Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
-
submitted
23/04/2024, 18:32
General
-
Target
https://www.mediafire.com/folder/iyyoansxok5bt/Codex
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 17 IoCs
-
Suspicious use of SetWindowsHookEx 28 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/iyyoansxok5bt/Codex1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8a8c53cb8,0x7ff8a8c53cc8,0x7ff8a8c53cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8724 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8944 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9900 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10064 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9092 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10116 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,7881348618187129802,5376502843142249508,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7976 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\New folder\Codex.rar"2⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\New folder\Codex.rar"3⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6644.0.1068473302\181929244" -parentBuildID 20230214051806 -prefsHandle 1764 -prefMapHandle 1760 -prefsLen 22035 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1016aea5-8db2-4d66-8aaa-21c14131b0eb} 6644 "\\.\pipe\gecko-crash-server-pipe.6644" 1840 27e0d30d458 gpu4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6644.1.1954935566\893541346" -parentBuildID 20230214051806 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 22886 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09407a3a-32ec-4a91-bfae-af5daf471ea1} 6644 "\\.\pipe\gecko-crash-server-pipe.6644" 2436 27e0068a958 socket4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6644.2.1472199380\145417089" -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 2956 -prefsLen 22924 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c78c8c1-adec-4d83-ab8f-cd7ae6d9a007} 6644 "\\.\pipe\gecko-crash-server-pipe.6644" 3148 27e10433858 tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6644.3.760337010\20890374" -childID 2 -isForBrowser -prefsHandle 3760 -prefMapHandle 3756 -prefsLen 27575 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef1c6fb8-05fe-4ae9-89de-2b8b7641971b} 6644 "\\.\pipe\gecko-crash-server-pipe.6644" 3772 27e12ef3b58 tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6644.4.751168712\356797221" -childID 3 -isForBrowser -prefsHandle 5356 -prefMapHandle 5368 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0a612fe-f205-4545-9e43-03b4f64ad626} 6644 "\\.\pipe\gecko-crash-server-pipe.6644" 5376 27e143d0b58 tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6644.5.753217877\1685889454" -childID 4 -isForBrowser -prefsHandle 5520 -prefMapHandle 5524 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45fad429-5974-4243-afab-6a48d1a8cecf} 6644 "\\.\pipe\gecko-crash-server-pipe.6644" 5508 27e14428258 tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6644.6.1721749299\1465889827" -childID 5 -isForBrowser -prefsHandle 5712 -prefMapHandle 5716 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ed385a7-ca45-4065-a360-20b7a155c879} 6644 "\\.\pipe\gecko-crash-server-pipe.6644" 5700 27e1442a358 tab4⤵
-
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\Codex.rar"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Desktop\Codex.rar2⤵
- Checks processor information in registry
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56e15af8f29dec1e606c7774ef749eaf2
SHA115fbec608e4aa6ddd0e7fd8ea64c2e8197345e97
SHA256de9124e3fddde204df6a6df22b8b87a51823ba227d3e304a6a6aced9da00c74c
SHA5121c9c9acd158273749e666271a5cdb2a6aebf6e2b43b835ebcc49d5b48490cbbf4deddef08c232417cee33d4809dec9ddac2478765c1f3d7ed8ea7441f5fd1d15
-
Filesize
152B
MD53e5a2dac1f49835cf442fde4b7f74b88
SHA17b2cf4e2820f304adf533d43e6d75b3008941f72
SHA25630bd1e1bafb4502c91c1fb568372c0fb046d32a4b732e6b88ce59ea23663e4ce
SHA512933ac835894ce6cb8aac0261153823c96b6abec955173653dd56e534d644efd03aec71acb4f8cb0b9af871962296ec06cd03e570a0ac53098b8cd55657543786
-
Filesize
20KB
MD58dc2756f85fccea2e456061d06bdea5e
SHA1cdb7f846722ae88cfcca334697b1c61e7945d8ea
SHA256ff17f0a5c2b621ce0625cfd2d947bf0eabf322c95a8e75a27f42d0722329ae9e
SHA512585b17e9f72a35299cf49d23567dd29d1fbc70caef0c8374f20ed43c16bcfbbe0cb95107a88e3666b88c1d09263e2180771effeb9fdfdd8423cc08840dcf0d69
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
2KB
MD5aed59d74eff046edd7f0b4877aeb82f2
SHA1c12150488d85439568a80202c9be4882745fe38d
SHA2567b24012859007dcd241c2ec113bb263f156e3b73326ea68cf61f4ee8eac9535b
SHA5127df193e89ed2ef792e51881ce1d2aad0d0ed0f45ecc91d030c55305a796d52486299b45d90b94e369276e3c860edf286ee872ca865b8b48845797f0a289d1619
-
Filesize
2KB
MD5f41a3ec3663b3347c320b4e6cefbadd0
SHA135fb6d0a5dadf9e01d0dd8b1f928cff28262c83f
SHA2568956c7bb9c916a491c318f22ddd2cf4017b23116b33357615519cdab05c82f34
SHA5124caf60411de0fa3be73dff08020b5081723a23d6525c6d2d5364804935b569cae53e31c5bd1e1a450770a6477b5a703ad81ecf1f7533b7fd873b67ae1105304d
-
Filesize
13KB
MD50dd754b8e4ab6433d5ced31c19d8ed0f
SHA1e59cf7143c9de33b4d161221382d1ac82f832d58
SHA2566dffaa06990cf492e3d30e4557d51ba324c90855c3fb82427908b40b4e0dd400
SHA512b921fb96ecaaa6c53f83d027cc52c3fe1e3ac81828662d26942bb8555b30f00f02910daba4cfb7d9e919f3fb012e450353d1df919e28a9da786efd82c3503ade
-
Filesize
13KB
MD55217cbbe6fcb6ca09e29630c33b01396
SHA1182541e9a83886728568e51d703f9411ca313d91
SHA256c5afbe0a489a8af044f338b249b147e0413e26993d66f1bd39c2527ae1796e4d
SHA512c1ec94f9909c7dbb42357db2684fff56ed3d5a50a7d7d7ad224642ee0864a24f153b7a5760ff60d26824fc75ab91394f8bb4c8df37037f40cd207be4a1ac7bd8
-
Filesize
5KB
MD54ae2980c5c2f3b466ff4a0721a795949
SHA19241204edc1eef93c657a08352ed36e28a26e67d
SHA256c438c7f3dde132f4311177bc19312832e499fe3822bd3a7188a49f4be0be86ef
SHA51235a3e51fd7db4ef7955b8ef8cc7b6fc30bf92e250be0e287ca59a9f61a78af9e180f70e954c14c6001f9f771f68c1eb5dbde41af3b0abbaf4ce0d99ca42ed294
-
Filesize
7KB
MD5c9c1d374d6e251798a2d00e35535acdc
SHA1158f0ade17082ba167ddbad70a927f680832c339
SHA2569108821598a66d841786fe7ffbfccece4c6c8993131a79d715114800d698717f
SHA512fef62cc992927c3e39c747b495edbcc437b4a4d3949a3044d9b28ab68af00c878e0b850fe9d82cc5aa2db5339094c28039dddf0f18518bd9719fe886fdcec714
-
Filesize
9KB
MD5a3c57fb78c626b443d6fcc2b38ef8662
SHA196e571e45b6c9d7500b724d9dc901ebe5a66236d
SHA256625af4c3b3be0724e4e7bbcba8aace508484677bde366230855c52ef401f3d08
SHA5124b86123889b01083ec3372c8e84b0df85e91bb4ab10cfa02f8fdd45295021be28ffd74cf289a1955bdeb64913592fa021a2c7e1906862fc215e2e40110458924
-
Filesize
13KB
MD56f231dbb056ca8a231cf6a4d86b772a8
SHA169cd8450c3cad1a93155106f8c1a69694e6489ea
SHA2565e3694aeab9b018dd4876946a2d1b2e957828557ba385f6f13e0b3afd367f88e
SHA512046812ee7fe691c50e6d9c25c85ed689962342def4a15bb5b7cb02d3efad84f134aeafe318e27da5026d142c39934c83331978bbd44183b7ed6e83a6bb728803
-
Filesize
13KB
MD50c0212bbc571fe644d0f84cf7c6ac06e
SHA1178aef52a8d0181c276d3c565056f3a44e4e17a5
SHA25645dc1de25f49ddce5eb7e44b9156f2516b376097562f85539cb53628b656de2b
SHA5126beab997763b2e1efc1448d4644e3fb8bab5bfc97fcd245b5865247c0ae57712ab8b001a014be1dc43f4dbddcbd0c07c1eccb7f74b92a059491540efb5544ba6
-
Filesize
4KB
MD5f4daf20671aef025ab2d6e5d646824a4
SHA1902f7d2acf6a89b1dc91c9ad2addc79b5b596e5b
SHA256ca40dc5f63a9e9dc37affe701479ad0d91e14636cba4f2a3a3626e65ea52774c
SHA51292d144e511a434029910463491111f86dd6c40d3f2f6a868f826c01c039e6ed873ebdd08c44cf9d82ebd303e121e06b2c9866ace5da603e67388580a9d61b203
-
Filesize
4KB
MD53f5120ce24b0173d53395ad10a9cf6a9
SHA19e29f55ae1f9d26d660c1dc645b83f5e78628a87
SHA256be4d1931c804f085d7d309105e36723994d829b8aa7b96817454744be37d9f72
SHA512330c2cd0f0c6efa9f02ef0dcfc0ee8f4cea3e8af529f7402243ec087e6c43e2fac43d2d59454265b14729a0392827c8061c215d1f055cb868138ac3f5fcf09d8
-
Filesize
4KB
MD5a957995c7917b4ba4e0af002e5ebe43d
SHA1c2865082b7791760bd1c04924b56369df1233865
SHA256e479c73773b35a5f538b05a17cb1335c99d6b210c77ed8259159d7af1ee58b9e
SHA51244ab0ee804928c9fe8bf007bdef51c4c749df60d94feb5e1d3030df7ba311931313d6fca1dfe5d056adfd9e1b93ba15037ac5e35af3c93456298d2275a8cdd83
-
Filesize
1KB
MD5c77b32a8e1c5f8ce142af90ae9457603
SHA17f380d29a03585d7f7406ee2f7f3c14f9b304c4f
SHA256401c90e0b1af0aa41e9ca819e3d9fe5edfcdb4c1f1ff015248474dd1ad2c7957
SHA512bb99fbc33e93bf7de61ae8109fa4296ed1adb8aefdd2eb5c9b7228da5393fdf1dddfd1e437c8a545cc51d88ce434fbb2522d165311db503ca63135dc4a22bfe5
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
4KB
MD5fe8ea1c6d19b6ffc2f4de2d20ec85de2
SHA12a66daae2c3ef1abe9b51fba80bfc6a49422bc4c
SHA256dd6d3776616dee8a8bd938f7918a0e141f18caf23a921876fc035a14ca65caff
SHA512dc4aaf10d604eeb7d7f68bd2f9458e7ba14f448611d9f5a4a72212c37be5918bbd576da60bd4d8395583b94e6b551d908156eb6f7038a40bece9518f56039da9
-
Filesize
3KB
MD5f4410922182c5cb9fa4aee42a3bd864a
SHA1a75a516a9ad46748a3479225197950c92c4b178c
SHA256402e7b8f90a23bf3b8750254dc0fbf6f8b21a916f127a792c137bc1d0b8693b6
SHA512c6ff40295e5b46cd502112eda34b9201ffbd0b16b2179cb097d0ea0b389fda4648466024174c4a2ef14bab7d8df9bf854562a31c05a6c8f659b9d7eb066bd900
-
Filesize
11KB
MD5c880401c429ddf5571a43e2729cfb6dd
SHA1718517305349a15cba3f16e02faefe423e7079dd
SHA256aabf1a912f1dcfd9b1105eb1810b2a17c412a962612d99d828142fba35b7ea55
SHA512e642c9238f9364f1f231230ed4bcb743fe272b7fa0c2dd33ef0d901ca345cf73874b7da0fa9cbfb36fd74f54d99319c9e1a8c2d72b0c5a7f54acb4049be8fe52
-
Filesize
11KB
MD5b5a523f51da288141d96fc53439760bd
SHA1a247349935cb5ac6048ed204da116edb3c9809cc
SHA2561975b15c38a9b47de90f87df6fd3e227736d5f354dfd0e7ad122b23dafecb6d4
SHA512ac08ac9a74694413dd46e58c3359e5fa4a7a1e583556b6359d75a1ab5ffdaedaa0e6141e72a4d99087e4c0ff6cb4920126f77be7c4a532ac2f3090cbe3c266f1
-
Filesize
11KB
MD569721a673bce1bc43ad2b4c386679e5e
SHA1808217da2ce403c67d8632262de04174217238e3
SHA2564dbb2174b06d9751095f03ceda3393984c35f5b1ce7dc7386307780a4b2ddefe
SHA5124170e45a4fffe63a89272cf0848d32f92ca064f5e087785682a57aaad07774417e3237879092208bdae4d828fc5440afdf99801de31c426c0ed1c67c48c22a1f
-
Filesize
23KB
MD5e1b4a497e5ee5ef6519ab9d9fdac62a3
SHA1306117cec6d4127ba3deb55ca80c9f71e6d15f36
SHA256faed3873306276754e8edd2291ef5c2cb654b0db0c6442d504b62de9f965e79c
SHA51268a19da1ffd53d1378fd3a4ab2dc040e4bff8faa97daf460f3f36d36af8d59a48a47c7958b82ffff58fadf46e4a972f7516651fdd3ba568fae9e04269dfa9278
-
Filesize
7KB
MD57085ebc325570745a385fccb5426e4d7
SHA10b87b0215847eafa98de38b8f4686a68df2c03b3
SHA256ee968e4e713e6dd569994608dbaf86c68f76e2bef3a135d7ed2917bb316a5cf6
SHA512d12c816328a0e59905d5e9f2463ae7f01015feee0a2e9a97f72044bb5f6886d1e47793b9b7721a01524aa50b84a18398d1e493223ff86848d75681f6a4857919
-
Filesize
6KB
MD526ee79ed4ca99ab50cd17262580a52de
SHA1ceed428cdd070c889113db7a69829aa26d15d29c
SHA2565b1291cc5abed7b1ac2e349405602e863c93bf4e99cd200757e29ceba2caaeeb
SHA512798d102c0cb2b181cf4bce5a2e1d8af6aa18bd53df0b3d6861b5cb0df1aa6471b9ef097d9e470bbb131416b905341da8d04266687d15ee9d841f3807cf54373b
-
Filesize
6KB
MD57a66c1246fba91107bf5957c2bd0e660
SHA1ccebf28f19a7c436ca9404de62c64f5c394be7cb
SHA2566f711dbdb58f96fa5b0f7c64bbced8549b683f98a23a323030cd233a034a5e3a
SHA5129194d1194f94930d9f5c349311c9ee644f3e2df9a8f15562610b57e18dc05e366c2c62523fa9db67eaac717673d5649105c387148cfc78ee8e7f9c3d5f6732ce
-
Filesize
1KB
MD560bff3b7b07150b46b76d278eaaa721e
SHA11ed83e20ee5225f637d78bfaa54dbfd6fe9eb484
SHA256cd4b4a588985f03fa5333a3605d5897ce7da25975532e9f02ef7b7e938d8b1ab
SHA51245dc6a96367531b373c9ec7806014fbe48c23b4e29d5306bb254e1a2bcec869c4b227a62f9bd8ff2604cf79664d76371593bed7f2e82c15e33d6dd1368af3a0c
-
Filesize
1KB
MD5a5619bfc66fd5b53e9499b56465dbc11
SHA174f828b692c8d6ba7a56ad3154d825631fa7be5e
SHA256bad570a9c0decd7c6e06a62d5c29fdb3be2995c0ae78f3bd037ef1cff7ea28e8
SHA512067e21406e77540ce61ce5d467a4b8e620a63d9a3381852abf880520e67bd01d7ff228cfbdf3dfd47dda7b99399ad87a60ff252f25f77ec76e9175ad36d2523e
-
Filesize
1KB
MD56e26a2a13e0f35568f77a2fd15409273
SHA13300190bc54e0471e9233d5277f5fb2a1da66f4c
SHA256605114e81e541e378389ecf1bdf040f1abc369908e0c85b66170db5499ec5380
SHA512794b6b9b5cf752926059516855e5bd36b5a9063a6b5a8b4c25afd51f401d39cabfc07ca0980c1d73c531bc8a94580564f36aff03cf7494ef45ec2fefa4fa569b
-
Filesize
15.3MB
MD5e81c73b2fc8f6c167f71411607c9fbca
SHA1b29cc281e3ed516ca975cf31cdb607549bb8f0f2
SHA2560293f4b3f345082e764b7c179da76bdcef5bdeb63f48930628420280ae020e36
SHA51235c77269d7ae05968ac0bb22fbd2a50096448012105529eb3ce2c7e7a929441fbe2359b6e1cd02905aa7173f5968fe1e1eb8f5a5605285bcd0522b40e5380fe3
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98