Analysis
-
max time kernel
1737s -
max time network
1746s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
-
submitted
01/05/2024, 14:12
General
-
Target
https://www.youtube.com/
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.youtube.com/"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.youtube.com/2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa05e851-c7f4-412c-b471-ac33bd9fd33b} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2384 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {186c92f3-385e-4f05-8a5d-ac2d59c579e5} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3116 -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 3240 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7892f547-bdc8-44f4-9dc5-7beb69d6bfd1} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 2 -isForBrowser -prefsHandle 3964 -prefMapHandle 3960 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00c2fae7-2808-4aae-a655-85f33eae9038} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4724 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4720 -prefMapHandle 4716 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6550f45-f27d-4232-ace2-0011a7e79cbf} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5200 -childID 3 -isForBrowser -prefsHandle 5136 -prefMapHandle 5184 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32aa032c-8a04-4cef-9ad3-b494aa402e71} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -childID 4 -isForBrowser -prefsHandle 5348 -prefMapHandle 5352 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33c03661-5c21-44f6-b4b9-f4bbe54b979b} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 5 -isForBrowser -prefsHandle 5540 -prefMapHandle 5548 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db451bbf-1e5c-4cc0-a82f-8abee3e1dda8} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2804 -childID 6 -isForBrowser -prefsHandle 3540 -prefMapHandle 4100 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6442e89a-afc8-4344-895a-7446a520bc0d} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5892 -childID 7 -isForBrowser -prefsHandle 4316 -prefMapHandle 3544 -prefsLen 27603 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a17f4170-4b81-46c7-ae01-d4fdfdf0acc6} 4956 "\\.\pipe\gecko-crash-server-pipe.4956" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD59a01efaeae24defb4ab99b89b13450f7
SHA13010b295197dec9f0e636233c02ccce9c62713fc
SHA256d7d95fd4f678e55ebbfa767f7bd28bfcc955b552abd28cf99e797e77d891067f
SHA5122e118d017298f360d70a4b79fa50d13edb78b0423eed6d724eae2f8562ccda43b8af0d83b375c29c27a50cf53a2ced270f5c716df74597acd66f77bdb294f697
-
Filesize
5KB
MD583efe9d751cfead6e5331a5bd5b3cb2f
SHA1593705170f4ac3527b18c6c1805afff59d36b376
SHA25691cb4d3bdce4d01686ebba45f4ff3daa173eafb23a3af4bf67ec494daaf4598e
SHA512102a82bf920b3ac79cb2dd6cc6fe7c157d487e13f81e6234ae7b853a9fbcda721c07362378425f10049c5c969f6ed7861489fa74285db02ff03e9fd77deedc0c
-
Filesize
1004B
MD5e541f8693fdef2a1e2305e69b459c686
SHA190a9b96bb945957024e9c49d0f06c4d306b74cbb
SHA256ab882d5c276170f0302c233088ac281083ec3937b345bbd65ff23a6ba1ddaf1b
SHA512397e258c08304c0be4a16acd504c252c7ac41817ec90e1e0d1589d6d1e44cc61b78c373eb20fbe0b56e8df2eb3113de4cf8ea95d519123804fb38edcdf109bfa
-
Filesize
5KB
MD5d610de07681e55be3e69ca298f4d6b9a
SHA1d14f18673581f8a7feba925aa04dd03a1af8a8c3
SHA256dd0e5c6eb9dab3143a8a72bf0b139858430532b32b33654ed075722fd9561d9d
SHA5127de93620a84c186c019979adc853a554ae105d78549da8f9b4749ba87f67f6c97825467871c1fde99066902a173fd9ff64f70b9bbd8b02a79a4c635c8817af51
-
Filesize
23KB
MD54b35484f0a847049df368081bfab2571
SHA1e87ef7d928b6960dc4e50b5dc265a8a60f23f17b
SHA256e64d51e0378fc063c57191d61d004b6e6f3b74cb5b6520137248bb149de80736
SHA512985de0915b059b12d9bf5d1179ee26cde6170db55ac7976a842c4f4234dc16064faa7c65566bf9d2b4fa74a1a88ed2979401de9c1c12297bbdd6520a53b9986e
-
Filesize
12KB
MD536500330fe4cce272f846b979aa77bc2
SHA17187a6d2253cc63b672879ec839ad4ec522e35c0
SHA256bddd4c3bcc1c5f16fd61a834b92515d3e22c5a3a000b97ca59d4ec61219e7c17
SHA512a5135ca4b8007c402fa6aa9f27038e2775bc4fd10cb873d05d1aca29655e06a3ef4df1d4380d128e94a83d123c0ced5268a29fab066c2f6b5e1f07a7b4ae97ff
-
Filesize
671B
MD5c20aa956ce2cd3aba052b178b73a7784
SHA1d2889187a7e689ec8f2102fc25dfe76631459072
SHA2567fa8009ae72c2f0b41c0cfdc3c91360f71e35cbf6a50a5bd3b931d68099eba8e
SHA5121fd903b1bf1e301772d17c130446f7106523fa543283f68e4004ba9c07d1188f7ea7750f3d37e51ec5e94e6b15fcc0985587298ef7c4e0ea62c16881c2e16d3d
-
Filesize
982B
MD53b7f8be0be8a988e44b572678dc4bda8
SHA103cb788288ec621cab2cb7a8b5f8d0fe6bbd7a8c
SHA256523ffc271d47d015abb9542b177ea5771caff9a68704e8d317ad1bf11df2bf1f
SHA51235de70ac9040b1900d989029ea60575ffd3f14c377a79c9f62ca4a8f3c61ee7edaf5569944dea3cc9ad3885d613ee8281b37a0647e7340f1a9cfef85950b355f
-
Filesize
26KB
MD5d300ae94c84530b05110052733db1b6f
SHA100d99c0e7b6b8327df29e5f950c561d9b464983d
SHA2565194d777d0747bc2f6f25d91f86875eb755da1c0a0e92d193fcf0e58f4fc78f9
SHA5128739045ccd3374fe4b9f28272f6b250bbb6d45d63c29b4ffc2d5f904a83b93197e35224afc5b34de8f3f794820f275284568ebbad1593d3dc83a734d76ccd7b5
-
Filesize
9KB
MD52a4e4b9f6ecb2d8c7f0a586fbf1b48de
SHA10380587e99a6d62ca9306d04138a49de87856ee0
SHA256faafbb4047309cae3bef00de025f1a10a06ca3b0c64d26e165f6c32b48888cde
SHA5123d148b70aaf85576ff3a0f7e5f8d5a788568440efd07b29751d180d5d03e886bf8caac4c84105a7e070931e1ec9a181b760f61a5f51bc2504aaff6081e1c1b39
-
Filesize
8KB
MD5c38aaa1fa96cf19aaf9ba666726b4a92
SHA195427d2ef823854af3995162a826349bf029c896
SHA2567fb7179f2a1821bc4e6c6ec98170f6defed67061db3b169a5313ce0efbe6a203
SHA51283e8aa68648a72221a496490aaa20adbce8753a96dc38ee7cabc063b26acdef8806416898278fa3b4afab3853d467f12974bf629d27e49b7d4298430f19c6c02
-
Filesize
9KB
MD5508f0d14d245d19eef10a1af9820124f
SHA1cb6b344752ea350ee1e1638d6839d8282f66ebf8
SHA25631c157663971c54e165185c51b1d9265e409941bcb44a9ed780b815b357e0157
SHA512d28ab89aed1912073587dca25b340744ad509d89710ddfdfe49b64f22b93f9836c9d06a0df0bd26843f6727cf4d10d103369d57c0d9bea75ae13e35d8f4c1611
-
Filesize
8KB
MD5f91e7e9751d97b161fc756688ab5cd2a
SHA141f895e4311649a37c860972131262909de2a66e
SHA2565f840ada7c1e059c074f9278ba09ef777901e5048dd7c27dd84239e281d7d354
SHA51269a53d5fab0c074898a050cee52b9a5a2ed43bddd44083e95b45a96c7119cf4ed4191f85b5d37143dfc7a16faa4da1d43a093f58305a252cb429b34f1ffe032d
-
Filesize
1KB
MD55155a4553288f833318ef8efb444bf63
SHA19e8fe9cab2ad7fab3697e58f5855ef0f80c4b1c1
SHA256976dc29b1a98789103508962d7bee41f6246593496889fcc6ad8e6a01d5a161c
SHA512d6655e256fe500b0aeecdf41916cae00761edaf7f9077c113c11cacbf6cf5e0abbf4c3cac37c6621b753e46d97165fb16029bd380ae4aabf56c7033847702a3a
-
Filesize
1KB
MD563d437157f21c725fd2d3cb80b5e1da5
SHA15fd2d2674676958aea6e27ec80d39d5be80b8aa7
SHA25612cf05f40ad402a8f794d0994829049229a88b49bfc616b2673de04d2b5fe3f0
SHA51275656b021682f34deee5c3e3e9ab97037c994af85782579ac2efc4b04934fa30757f355d15f45c5209f779f2787f4a53d6dd4e2dda7d60701aa4b09e94f965f0
-
Filesize
1KB
MD5137ff31b14bf36a9015a9b10decb477a
SHA1e2b012af68e7cd0bf7fc53e4f104cfdf16c3f8d3
SHA256b5529b85eec63e1f35128a1efddb38f52844581451cad95c36e45629b7bbfb01
SHA512d775008a22b483d75dd80b0a9edb469c0779c5aa199e83dff92ed4320906b5db5201ac1e830afce43ba537dc33976008b7fda2dd4c6a809a822a5b05ebf4917d