Analysis
-
max time kernel
149s -
max time network
145s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
19/04/2024, 18:15
General
-
Target
https://c00.adobe.com/v3/1439d9877f418a489fcb07a5456289e01a00aeb3702e57bdd36fc538e9789886/start?a_dl=5d5afa42a7905779a16e0b6b
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://c00.adobe.com/v3/1439d9877f418a489fcb07a5456289e01a00aeb3702e57bdd36fc538e9789886/start?a_dl=5d5afa42a7905779a16e0b6b"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://c00.adobe.com/v3/1439d9877f418a489fcb07a5456289e01a00aeb3702e57bdd36fc538e9789886/start?a_dl=5d5afa42a7905779a16e0b6b2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.0.961274030\1789597180" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1648 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {778377de-98d9-46f0-ab16-9ee573fa8ce7} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 1764 1a6a71d6658 gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.1.2121779920\178394527" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12f2d409-7b43-441e-9450-2eca408d6421} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 2140 1a694e74258 socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.2.1566470228\1528726591" -childID 1 -isForBrowser -prefsHandle 2868 -prefMapHandle 2724 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc513256-10f4-4819-a1ad-ff5bb8fd58c7} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 2736 1a6ab2d6458 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.3.1211176483\2013821794" -childID 2 -isForBrowser -prefsHandle 3196 -prefMapHandle 3100 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e752c7e1-a54d-4ee1-bdf1-75a36fa9ece3} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 3528 1a694e64858 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.4.1711049121\1587964795" -childID 3 -isForBrowser -prefsHandle 4688 -prefMapHandle 4684 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c92a6c6-23dc-468f-b27e-2bafa75d4094} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 4696 1a6ad583258 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.5.1734978913\1451306053" -childID 4 -isForBrowser -prefsHandle 4820 -prefMapHandle 4824 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6697c77c-420a-4fe7-80a6-0f44fd3f83cd} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 4812 1a6ab280b58 tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1984.6.1853306092\467296908" -childID 5 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b6cb1db-87d7-4536-95a6-ab54cbb60240} 1984 "\\.\pipe\gecko-crash-server-pipe.1984" 5004 1a6ab282958 tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD59efb07447eff0690f16b3b803d5a32d9
SHA170478acb170b862875d4086ea7cf58a3197608fe
SHA25604b0984b81bc716a6f2a9137dccaa02976a19d3cd58f7aa2d56de3e75944d993
SHA512e05193b0b0fd209b193ef09cc16ba28accff65e0f2b51bae6daa45bb5965951623a9ad34c51b70e48febb10a7e24cabdf2df224d6e88c33eab4f1d110a7f6e0e
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
Filesize
2KB
MD569beaaac01f26b4788cc1561a51a4acc
SHA1451a479a0a81b5c4373dcafed61bc9caa585c797
SHA256a1a813fc025719c1f00e4b004e169f6642e8c062a5f452394961ec0667101410
SHA512fe26ba0789b8113340b72c0dcabe8d06da83adbbbba568d1a63231f098b46497a89263b10784631c7eb458c3eb58e75681bac0f113bb1a3b403891f52e671b3d
-
Filesize
10KB
MD54b9182bbb3316d59b8a49af173b52439
SHA1874f5d5441b91b13fd8e62bec054b97038254a82
SHA25678e65fb5ee618b5c5bc47c86af00eb198667af6e4cde3b0346b509186f3c8023
SHA5120e817ecad3c783ebbd87167251fcefc22c8270f5985303d0e72c0e7ffe4163a14687f039cfa1386d68161fd952dc168834dfb72bf5da48c67e0e5d40f7a4fe61
-
Filesize
746B
MD50871e83057ae82011b44d12ec21c44c8
SHA1eaed3a23351df8193287bee91db224de01ec9f29
SHA256217960c14b5ecea2afc2ae18149710f37c0523a78bf50b1a8d70d9e7800b5ffe
SHA51205694c7bc9469c576f1c6f1278c46a557d522dd8994d56a4143694774251bbb33a8e612fbd79936f471749da71593bc8056b69b75f384e6039fcd97ce716f2b3
-
Filesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
Filesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
Filesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
Filesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
Filesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
Filesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
Filesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
9KB
MD5c764cf16a91f2737405095727721553b
SHA153e4592272f14a99095e332aabeec83d1a9428f2
SHA256f2fad7ce58edd89406c40cf78a7b89f1a060475bf9ab1d813cbb6dddb5db1de3
SHA512944ba0166264419e0ff3c5507fd329a2c20b7db4fde8cd7682b1ce877c9a42183506537b0ae82f1477edc66e25dd7b407a6c73292d3736f7ce477afd6704bb75
-
Filesize
6KB
MD59d84d357d8764f57ee425ab35be5b949
SHA177e7386b6e8b535eafc370c673f04ba31366d912
SHA2567df902d4ab65461904240b522fbce23ed5a35b9e5d0adfddc3dd241b8ab700a7
SHA51233f945345440ad34fecbd3aafbd24c69cb5d6959a2d9fc667eac0160c0d92665a40188e185f69a742e5a6f1fff98f09ef5723ab98ecfc4096575b2bac9c0d987
-
Filesize
6KB
MD56b5bea379534a3a6a67f84a7e766bfe9
SHA19850bdc9fe7de30a7d884ff6e430d5cc3c973ff6
SHA256947eb2c9aa8f1192a65350905133c4c8167c02e15af11962b0fa450e028c3207
SHA512f79f3fa05a1686724a26260fd8a77dbb288b0bbdd5442418ba5f60d2bcca5ef74b70c50fc5eedb9aa8e73b20f16bd1fa8c57cfeceee6263389a03fb8f4881271
-
Filesize
1KB
MD53e7b8e57e888d826e721c9bc4fb320ec
SHA1f9e6619d543dd92b5398460334f735dcfda21bd7
SHA2561d806b6a255128cad2aa28ddc0ffaa841b50149c39c9871de5d949f609b9171f
SHA51290d9d1024924be16238f6b2795f66de2aca70e3d191157f31993445416807f8aa36c80128aee170618062948638eb5ca241d06c728b2bf2a9f9818d282125ca3
-
Filesize
991B
MD575d037fc6be23e0e87625ac9d0f29ed9
SHA1b4085269e3a1c6a1890eb62c481aa9dc1f941464
SHA256932fbf4e9c0db4c9bb0a666e3c5fb7b536b1a3fb362519890b01b383a04c0f45
SHA51205434a263bae0ec098457991d878a72cafa2aea41f98062e78e23eb25cf51aff149b0c7c6aded3e9e0f5d49a4ce5a273e8bd8e9df7ca57965fb56ec9d758ccdd
-
Filesize
7.9MB
MD54493d9a6477435b918ec3e4cbce60aff
SHA1617fff91a5fc896cbb95e7bcf7836c9b95340ff0
SHA25608fbe5eaa9ea6ef5b5546f377baf9b08046955835546d0d36f56f3a50444d903
SHA512bf9b34b62eee1b2ea5c7f0f65fc8b4d940fe6657a8b01876363219111725af09d5077c831c73d32b92f4126e4d5f6af3ada287e0247b36d476c979ed3d96b656