Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
-
submitted
13/06/2024, 14:12
General
-
Target
http://isopik.com
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 21 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://isopik.com"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://isopik.com2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b0e27dc-add6-4bac-a406-2bbfa694a45c} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a3578c-10aa-44ef-a98c-6f456396aad8} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" socket3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3272 -childID 1 -isForBrowser -prefsHandle 3264 -prefMapHandle 3260 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fca37c50-6f6e-44b7-a507-09d57c2498b0} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e2e0deb-1501-4461-afac-e71647d4b743} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4372 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4380 -prefMapHandle 4344 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d5745e1-aeeb-4a2a-935c-ab30ee96cd71} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -childID 3 -isForBrowser -prefsHandle 5216 -prefMapHandle 3804 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f16495bc-c3e5-4519-93c7-0aca3a52764c} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 4 -isForBrowser -prefsHandle 5472 -prefMapHandle 5468 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d9b617-c868-4c77-9af0-9e8c7bf21d1e} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 5 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3ea2e5a-dc7d-4a38-8213-3351055e931d} 2228 "\\.\pipe\gecko-crash-server-pipe.2228" tab3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
18KB
MD52b6b63b5e0d0f670fc0e00bcb0ed0723
SHA184eb5f421bf33698ed19e36bbd6ba55fd5886f75
SHA256aa3cb80699e0d16f4d5b640255c059c755faf68992fa14210b6eb9ecb801dda5
SHA512bbf7e734ab217531858a62b1db06529f828f11bfd6acca27e310a580cd454212408f47675ec4d86d2deab1d0fb4f8532bccd680aa0290dde7a46f310e6312778
-
Filesize
5KB
MD582f2c42e58fcc80cb384bd0ccb033d85
SHA141b254a542b05465c9230e0f19dc8a7db685005b
SHA256f138d058c3caffe6651aaa11416dca069425491f2bd1cb84e76cd94028030818
SHA5128341acb7e788aeeb0017554610eea8e188dff50ab9663a6ed77b81417016fd006161af024af6c6f54fe65f92eba4b3cf7447364fa2bd2fe9e3b9ee35af2a47c4
-
Filesize
5KB
MD5fc53ab8d0b78dc6a0e7c7578c10327d7
SHA13d90a0807c47e19e045fef0a53530f0b26903dc9
SHA25678282d942d791b666df922f2cbe99742d673fc499fce8e9fe2039d1a5b5f8d21
SHA512ba91eae6f9b92e62807c739ecb04d520e5996ac574032a9bb5eb7f4906260c4ca6eb15ef185724ec4f1519877160740ee75ceffb87b663c3714a2c91e4a389fc
-
Filesize
13KB
MD521d18157c6a14ac3cf014278c0b9c571
SHA1c99a3757e3fed676e2fcf376ac66e57a764f26df
SHA256ec756a0307ceac3ed7a00dc19e642f9fe3b130ee7f1facda4bb3133f021df51e
SHA512635338be2026a69679607cf4e7a4c3cb90f5b3cbcec9ef795949b4de59b769673f8a38ec66db1d28cb9bef1f4f6234918cbe0f31171d9a9f115fb0cc031f4ba0
-
Filesize
982B
MD5a91d275a50af8be1b93f7a6fafb1118f
SHA19e1502ea5c3f1b00846dbec5bcbb643646418332
SHA256b62b7983f86081df352fb6e4fbeec3cc611708b91581e79947af4e31e811dabe
SHA5124dc82183f06d06dba63987c3e79861f5497c476bc705392a872e4ccefdb982652634b430db35cc431c85191049170f005de1b848365b203ee9fab0ec83c9645e
-
Filesize
24KB
MD5289174a9ee88ba7642fb741ecc6d47a0
SHA158b4bf63e73bc613ea5070854d3c79eb857a0f6d
SHA25629042b143772aef90f8071106813a9e3323cd5c8e2b99d06b212a965792c746d
SHA5126555ee50cd8e6d441f39ac2145152b8fa486ea94711546bf25672b0c321badfa6c5c58d0f2084cf8229ceee56a2fd0eb62738699b82535e10e0a76f2e41227e2
-
Filesize
671B
MD510c48b7c9897624850edfcdc4173d4d7
SHA106fcf3413b915a147c8d61cf9b2786d08e28bdc5
SHA25681d0d875ba42f9007a823c1248598a6192f1bca6a610029255056cb880c5a788
SHA51279c8703cd3af2597bff857a8ff271b1afafeb71b4bccf5f32a1eac28f5b8510ec8d425d008c24ce5efc80ecbfccb7d2247a3b1a0f5d13d6bc3442643fb7d7daf
-
Filesize
9KB
MD5bbf2c332abbcbe1314bf4ee2f8f440e6
SHA16268f664cea43faa8153dffeb7f73c9a61c4bfbe
SHA256d92df93e7cfef615f45d07fd3e56dd1322ab2d80075e9b351346da7c57976d07
SHA512a66686e2ce9f90a2b2ddadc28fc0349db2e8ad7b18d91b62ab532b74f34afab708ed6b004dd4e30b447f3189618c5f52e89eb24691e976f214338a5457d0150d
-
Filesize
8KB
MD5498c63a8a93425bce8df0e22d8b0eb7b
SHA100c44254c37d37e787bebac774ce4b5a878b5d34
SHA256733a8411f1596c1b030fbce7c84db7909b52d6433fde46a5a2b388d0940a8cf7
SHA512a620a683739d02fd58e66dd4925b43af610556b0920b3b20321302b705563c9ccff5516921c877e61a2f2ae885e1b0ec72929e9b98553be45f0fc4358c96d232
-
Filesize
9KB
MD555963377559e81119d72c3a763413474
SHA179a104a45a767bd3cab9f8fbad5db26450ecf7b2
SHA2568acb99b655a345b96d0b6e1aea827cc0c7a88b29f1871ef36ba7493e189ef396
SHA512cdd8a2868247844834c6d8e2edbc15ea6030d29a5fc272b30ad7f661004805020a682d706506a4da85eb6e8fd8f76a001c1a78d8f696b597c32773a87c11a41a
-
Filesize
1KB
MD589fc9b3478c5cae51f30903d5dda5264
SHA15a142876b316dfa1a9e0892700890475c90bcdb9
SHA256c357c58eb353d5d564c0f1bcb3880afc44a8d17b123c75647931a65bb1593180
SHA51238cbb6603cbb7989b24f12f2c3568e698a86d622c0ed90c7d38f76c828bd6c300de16726ca73cdb5e11baf4373c53a919d79baa511bae15f3949a1d32f5dce09
-
Filesize
1KB
MD534771cc66021f5bbaa09f69738393978
SHA1473f94fc00d217b5169deb7432c279e7b98af1cb
SHA256e39f7a393a0cf2d138378866cb74fb2c87e26974d1e1c142db59e55cb54f1ec7
SHA512a3c317a825d3860a206e64ad0fd5c0ba195ef07200865d26969288e218a69bf2761c4664fa320aef520b1f25a2f9a4d817c72cd7a64add80ca5607440919d40b
-
Filesize
200KB
MD5f9852f563e2cb950d860f93e6306b03c
SHA14b133be10d1c84e07e2525a325756fcafc35ae05
SHA256dfd7406f52efecf5a01e8597e88038dfb9a60ba371c59dfc8f4d639b0f164d18
SHA512e9b4266a1dfb055a3f6948fafa451278e5ce0274e00a8909dbdf11c197d0eca3597cbe56e774765a32222992ec6d8e839fa27530e1227e82f1a90a860d5ed59a