Overview

overview

1

Static

static

1

monkey-mart.html

windows10-2004-x64

1

Analysis

  • max time kernel
    1634s
  • max time network
    1643s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/04/2024, 16:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    monkey-mart.html

  • Size

    475KB

  • MD5

    ee5cffc7fb7d59f56be7ef66395e6947

  • SHA1

    528dffaa41ee4c9e6bf468ce03fd2ac09f29b7f4

  • SHA256

    ede2c92c1f495c71b29284e4da9dc02378c22a622bc918184f4eb6640905458a

  • SHA512

    6b5fca3dd2d447fb3c828823cd251ec6bf6c474a2c3b957bbbb7626a3c096ab32f4bb08dcef15677a0615f982e1dbf9e0832ceb0881e8ca69b7f4d97ade98253

  • SSDEEP

    6144:IhFtaaz65yPLhiAFl+zZqWeYaXE4RzJPOuOaLqVdqVVMs+:MSfIlPWeYX4RzJjOt

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\monkey-mart.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:216
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\monkey-mart.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2720
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62710c14-506b-4c13-a4aa-12e7b642d3a0} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" gpu
        3⤵
          PID:4336
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2324 -parentBuildID 20240401114208 -prefsHandle 2464 -prefMapHandle 2460 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3efad35-6c76-41c1-b7c4-978f5079c51e} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" socket
          3⤵
            PID:3824
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3016 -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 3060 -prefsLen 26518 -prefMapSize 244658 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35214b2f-fffb-4082-b66a-2daa3e4f2e00} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" tab
            3⤵
              PID:2020
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3548 -childID 2 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ccaa445-22ed-4942-a5ef-fc060d310265} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" tab
              3⤵
                PID:3184
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4396 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4348 -prefMapHandle 4408 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67e89ca1-d51e-4760-bd81-db6ec3cb2120} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" utility
                3⤵
                • Checks processor information in registry
                PID:3268
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5324 -childID 3 -isForBrowser -prefsHandle 5320 -prefMapHandle 5316 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06065448-6b96-4806-8f01-816dc742ea98} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" tab
                3⤵
                  PID:1332
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 4 -isForBrowser -prefsHandle 5460 -prefMapHandle 5464 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c789ffd-54e7-48c8-91fc-192ff80b0798} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" tab
                  3⤵
                    PID:2196
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 5 -isForBrowser -prefsHandle 5640 -prefMapHandle 5644 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1120 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c02e6b0a-40ea-4951-9e81-fec673db416d} 2720 "\\.\pipe\gecko-crash-server-pipe.2720" tab
                    3⤵
                      PID:3924

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\md1ejlmw.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  24KB

                  MD5

                  cf1c92a96ff41d639d9668b4827fdb8d

                  SHA1

                  cb4ae479e825bd151bd1fe27db41196a02d19c15

                  SHA256

                  0096fd807e03e9e6ce21da5a83df9d2551c6ec3664debfae66db7704af4cb862

                  SHA512

                  5565d0b159dd35d918a55e1327519fd9789a46c5fc1ca775cee49ba5d8d482e6ba5d85c9b7dc149737c536807c6f0f507813da90ddc6f1382c884ef8f55e931b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EFY7CMQ0HP3FBLFXNQPN.temp
                  Filesize

                  7KB

                  MD5

                  bfdf9a43799f6083a5e3ea1e49bce85b

                  SHA1

                  ef7748119c34090c8f2049f1594eb7673c79868d

                  SHA256

                  d010c29a6996435fe3c98ab178c6a39649c3bf7a82c96e0d18eeec8287d0b578

                  SHA512

                  0fe9f06a73f0c67094d35907b567a3aaf5bd9f2121ca8b9b12efed60f6c3821c7ceb0eebeb894a12d265b53ba74567a5306ad8efc063d7cf69038b4918a29235

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\bookmarkbackups\bookmarks-2024-04-29_11_RW-6jkHZdf2Gko5+7Nh-oQ==.jsonlz4
                  Filesize

                  1016B

                  MD5

                  f8bd84506801778be2feab54d456368d

                  SHA1

                  47c7a405bfae6c0b23e36aee6ba551d9d6b21744

                  SHA256

                  3f78d4e63af5a73d211926d9c64f3ae97eac10339b8c60ad6b97fdbcd99dc281

                  SHA512

                  2d84af2fd020f3d2df9fb56efd1f402933698995f09d2d8260ec47061cd4d031b98c854df3b011274092675ab0ff47a0bff9f82fe1ddaa59d3850e6055865edd

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  5d5994f455f6be617919cbf7e5492a28

                  SHA1

                  a0ee231eddac3b86c0929c6fed837309e75a1dd5

                  SHA256

                  97125f49d100bc79d2c031c4a259086c848897e89ba8a6364fac4573d3e2f0ef

                  SHA512

                  e868f1adff8c1a8a1a5700697efdaf8a83eef16b9b6ac26f4c8bbf68d5008b3d76f0016df71ee10fb39f0bc166a5165dde8d3c0e26650f33ece6b5174b4054fb

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  11KB

                  MD5

                  8d1b8204406946ab61a764c1bc6b3e0a

                  SHA1

                  3cbf0b8cb865b69aab8674a3eea13c888b550ba5

                  SHA256

                  0b3656cf41b608ea6055e13fc544b498b36e242fd4bfcded2fc7f38576ebaf05

                  SHA512

                  5d6e5da2b61974495ff686a8783c18f72c16c74754d53788f975a82c07eee13499f128171b4e910a6a7957aec9c927871df562caa09a99c732663c491e289e20

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  11KB

                  MD5

                  9f064f857ae495b0110a4fab5a5d9c91

                  SHA1

                  2938e3eeee9d98cbcff3b56cfcb6e52652009428

                  SHA256

                  960357f3eec6b627eb64a4d3ffcc985c338950dd10e55ebc4b787ad7aa2314b5

                  SHA512

                  482901c0143be7796552c073ae9f265a88da0538b2dfc9afbf75e1ca793af51f686abce90498b7692c81e39f965127941ff41b042e8c72749541f49ce450dd82

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\237f1edc-fe51-4311-b953-ced646893145
                  Filesize

                  671B

                  MD5

                  e50544cc6cbe86c5a2ff6b42e0579ccc

                  SHA1

                  d4f2b8b418c6baf55ecb92152f43722958d32a45

                  SHA256

                  1ad86558d6ad3a9b4c2e2dad9752413e4e6fbb6eab5b44d8e30bcbf7d34b0208

                  SHA512

                  dc49b8c8c7347749ac402ec84b704aac026dd91af240a4e2dee5e6edb6d8a00561f1deef45020aceb3cfb46b7f9dca67328adae40467eb2a4d435fa97acae565

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\4c4db00b-0dbb-44c5-b3df-26c0125e7803
                  Filesize

                  982B

                  MD5

                  78fde16d1e37e2884f783520acce0a2b

                  SHA1

                  17987366f03af1b4db3646018b8bedeebf8f110b

                  SHA256

                  c4108a5eb6def84ac355e6ba075ed06675344c3cf6dfbcd594ad255417d1bbc2

                  SHA512

                  0e499aa7a1ad2445786f7353921c6c716f005d629e98fb3e4b2e83eca0cc5ff3d0bde86f72a9361c3022acf2e5fdd0b8af3357b62871e159bce83eda21770b3a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\60707c97-ac39-4288-b705-0aab29bc9a81
                  Filesize

                  25KB

                  MD5

                  a89f0a4abd0ea99135ab2f33f7639bc6

                  SHA1

                  ae17988835fcdb87e18ce98213455a29d49adef9

                  SHA256

                  8763194cec0cff0e7dd6402b41faad3c3043dce105ab65252515a6e0a8104940

                  SHA512

                  3104ba51f5324c9fd9d2defaf0c44aef22a917a6b50e61299b5ab98051746ce842162fa4bd6e3e3e3ed928b0ca06ddd896f0cdbb814c758717370bc33fe0c2db

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\prefs-1.js
                  Filesize

                  9KB

                  MD5

                  7d4c30c780d5a5895032547896c849aa

                  SHA1

                  1a4af3fecfff89561062dea581f8734c071efdef

                  SHA256

                  6030cf429373d0c1feaf83b866230e7a8e7ac3395041cdd6b888311c48e71b99

                  SHA512

                  dc6f53b7f8f7d7cb9e3a7f5f258a46c328f1c2ac266ed5764205ea9cfbe445f138631ba9d393acaefcb69b4bc7c7779e2ad1be70586772a1606a34f92fdcc99b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\sessionstore-backups\recovery.baklz4
                  Filesize

                  1KB

                  MD5

                  dc572360ad3d3081d215e904e14b9881

                  SHA1

                  3af02bec5f5bc7cf923d4127acb84031dee03346

                  SHA256

                  2246755e2c20fceb55a72813a063db7b238b4a969b655b1a68e68ae51649e0d4

                  SHA512

                  ae7928c74c402ec5ba45f580174cef456336c03f9e722a025d9c826768dbc4d58fd5a402c8a4add197dbc71da85db9a9b01f6483a652bda720e3d3e60e208bb3

                  Download Submit