} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 5080 20bbdc10a58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2328.11.1331261820\3606628" -childID 10 -isForBrowser -prefsHandle 4456 -prefMapHandle 5584 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ef860fd-0446-4b87-af5e-c8b49859d0a5} 2328 "\\.\pipe\gecko-crash-server-pipe.2328" 2896 20bad25b258 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5c9a8ee1fdd54afe13a34123480354360
SHA19c513c835a8b2d5c17b144b86ca281e3b9191f0d
SHA2568f4824be3135f68114d5a60436f6188e7c45aaf9bff40a20bd65dabdfebeb33a
SHA51204381959e70cd95dcef9e29b149101141a86fa5bc11465d8e8fa41f7b8b44cc9a67d57223d0f742b5f2e15027193d2eb2021a740bb60b118b8d07d04b09f13f7
-
Filesize
13KB
MD5e80701013cb131a8a20b505c620cfa43
SHA13c6d64f1b1dacac1c5dac8959194e4427b2c0c52
SHA2566f3b8fc7c867e908a33c9e7ef83700676e6155cc59205bf7048f7065e78d185f
SHA5127f3fc3aeb2dfc62f2d7e7913e13d5e7eda16c774799fae2a40e725b1c44342525dbddcd4693921690d87166ab0474554ebcbc0d36c0daad8432bac9ac6860465
-
Filesize
746B
MD5d55f95b0506746f493c78f24176ad40a
SHA1525699a667c913db836c464d16fd81a994571340
SHA256da1277c3c1519797957b94ace37510ebc1c945570c2c9ed37c1811486c5dfc84
SHA512922c1b960bffec070f9e6fcfeb7ac27f4f1338180fe1ed4d3a5d1385211571bd4d3f76d5ce927d6e190f62b1587f2411c577eba8d2208ca93002dc1124ac183b
-
Filesize
6KB
MD5b40d8f27729950b212fedf5014be4878
SHA1e1a7dc14eaf918e08fc3b6732a4a4f378c5d0d75
SHA256d2d680fa5ab4c4cf29ab135933a23ded4710241016e5feaaa9f9737f98f77c4d
SHA51271323d5c6f1bfa79fd2145070aab17da17d7c9956ce9aba66e3edba2f01d9e5110a744ee3c8f6fe5c09721791ee295271d9d408663cb213c7c3e39f7f25436a8
-
Filesize
6KB
MD5331ebca3944e66a56bd26409fa406df3
SHA11a84f4b50a6c681cecdac5b12267f610149f9ffb
SHA2562df1976862705e29c988c7d3224738b9fba99737a11bf80062e976f86b260b7b
SHA51290dd5a766cf4fcbeaf257ae60d7fb69a3285626f81d3848b6c1dbf554600b561bc929abbb8f593062aca0ced86ec17e861eb0083dd5459ba569e987184a6371f
-
Filesize
8KB
MD58436e88a249b3585b6ff5f6737bb0404
SHA10c0e35197ce660501e961eaa44744ac49cdf604e
SHA25697fcfea97990b9550b8a9d19e70b92f88d14666ca71865b1c4e92f2a171eaf3b
SHA512631954b6b33573e5836bde04164fa366a1acaa1498658e2e1055c20f166d8fd5a07dcb3ff24eaf8184b635a63fb9dd3e4b13b2243f7fbfa7de1c6bc257d69f2c
-
Filesize
2KB
MD5bec2c52eb4f91b4ed03d969311737184
SHA1a15664e87e1368e728c6202c90f1d0e81e301a8b
SHA25641cc0ab5af97ac63a463d2656b995f382e67f32f17e68870d6bc36b8882527e4
SHA5123fe44159b51a449c8f1b53141e9812aa620edac9ff630c0e026e504b6c4c40a1f8ea31d560cedd10581a29f5df94adfb104513ec99b36ba420346f5e86caf3e3
-
Filesize
4KB
MD5905dfc4b5f6bf5b1e1ad5872d7ef6774
SHA14f3d575591d6ef7fc360364c976ffbc8f3cf9446
SHA2563844ec378b0b5a3d33e345d6430987b4a400beb75ce0efa02714beb3bdbb8ec7
SHA512f249f7da9595858b9c66412919878c8c83abaa5fd44e14733b48b4704f84d3959184cf7b79a32d277de2a75b44d4ed2a209039862833f76b29edd610000aa71d
-
Filesize
25KB
MD5d133c492e2da00120e769c4a4a6f6c61
SHA1da1f0882c6b56eb9adf753152ca45aa4ce062302
SHA256925935d16a6bac4c97138be626fc95bd71640cc7b247598852c6873cb89b572e
SHA5124dd2fa172d34a0aab0c8896c93fd14c048cc71404e395092b601c0940891b60e77a1bd26149b4ff22c6c9dcb53ddd03f7eee2db2cfc40d288fd84942f154cdec
-
Filesize
2KB
MD5064939a6ba9c0fba525f3940f0cfe20c
SHA14f0019df25c51f9e26178e945cfff22fa5e46b52
SHA25698a3d0a66bff05abc2ed159d412a1c3df5fa2fc6204c7fe89971bd3b627969fb
SHA512117037eae5e1c2903be66ecd71c69e2aa09e6258ed933948dbb5b6977368c86d00fb14589baffd610f9a4ce6b72b01ea78db0a9516711256d8a20a02b3830231
-
Filesize
184KB
MD522b02edbaaf253bf0e7f7ae399ffa0df
SHA1f033ac238af8258c8d8434645a0f5c8792d35405
SHA256a6a6a137af42ece218de3c998a2a3e48990523b5cab56c5a06b5dc777fe8b6df
SHA512b1426b1b4f70d81e723bbecc87d474dfead8141e6992cf1664da98d13501bec31d00d214cf5efda7013563e857a9da20e852ac9b73503586d6dcfddc9d7851fa