Analysis
-
max time kernel
126s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
01/05/2024, 14:07
General
-
Target
http://hflawreport.net.cn
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://hflawreport.net.cn"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://hflawreport.net.cn2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1864 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d29c6e97-4012-4871-becd-70b1abffe2f2} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2424 -parentBuildID 20240401114208 -prefsHandle 2228 -prefMapHandle 2392 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fd16c5c-2ccf-4776-a6b1-9c12e11ba778} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3284 -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3040 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4ee4ee5-ba72-4f24-b97d-84a34406f7f3} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3664 -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3016 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b66b29b0-c2f8-43a5-b5fd-a18b1bab6c08} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4484 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4476 -prefMapHandle 4472 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cb55ede-497f-4640-be6e-c6f571de2ccb} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -childID 3 -isForBrowser -prefsHandle 5176 -prefMapHandle 5160 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcf6e021-1025-4213-b5f1-c78b03a70cb7} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4684 -childID 4 -isForBrowser -prefsHandle 5336 -prefMapHandle 5344 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {add4c953-5b12-4667-b58c-90811c316092} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 5 -isForBrowser -prefsHandle 5508 -prefMapHandle 5516 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0abe2c0a-a982-42ea-85ed-d4f54721ffc9} 5096 "\\.\pipe\gecko-crash-server-pipe.5096" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD55f3b76549c49e85789812d501144f780
SHA11b04e77f134be7594bd8d052f15a2a87a1996ccf
SHA256adcfb513093620d1e0d05231f78ae45c04396e4f1399690517315104d8ef6e7e
SHA5121bfe43146737e31230f5200947c0dc6f8f9a81469578ce9c22a96e4d5b760bcf45fbe0c299bf29b55ff1e5e374fb91c9c8fbd143fa1c5d2d94a0ca7ca993e022
-
Filesize
21KB
MD57658eb826d3e28c2db392fa5ea79909c
SHA1ba2ba49d3f2654a6c14e2bdbd635f4857e8c7291
SHA256c8682fefcfee628c7678baf464131e17201c58fd3dc3f4f5348343aba4c51145
SHA51265825e5e503bdc1b36664340be2b82401a64f9291e6f25f48e18bf1a90017c214452614b7f5a65218e8b98486bcea1dbd91d012bd2f9791195940893d0495246
-
Filesize
982B
MD51758baa16e29549da36567b55d13faad
SHA1a76a89665ef8f3346e29d0e089c97a446a76b3c9
SHA256640bcfebbcd2033e0c6edf87f5a00915960078c68a9519bec88ae06d08fc8750
SHA512cd5185c2d312d56abc15341e011a8a468b698056ba142314dd38455f2bfe67200a12406bcc02b65f8cb37ee8685708aa6c3754c7abb98375958a84e193205534
-
Filesize
671B
MD5f5a769a5a359bc129745b8f78c0a954e
SHA183dec11ae93ae085ee09d7622a222c777453391b
SHA256856a08c6210d15f88c1ba77ad372d722ad85cb12dda886a75eae7d67000006ed
SHA512b291217c21e5457cecdbd008a55f086c06916ee7dca0df0c04a8edcded062477fa06d58bb3576d2f78df0f91f2cf17556403b0180aa207dd3c8a044bacf678f2
-
Filesize
26KB
MD5a18344af90b12337fcbc1a683bd108b4
SHA1fdf67d13652ec88b1c72453dd764c4224df949b5
SHA2566ca631d4a1fb9843f88e04907593f95d37109324ef335e8e26dd31ad01e52973
SHA51295cd340db4aa201eeb982939520a3818038bf416c29320a784656612efbaba6ba9f5a25069a09353b98917f3eb8b37576acabceab37d5a5e59db8f595215bc83
-
Filesize
8KB
MD5fc2d82d48bc727556358913d23c3f32f
SHA11a0b4ac55baac69ad7933dd41f0de48d258663b8
SHA256d2bc3d1898f4b56a716653248ea3609055f06516932e5bf27a37b24f3347bc74
SHA5123a4e5d723093bd0b319d83c23546fc465ddccdff1d93f9a3846f7266713aaaa4da2c5bba9384de48a00cfdbe12c7a0ea8ed2e6c3e21394e16517449282468a83
-
Filesize
9KB
MD5b818ff0109cdf73128e5dab6a1eaeb18
SHA15b70abf0d88287500cd76bb4b95c1181ebc0a20c
SHA256d0f5a793b8b1d270e514837da9a54fe843da4f0351d4ef73cc4f7cb3295df70b
SHA5123fdabf5c724972a94a716735eca7dd00cfd98025be2241600365297c46a0a17184c1be4b5682725b6ab2f0ab8a6c94ef739d302155fbe76515ff355a6df25106
-
Filesize
1KB
MD5a83f14caf0fe457052088e167157708f
SHA1f7308fde6c13a40f5579fa50e53b1d42bb18a0fd
SHA256e5ee576c8236c0a63a6ac432cabf1000252ef7b347c75bf9a51e55399b5842e9
SHA512ce83c0ff321a1cb3db9f6bbc110132007a9996f3cdd45414a0d2f92737354a36b18758b5a296bcc79e1ee487d57d983a2c5027d7011498476fcb19b262ad2d17
-
Filesize
208KB
MD5ef7af80c08989d40148ebf6ab6103cb2
SHA191919118d71307e775c7564f728385bbd05b7f57
SHA2560e39dffd5c541eac9ec450443d9197b87e829dcefbc7221b3e29332d9cdfd097
SHA51240016a481bd64bec489dd84e1b552907bc87843eed1f7d09ac8ff431ab02fc6bd54f1eb3c765e5eed03b0765a6987a20ed38a7b4dbe3647fad5121d4615e9d69